Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 24 usuários online :: 0 registrados, 0 invisíveis e 24 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
CE_UmbrellaCert +1 p/ eliminar
3 participantes
Página 1 de 2
Página 1 de 2 • 1, 2 
CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Seg 09 Jun 2014, 21:16
Ola a todos e a Power Max, fiz todos os procedimentos e travei na parte, apos ZHPDiag que vc pediu: "Selecione e copie todo o texto destacado em vermelho que te passei."
Então vão os relatórios. Por favor ajude-me, esse troço é muito chato.
1 - AdwCleaner[S0]
# AdwCleaner v3.212 - Relatório criado 09/06/2014 às 20:17:21
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\4 AdwCleaner\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : CltMngSvc
[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
Serviço Deletada : NewPlayerUpdaterService
[#] Serviço Deletada : SECUREASSIST
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\DriverCure
Pasta Deletada : C:\ProgramData\Premium
Pasta Deletada : C:\ProgramData\Trymedia
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownloadnSave
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fst
Pasta Deletada : C:\Program Files (x86)\ConduitEngine
Pasta Deletada : C:\Program Files (x86)\DAEMON Tools Toolbar
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Program Files (x86)\NewPlayer
Pasta Deletada : C:\Program Files (x86)\ParetoLogic
Pasta Deletada : C:\Program Files (x86)\SearchProtect
Pasta Deletada : C:\Program Files (x86)\SupraSavings
Pasta Deletada : C:\Program Files (x86)\Uninstaller
Pasta Deletada : C:\Program Files (x86)\Vid-Saver
Pasta Deletada : C:\Program Files (x86)\uTorrentBar_PT
Pasta Deletada : C:\Program Files (x86)\fst_br_147
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\SupraSavings
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Local\Babylon
Pasta Deletada : C:\Users\Usuario\AppData\Local\Conduit
Pasta Deletada : C:\Users\Usuario\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Usuario\AppData\Local\MediaGet2
Pasta Deletada : C:\Users\Usuario\AppData\Local\NativeMessaging
Pasta Deletada : C:\Users\Usuario\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Usuario\AppData\Local\WhiteListing
Pasta Deletada : C:\Users\Usuario\AppData\Local\fst_br_147
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\BabylonToolbar
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\ConduitEngine
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\uTorrentBar_PT
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\DriverCure
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Funmoods
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\SendSpace
Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda
[!] Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Windows\SysWOW64\conduitEngine.tmp
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssist.dll
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssist.ini
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssistOff.ini
Arquivo Deletada : C:\Windows\System32\SecureAssist.ini
Arquivo Deletada : C:\Windows\System32\SecureAssist64.dll
Arquivo Deletada : C:\Windows\System32\SecureAssistOff.ini
Arquivo Deletada : C:\Users\Usuario\AppData\Local\funmoods-speeddial.crx
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-1
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-2
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-3
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-4
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-5
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-6
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-7
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-1
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-2
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-3
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-4
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-5
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-6
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-7
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Chave Deletedo : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\Conduit.Engine
Chave Deletedo : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Chave Deletedo : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Chave Deletedo : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chave Deletedo : HKLM\SOFTWARE\Classes\f
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerR_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerR_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058028.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058028.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058028.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058028.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058488.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058488.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058488.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058488.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{76A60138-58B3-4E27-85FB-8FEF344A8998}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{075FB993-E0E5-42BC-9558-BE07965E184A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511801128}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511841188}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522802228}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522842288}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555805528}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555845588}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566806628}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566846688}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544804428}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544844488}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511801128}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511841188}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{075FB993-E0E5-42BC-9558-BE07965E184A}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511801128}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511841188}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511801128}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511841188}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{075FB993-E0E5-42BC-9558-BE07965E184A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AB766AB-5158-4FEC-BCEA-63011D557AC4}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98CF5C81-F030-4229-A447-CEBA878C8F86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C864C41E-BD59-4D7C-A470-13742DE56710}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511801128}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511841188}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522802228}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522842288}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555805528}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555845588}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566806628}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566846688}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511801128}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511841188}
Valor Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Cr_Installer
Chave Deletedo : HKCU\Software\dt soft\daemon tools toolbar
Chave Deletedo : HKCU\Software\ExpressFiles
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\IM
Chave Deletedo : HKCU\Software\ImInstaller
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\ParetoLogic
Chave Deletedo : HKCU\Software\suprasavings
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\Toolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\conduitEngine
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\Rr Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Supra Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\suprasavings
Chave Deletedo : HKCU\Software\AppDataLow\Software\uTorrentBar_PT
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\conduitEngine
Chave Deletedo : HKLM\Software\DealPly
Chave Deletedo : HKLM\Software\dt soft\daemon tools toolbar
Chave Deletedo : HKLM\Software\ExpressFiles
Chave Deletedo : HKLM\Software\ImInstaller
Chave Deletedo : HKLM\Software\installedbrowserextensions
Chave Deletedo : HKLM\Software\Rr Savings
Chave Deletedo : HKLM\Software\SearchProtect
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Trymedia Systems
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\uTorrentBar_PT
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_PT Toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_br_147_is1
Chave Deletedo : [x64] HKLM\SOFTWARE\installedbrowserextensions
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : [x64] HKLM\SOFTWARE\Rr Savings
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16455
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v35.0.1916.114
[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [26749 octets] - [09/06/2014 20:10:54]
AdwCleaner[S0].txt - [20774 octets] - [09/06/2014 20:17:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20835 octets] ##########
Então vão os relatórios. Por favor ajude-me, esse troço é muito chato.
1 - AdwCleaner[S0]
# AdwCleaner v3.212 - Relatório criado 09/06/2014 às 20:17:21
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\4 AdwCleaner\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : CltMngSvc
[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
Serviço Deletada : NewPlayerUpdaterService
[#] Serviço Deletada : SECUREASSIST
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\DriverCure
Pasta Deletada : C:\ProgramData\Premium
Pasta Deletada : C:\ProgramData\Trymedia
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownloadnSave
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fst
Pasta Deletada : C:\Program Files (x86)\ConduitEngine
Pasta Deletada : C:\Program Files (x86)\DAEMON Tools Toolbar
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Program Files (x86)\NewPlayer
Pasta Deletada : C:\Program Files (x86)\ParetoLogic
Pasta Deletada : C:\Program Files (x86)\SearchProtect
Pasta Deletada : C:\Program Files (x86)\SupraSavings
Pasta Deletada : C:\Program Files (x86)\Uninstaller
Pasta Deletada : C:\Program Files (x86)\Vid-Saver
Pasta Deletada : C:\Program Files (x86)\uTorrentBar_PT
Pasta Deletada : C:\Program Files (x86)\fst_br_147
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\SupraSavings
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Local\Babylon
Pasta Deletada : C:\Users\Usuario\AppData\Local\Conduit
Pasta Deletada : C:\Users\Usuario\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Usuario\AppData\Local\MediaGet2
Pasta Deletada : C:\Users\Usuario\AppData\Local\NativeMessaging
Pasta Deletada : C:\Users\Usuario\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Usuario\AppData\Local\WhiteListing
Pasta Deletada : C:\Users\Usuario\AppData\Local\fst_br_147
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\BabylonToolbar
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\ConduitEngine
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\uTorrentBar_PT
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\DriverCure
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Funmoods
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\SendSpace
Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda
[!] Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Windows\SysWOW64\conduitEngine.tmp
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssist.dll
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssist.ini
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssistOff.ini
Arquivo Deletada : C:\Windows\System32\SecureAssist.ini
Arquivo Deletada : C:\Windows\System32\SecureAssist64.dll
Arquivo Deletada : C:\Windows\System32\SecureAssistOff.ini
Arquivo Deletada : C:\Users\Usuario\AppData\Local\funmoods-speeddial.crx
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-1
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-2
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-3
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-4
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-5
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-6
Arquivo Deletada : C:\Windows\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\2405a8b4-dae2-4900-893e-cc5220341a27-7
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-1.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-1
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-2.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-2
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-3.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-3
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-4
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-5
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-6.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-6
Arquivo Deletada : C:\Windows\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-7.job
Arquivo Deletada : C:\Windows\System32\Tasks\a83e159d-baf8-4d3b-a47d-e471b17a590a-7
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Chave Deletedo : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\Conduit.Engine
Chave Deletedo : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Chave Deletedo : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Chave Deletedo : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chave Deletedo : HKLM\SOFTWARE\Classes\f
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerR_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\InstallManagerR_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058028.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058028.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058028.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058028.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058488.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058488.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058488.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0058488.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{76A60138-58B3-4E27-85FB-8FEF344A8998}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{075FB993-E0E5-42BC-9558-BE07965E184A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511801128}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511841188}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522802228}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522842288}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555805528}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555845588}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566806628}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566846688}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544804428}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544844488}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511801128}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511841188}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{075FB993-E0E5-42BC-9558-BE07965E184A}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511801128}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511841188}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E0301295-AB3E-4AF3-979F-3D453C5F9F48}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511801128}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511841188}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{075FB993-E0E5-42BC-9558-BE07965E184A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AB766AB-5158-4FEC-BCEA-63011D557AC4}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98CF5C81-F030-4229-A447-CEBA878C8F86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C864C41E-BD59-4D7C-A470-13742DE56710}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E0301295-AB3E-4AF3-979F-3D453C5F9F48}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511801128}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511841188}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522802228}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522842288}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555805528}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555845588}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566806628}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566846688}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511801128}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511841188}
Valor Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Cr_Installer
Chave Deletedo : HKCU\Software\dt soft\daemon tools toolbar
Chave Deletedo : HKCU\Software\ExpressFiles
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\IM
Chave Deletedo : HKCU\Software\ImInstaller
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\ParetoLogic
Chave Deletedo : HKCU\Software\suprasavings
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\Toolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\conduitEngine
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\Rr Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Supra Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\suprasavings
Chave Deletedo : HKCU\Software\AppDataLow\Software\uTorrentBar_PT
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\conduitEngine
Chave Deletedo : HKLM\Software\DealPly
Chave Deletedo : HKLM\Software\dt soft\daemon tools toolbar
Chave Deletedo : HKLM\Software\ExpressFiles
Chave Deletedo : HKLM\Software\ImInstaller
Chave Deletedo : HKLM\Software\installedbrowserextensions
Chave Deletedo : HKLM\Software\Rr Savings
Chave Deletedo : HKLM\Software\SearchProtect
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Trymedia Systems
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\uTorrentBar_PT
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_PT Toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_br_147_is1
Chave Deletedo : [x64] HKLM\SOFTWARE\installedbrowserextensions
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : [x64] HKLM\SOFTWARE\Rr Savings
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16455
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v35.0.1916.114
[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [26749 octets] - [09/06/2014 20:10:54]
AdwCleaner[S0].txt - [20774 octets] - [09/06/2014 20:17:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20835 octets] ##########
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Re: CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Seg 09 Jun 2014, 21:18
2 - zoek-results
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Usuario on 09/06/2014 at 20:25:08,42.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\5 Zoek\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
09/06/2014 20:29:21 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3148761829-2675718000-1710086865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{096EB795-ADB0-43FB-8CE6-5E6E28C6C8EE} deleted successfully
HKEY_USERS\S-1-5-21-3148761829-2675718000-1710086865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6E34507B-10D3-9DA3-91A9-3A8854424C5F} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Usuario\AppData\Roaming\dll-files.com deleted
C:\Users\Usuario\AppData\Roaming\Thinstall deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Usuario\AppData\Local\CRE deleted
C:\Users\Usuario\AppData\Local\Thinstall deleted
C:\Users\Usuario\AppData\Local\cache deleted
C:\Users\Usuario\AppData\LocalLow\TB deleted
C:\user.js deleted
C:\Windows\Syswow64\tmp20F9.tmp deleted
C:\Windows\Syswow64\tmp2109.tmp deleted
C:\Windows\Syswow64\tmp6B41.tmp deleted
C:\Windows\Syswow64\tmp6B42.tmp deleted
"C:\PROGRA~2\SearchSnacks\Service\sssvc.exe" deleted
"C:\Users\Usuario\AppData\Roaming\Temp" deleted
"C:\PROGRA~2\SearchSnacks" not deleted
"C:\PROGRA~2\SearchSnacks\Service" not deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/06/2014 23:06]
nhngmhpfanhnpmmnobhepkajnhonlioe - C:\ProgramData\DownloadnSave\nhngmhpfanhnpmmnobhepkajnhonlioe.crx[]
Docs - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhngmhpfanhnpmmnobhepkajnhonlioe deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?ocid=EIE9HP&PC=UP50"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?ocid=EIE9HP&PC=UP50"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3148761829-2675718000-1710086865-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_USERS\S-1-5-21-3148761829-2675718000-1710086865-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\Usuario\Desktop\DLL-Files.com FIXER.lnk - C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
C:\Users\Usuario\Desktop\EVGA Precision X.lnk - C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
C:\Users\Usuario\Desktop\G27 PROFILER.lnk - C:\Program Files (x86)\Logitech\Gaming Software\LWEMon.exe
C:\Users\Usuario\Desktop\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\Desktop\JDownloader.lnk - C:\Program Files (x86)\JDownloader\JDownloader.exe
C:\Users\Usuario\Desktop\Painel de controle da NVIDIA.lnk -
C:\Users\Usuario\Desktop\Photoshop.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe
C:\Users\Usuario\Desktop\Windows Doctor.lnk - C:\Program Files (x86)\Windows Doctor\WindowsDoctor.exe
C:\Users\Usuario\Desktop\RACING GAMES\ACTC.lnk - C:\Program Files (x86)\ACTC\ACTC.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\Formula Truck 2013.lnk - C:\Program Files (x86)\FTruck2013\FTruck.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\Formula Truck.lnk - C:\Program Files (x86)\FTruck\FTruck.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\Game Stock Car Extreme.lnk - C:\GSC2013\GSC.exe +fullpro
C:\Users\Usuario\Desktop\RACING GAMES\GSC - 2010.lnk - C:\Program Files (x86)\GSC\GSC.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\GSC - 2012.lnk - C:\Program Files (x86)\GSC2012\GSC.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\GSC - 2013.lnk - C:\GSC2013\GSC.exe +fullpro
C:\Users\Usuario\Desktop\RACING GAMES\GTR 2.lnk - C:\Program Files (x86)\GTR2\GTR2.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\GTR Evolution.lnk - C:\Program Files (x86)\SimBin\GTR Evolution Offline\Race07.exe
C:\Users\Usuario\Desktop\RACING GAMES\Kart Racing Pro.lnk - C:\Program Files (x86)\Kart Racing Pro\kart.exe +fullpro
C:\Users\Usuario\Desktop\RACING GAMES\Race Injection.lnk - C:\Program Files (x86)\SimBin\Race Injection\Race_Steam.exe +fullpro
C:\Users\Usuario\Desktop\RACING GAMES\Race On Offline.lnk - C:\Program Files (x86)\SimBin\Race on Offline\Race07.exe skin=raceon
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - BRASIL.lnk - E:\Rfactor\rfactor BRASIL\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - DTM 2007-12.lnk - E:\Rfactor\rfactor DTM 2007 2010 2011\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - DTM 2013 T5 Series.lnk - E:\Rfactor\rfactor DTM 2013 T5 Series\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - DTM 2013.lnk - E:\Rfactor\rfactor DTM 2013\rFactor.exe
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - ENDURACERS PORSCHES C CUP.lnk - E:\Rfactor\rfactor Endurace Series\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - ENDURACERS SP2.1.lnk - E:\Rfactor\rfactor Endurace Series SP2.1\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - F1 2010 11 12 PAKO.lnk - E:\Rfactor\rfactor F1 2010 2.0-2011 1.0 2012 1.0 PAKO\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - F1 2011 SANDROX.lnk - E:\Rfactor\rfactor F1 2011 RMT RFT Sandrox\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - F1 2012 VFR RMT SX.lnk - E:\Rfactor\rfactor F1 2012 VFR\rFactor.exe +fuillproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - F1 2013 IMT.lnk - E:\Rfactor\rfactor F1 2013 ERRC\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - F1 85-88.lnk - E:\Rfactor\rfactor F1 1985 MVCR 1988 LE\rFactor.exe -fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - FIA GT 2004.lnk - E:\Rfactor\rfactor FIA GT 2004 GTR 2 CONVERSION\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - FIA GT1 2010-11-12 - GTM 2011 - BES 2012.lnk - E:\Rfactor\rfactor FIA GT1 2010-11 Fred-12 - GTM 2011 - BPE 2012\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - FIA GT3 2010 ITAIPAVA 2011.lnk - E:\Rfactor\rfactor FIA GT3 2010 Sandro e gpfan 1.3 full\rFactor.exe -fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - KART.lnk - E:\Rfactor\rfactor World Kart 2.1\rFactor.exe
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - SUPER GT JAPÃO.lnk -
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - V8 SUPERCARS.lnk - E:\Rfactor\rfactor V8 Supercars\rFactor.exe +fullproc
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\AutoCAD 2013 - English.lnk - C:\Program Files (x86)\Autodesk\AutoCAD 2013\acad.exe /product ACAD /language "en-US"
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Leo's FFB Tuner.lnk - C:\Program Files (x86)\Leo's FFB Tuner\Leo's FFB Tuner.exe
C:\Users\Public\Desktop\LG Burning Tools.lnk - C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe -ScParameter=65
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Microsoft Fix it Center.lnk -
C:\Users\Public\Desktop\Paint.NET.lnk - C:\Program Files (x86)\Paint.NET\PaintDotNet.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Public\Desktop\µTorrent.lnk -
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk - C:\Program Files (x86)\7-Zip\7zFM.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk - C:\Program Files (x86)\7-Zip\7-zip.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk - C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe /register
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Doctor.lnk - C:\Program Files (x86)\Windows Doctor\WindowsDoctor.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Photoshop - Atalho.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nhngmhpfanhnpmmnobhepkajnhonlioe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentExplorer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fst_br_147 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upfst_br_147.exe deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R6NAD5V will be deleted at reboot
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AI8SG0H3 will be deleted at reboot
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2K0RTLP will be deleted at reboot
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GERGLX5M will be deleted at reboot
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=411 folders=49 28624324 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Usuario\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Usuario on 09/06/2014 at 20:25:08,42.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\5 Zoek\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
09/06/2014 20:29:21 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3148761829-2675718000-1710086865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{096EB795-ADB0-43FB-8CE6-5E6E28C6C8EE} deleted successfully
HKEY_USERS\S-1-5-21-3148761829-2675718000-1710086865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6E34507B-10D3-9DA3-91A9-3A8854424C5F} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Usuario\AppData\Roaming\dll-files.com deleted
C:\Users\Usuario\AppData\Roaming\Thinstall deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Usuario\AppData\Local\CRE deleted
C:\Users\Usuario\AppData\Local\Thinstall deleted
C:\Users\Usuario\AppData\Local\cache deleted
C:\Users\Usuario\AppData\LocalLow\TB deleted
C:\user.js deleted
C:\Windows\Syswow64\tmp20F9.tmp deleted
C:\Windows\Syswow64\tmp2109.tmp deleted
C:\Windows\Syswow64\tmp6B41.tmp deleted
C:\Windows\Syswow64\tmp6B42.tmp deleted
"C:\PROGRA~2\SearchSnacks\Service\sssvc.exe" deleted
"C:\Users\Usuario\AppData\Roaming\Temp" deleted
"C:\PROGRA~2\SearchSnacks" not deleted
"C:\PROGRA~2\SearchSnacks\Service" not deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/06/2014 23:06]
nhngmhpfanhnpmmnobhepkajnhonlioe - C:\ProgramData\DownloadnSave\nhngmhpfanhnpmmnobhepkajnhonlioe.crx[]
Docs - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhngmhpfanhnpmmnobhepkajnhonlioe deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?ocid=EIE9HP&PC=UP50"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?ocid=EIE9HP&PC=UP50"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3148761829-2675718000-1710086865-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_USERS\S-1-5-21-3148761829-2675718000-1710086865-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\Usuario\Desktop\DLL-Files.com FIXER.lnk - C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
C:\Users\Usuario\Desktop\EVGA Precision X.lnk - C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
C:\Users\Usuario\Desktop\G27 PROFILER.lnk - C:\Program Files (x86)\Logitech\Gaming Software\LWEMon.exe
C:\Users\Usuario\Desktop\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\Desktop\JDownloader.lnk - C:\Program Files (x86)\JDownloader\JDownloader.exe
C:\Users\Usuario\Desktop\Painel de controle da NVIDIA.lnk -
C:\Users\Usuario\Desktop\Photoshop.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe
C:\Users\Usuario\Desktop\Windows Doctor.lnk - C:\Program Files (x86)\Windows Doctor\WindowsDoctor.exe
C:\Users\Usuario\Desktop\RACING GAMES\ACTC.lnk - C:\Program Files (x86)\ACTC\ACTC.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\Formula Truck 2013.lnk - C:\Program Files (x86)\FTruck2013\FTruck.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\Formula Truck.lnk - C:\Program Files (x86)\FTruck\FTruck.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\Game Stock Car Extreme.lnk - C:\GSC2013\GSC.exe +fullpro
C:\Users\Usuario\Desktop\RACING GAMES\GSC - 2010.lnk - C:\Program Files (x86)\GSC\GSC.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\GSC - 2012.lnk - C:\Program Files (x86)\GSC2012\GSC.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\GSC - 2013.lnk - C:\GSC2013\GSC.exe +fullpro
C:\Users\Usuario\Desktop\RACING GAMES\GTR 2.lnk - C:\Program Files (x86)\GTR2\GTR2.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\GTR Evolution.lnk - C:\Program Files (x86)\SimBin\GTR Evolution Offline\Race07.exe
C:\Users\Usuario\Desktop\RACING GAMES\Kart Racing Pro.lnk - C:\Program Files (x86)\Kart Racing Pro\kart.exe +fullpro
C:\Users\Usuario\Desktop\RACING GAMES\Race Injection.lnk - C:\Program Files (x86)\SimBin\Race Injection\Race_Steam.exe +fullpro
C:\Users\Usuario\Desktop\RACING GAMES\Race On Offline.lnk - C:\Program Files (x86)\SimBin\Race on Offline\Race07.exe skin=raceon
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - BRASIL.lnk - E:\Rfactor\rfactor BRASIL\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - DTM 2007-12.lnk - E:\Rfactor\rfactor DTM 2007 2010 2011\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - DTM 2013 T5 Series.lnk - E:\Rfactor\rfactor DTM 2013 T5 Series\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - DTM 2013.lnk - E:\Rfactor\rfactor DTM 2013\rFactor.exe
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - ENDURACERS PORSCHES C CUP.lnk - E:\Rfactor\rfactor Endurace Series\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - ENDURACERS SP2.1.lnk - E:\Rfactor\rfactor Endurace Series SP2.1\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - F1 2010 11 12 PAKO.lnk - E:\Rfactor\rfactor F1 2010 2.0-2011 1.0 2012 1.0 PAKO\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - F1 2011 SANDROX.lnk - E:\Rfactor\rfactor F1 2011 RMT RFT Sandrox\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - F1 2012 VFR RMT SX.lnk - E:\Rfactor\rfactor F1 2012 VFR\rFactor.exe +fuillproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - F1 2013 IMT.lnk - E:\Rfactor\rfactor F1 2013 ERRC\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - F1 85-88.lnk - E:\Rfactor\rfactor F1 1985 MVCR 1988 LE\rFactor.exe -fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - FIA GT 2004.lnk - E:\Rfactor\rfactor FIA GT 2004 GTR 2 CONVERSION\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - FIA GT1 2010-11-12 - GTM 2011 - BES 2012.lnk - E:\Rfactor\rfactor FIA GT1 2010-11 Fred-12 - GTM 2011 - BPE 2012\rFactor.exe +fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - FIA GT3 2010 ITAIPAVA 2011.lnk - E:\Rfactor\rfactor FIA GT3 2010 Sandro e gpfan 1.3 full\rFactor.exe -fullproc
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - KART.lnk - E:\Rfactor\rfactor World Kart 2.1\rFactor.exe
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - SUPER GT JAPÃO.lnk -
C:\Users\Usuario\Desktop\RACING GAMES\rFactor - V8 SUPERCARS.lnk - E:\Rfactor\rfactor V8 Supercars\rFactor.exe +fullproc
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\AutoCAD 2013 - English.lnk - C:\Program Files (x86)\Autodesk\AutoCAD 2013\acad.exe /product ACAD /language "en-US"
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Leo's FFB Tuner.lnk - C:\Program Files (x86)\Leo's FFB Tuner\Leo's FFB Tuner.exe
C:\Users\Public\Desktop\LG Burning Tools.lnk - C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe -ScParameter=65
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Microsoft Fix it Center.lnk -
C:\Users\Public\Desktop\Paint.NET.lnk - C:\Program Files (x86)\Paint.NET\PaintDotNet.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Public\Desktop\µTorrent.lnk -
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk - C:\Program Files (x86)\7-Zip\7zFM.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk - C:\Program Files (x86)\7-Zip\7-zip.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk - C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe /register
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Doctor.lnk - C:\Program Files (x86)\Windows Doctor\WindowsDoctor.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Photoshop - Atalho.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nhngmhpfanhnpmmnobhepkajnhonlioe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentExplorer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fst_br_147 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upfst_br_147.exe deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0R6NAD5V will be deleted at reboot
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AI8SG0H3 will be deleted at reboot
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2K0RTLP will be deleted at reboot
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GERGLX5M will be deleted at reboot
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=411 folders=49 28624324 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Usuario\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Re: CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Seg 09 Jun 2014, 21:19
3 - ZHPDiag
~ Relatório do ZHPDiag v2014.6.9.87 - Nicolas Coolman (09/06/2014)
~ Iniciado por Usuario (09/06/2014 20:52:02)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.2.1012
SUPERAntiSpyware v5.7.1018
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.10
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.1.3 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8190 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 193 GB (41%) free of 466 GB
---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 193 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 552 Go of 1397 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 04:24:46.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A19DB004D954BBC9C4EC125711E1D1C2] - (.Microsoft Corporation - Internet Extensions for Win32.) (.10/12/2012 - 14:03:44.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.20/11/2010 - 00:23:36.) -- C:\Windows\system32\Drivers\AFD.sys [499712]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.FAF015B07E3A2874A790A39B7D2C579F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.20/11/2010 - 00:27:44.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 04:33:48.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/504
~ Mes musiques (My Musics) : 1/13938
~ Mes Favoris (My Favorites) : 1/284
~ Mes Documents (My Documents) : 1/301
~ Mon Bureau (My Desktop) : 1/228
~ Menu demarrer (Programs) : 1/48
~ Hidden Files: Scanned in 00mn 18s
---\\ Processos lançados
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2240]
[MD5.A6D772AA861E673636D48B6EB452ADE3] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [98696] [PID.2988]
[MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.1144]
[MD5.44FE94FCDF97E574B6986C5A81758628] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840] [PID.2820]
[MD5.F5546A846F16DB4578DF72F30AACB1FC] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8066560] [PID.864]
[MD5.718D79F2E7EC3AFFD3661DA81F93BBEA] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [413128] [PID.948]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1484]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1948]
[MD5.F431DC5D94F4B2FDBC927655D8A9B10E] - (.Autodesk, Inc. - Content Service.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232] [PID.2004]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.1288]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2132]
[MD5.C22ADABFABBC2B7AC189C87D87B1ABD6] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696] [PID.2304]
~ Processes Running: Scanned in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3148761829-2675718000-1710086865-1000\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B187C997-A3C4-41FF-9264-903D12E3B711}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B187C997-A3C4-41FF-9264-903D12E3B711}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B187C997-A3C4-41FF-9264-903D12E3B711}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Protect Monitor (ProtectMonitor) . (...) - C:\Program Files\PCDApp\StartHelp.exe =>Trojan.BitCoinMiner
O23 - Service: Search Snacks Client Service (sssvc) . (...) - C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe (.not file.)
~ Services: 12 Legitimates Filtered in 00mn 10s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl] (...) -- C:\Users\Usuario\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\MinibarChrome.exe (.not file.) [0] =>PUP.Minibar
[MD5.00000000000000000000000000000000] [APT] [{751EF41F-FB85-45AD-9710-D45E234BC5AB}] (...) -- C:\Users\Usuario\Downloads\rfactor Formula 1 2011 FSONECLUB v1.0\fsoneclub_2011_v1.0.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\DLL-files.com Fixer_UPDATES [296]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 26c369d3-9db7-4fb8-b602-399276538202 [514]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 714edc0e-17e5-4ec2-9d9e-4e207604f554 [514]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 03s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (ssnfd) . (.Search Snacks - Search Snacks Driver x64.) - C:\Windows\System32\drivers\ssnfd.sys
~ Drivers: 99 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: 2010 IndyCar Trackpack - (...) [HKCU][64Bits] -- 2010 IndyCar Trackpack
O42 - Logiciel: ACTC (remove only) - (...) [HKLM][64Bits] -- ACTC
O42 - Logiciel: Bathurst v1.5 (2010 V8SC) - (.Team ORSM.) [HKLM][64Bits] -- {DDD54BB5-416B-41AE-A67A-F7BAC01C6CA1}_is1
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM][64Bits] -- ContentExplorer =>PUP.ContentExplorer
O42 - Logiciel: EF Magnificent Park Int - (.LMT.) [HKLM][64Bits] -- {92397E5A-186B-4806-8001-CE54A1449BF8}_is1
O42 - Logiciel: EnduranceSeries Addon (UNOFFICIAL) V3.00 - (...) [HKLM][64Bits] -- EnduranceSeries Addon (UNOFFICIAL) V3.00
O42 - Logiciel: F1 1977 LE v1.1 - (...) [HKCU][64Bits] -- F1 1977 LE v1.1
O42 - Logiciel: F1 2001RMT 2.00 - (...) [HKLM][64Bits] -- F1 2001RMT 2.00
O42 - Logiciel: F1 RMT 2011 Patch v1.01 - (...) [HKLM][64Bits] -- F1 RMT 2011 Patch v1.01
O42 - Logiciel: F1RFT 2008 V3 Trackpack 2 3.1 - (...) [HKLM][64Bits] -- F1RFT 2008 V3 Trackpack 2
O42 - Logiciel: F1RFT 2008 V3 Trackpack 3.0 - (...) [HKLM][64Bits] -- F1RFT 2008 V3 Trackpack
O42 - Logiciel: F1RFT 2012 DEMO - (...) [HKLM][64Bits] -- F1RFT 2012 DEMO
O42 - Logiciel: F1RMT 2001 TrackPack Uninstall - (...) [HKLM][64Bits] -- F1RMT 2001 TrackPack Uninstall
O42 - Logiciel: F1RMT 2012 0.85 - (...) [HKLM][64Bits] -- F1RMT 2012 0.85
O42 - Logiciel: F1_2011_F1R_V5.0 - (...) [HKCU][64Bits] -- F1_2011_F1R_V5.0
O42 - Logiciel: Formula Truck 2013 versão 1.10 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {D2F8554C-14CF-4313-A732-B59D9B20C3AD}_is1
O42 - Logiciel: Formula Truck versão 1.00 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {B6D220AC-B024-43CE-820C-4E7F395DD006}_is1
O42 - Logiciel: Free_Ven_s_pro 25 - (.setup.) [HKLM][64Bits] -- Free_Ven_s_pro 25
O42 - Logiciel: GAME STOCK CAR versão 1.600 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {7786E684-E12B-4738-85B4-7F2A65AF87C7}_is1
O42 - Logiciel: GTR Evolution - (.SimBin.) [HKLM][64Bits] -- GTR Evolution_1.1.1.2_is1
O42 - Logiciel: Game Stock Car Extreme versão 1.15 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {0DDE356A-68FA-4768-A94E-B7BE98EB4259}_is1
O42 - Logiciel: Leo's FFB Tuner - (.Nick 'Kosmo' Rammos.) [HKLM][64Bits] -- {7BFA6779-7690-4ED1-AE16-B948742E2FDE}
O42 - Logiciel: Mediaa_Play_AIR_1.4 - (.enter.) [HKLM][64Bits] -- Mediaa_Play_AIR_1.4
O42 - Logiciel: Mod DTM v3.5 - (.Race-Online.) [HKLM][64Bits] -- {4A091FC6-6DFE-4CB0-BF45-D90AB2353226}
O42 - Logiciel: Mod VFR F1 2014 V1.0 - (...) [HKCU][64Bits] -- Mod VFR F1 2014 V1.0
O42 - Logiciel: Monza F1 CM 2011 also singapore and new brazil - (...) [HKLM][64Bits] -- Monza F1 CM 2011 also singapore and new brazil
O42 - Logiciel: PC Data App - (...) [HKLM][64Bits] -- PCData App =>Trojan.BitCoinMiner
O42 - Logiciel: Queensland Raceway 1.00 - (...) [HKCU][64Bits] -- Queensland Raceway 1.00
O42 - Logiciel: Race Injection - (...) [HKLM][64Bits] -- Race Injection_is1
O42 - Logiciel: Race On - (.SimBin.) [HKLM][64Bits] -- Race On_is1
O42 - Logiciel: Red Bull Ring 2010 - The Prologue - (...) [HKCU][64Bits] -- Red Bull Ring 2010 - The Prologue
O42 - Logiciel: SRM 1990 Official Patch 1.00 - (.S.R.M. Team.) [HKLM][64Bits] -- SRM 1990 Official Patch 1.00
O42 - Logiciel: Search Snacks - (.Search Snacks.) [HKLM][64Bits] -- SearchSnacks
O42 - Logiciel: V8FU Season 2011 Skin Update - (.Team ORSM.) [HKLM][64Bits] -- {4250E912-12F6-485F-8901-EB596F67F02E}_is1
O42 - Logiciel: WSGT by RMT for GTR2 - (...) [HKCU][64Bits] -- WSGT by RMT for GTR2
O42 - Logiciel: WTCC 2011 - (...) [HKCU][64Bits] -- WTCC 2011
O42 - Logiciel: WTCC 2011 TRACKPACK - (...) [HKCU][64Bits] -- WTCC 2011 TRACKPACK
O42 - Logiciel: WTCC 2011 by IMT-Series - (...) [HKLM][64Bits] -- WTCC 2011 by IMT-Series
O42 - Logiciel: WTCC 2012 1.1 - (...) [HKCU][64Bits] -- WTCC 2012 1.1
O42 - Logiciel: WTCC 2012 MOD 1.0 by IMT-Series Modding - (...) [HKCU][64Bits] -- WTCC 2012 MOD 1.0 by IMT-Series Modding
O42 - Logiciel: WTCC Evolution 1.7 - (...) [HKLM][64Bits] -- WTCC Evolution 1.7
~ Logic: 81 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ACTC]
[HKCU\Software\Baidu Security]
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer
[HKCU\Software\HLDS]
[HKCU\Software\IncrediMail]
[HKCU\Software\Network_Me]
[HKCU\Software\PCDataApp]
[HKCU\Software\RFE Plugin Series]
[HKCU\Software\SimGarage]
[HKCU\Software\Zotac]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Deterium Racing Technologies]
[HKLM\Software\Wow6432Node\PCDataApp]
[HKLM\Software\Wow6432Node\baidu]
[HKLM\Software\Wow6432Node\fst]
~ Key Software: 392 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/09/2012 - 21:10:35 - [] ----D C:\Program Files (x86)\ACTC
O43 - CFD: 09/06/2014 - 19:35:53 - [] ----D C:\Program Files (x86)\Free_Ven_s_pro 25
O43 - CFD: 21/04/2013 - 19:07:19 - [] ----D C:\Program Files (x86)\FTruck
O43 - CFD: 08/04/2014 - 21:20:44 - [] ----D C:\Program Files (x86)\FTruck2013
O43 - CFD: 22/01/2013 - 18:58:26 - [] ----D C:\Program Files (x86)\GSC
O43 - CFD: 08/07/2012 - 18:28:30 - [] ----D C:\Program Files (x86)\GSC FRED
O43 - CFD: 31/08/2013 - 00:07:57 - [] ----D C:\Program Files (x86)\GSC2012
O43 - CFD: 05/09/2012 - 18:24:04 - [] ----D C:\Program Files (x86)\GTR2
O43 - CFD: 23/12/2013 - 19:36:28 - [] ----D C:\Program Files (x86)\Kart Racing Pro
O43 - CFD: 22/09/2013 - 22:39:31 - [] ----D C:\Program Files (x86)\Leo's FFB Tuner
O43 - CFD: 09/06/2014 - 19:38:57 - [] ----D C:\Program Files (x86)\Mediaa_Play_AIR_1.4
O43 - CFD: 03/06/2014 - 19:16:53 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 04/10/2011 - 19:32:32 - [] ----D C:\ProgramData\IM
O43 - CFD: 04/10/2011 - 19:31:39 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 31/10/2011 - 17:16:16 - [] ----D C:\ProgramData\jgy50JtoEAFke73spIp
O43 - CFD: 21/09/2013 - 20:17:24 - [] ----D C:\ProgramData\reiza
O43 - CFD: 09/06/2014 - 20:28:15 - [] ----D C:\Users\Usuario\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 08/02/2012 - 20:02:17 - [] ----D C:\Users\Usuario\AppData\Roaming\NLC Modding Group
O43 - CFD: 30/03/2012 - 05:32:06 - [] ----D C:\Users\Usuario\AppData\Roaming\Simraceway
O43 - CFD: 03/04/2012 - 18:57:53 - [] --H-D C:\Users\Usuario\AppData\Roaming\TempMods
O43 - CFD: 03/06/2014 - 19:15:10 - [0] ----D C:\Users\Usuario\AppData\Local\1stBrowser
O43 - CFD: 03/06/2014 - 19:15:10 - [] ----D C:\Users\Usuario\AppData\Local\1stBrowserUninstall
O43 - CFD: 22/11/2013 - 19:27:26 - [] ----D C:\Users\Usuario\AppData\Local\Achim_Ennenbach_([Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O43 - CFD: 09/06/2014 - 19:39:02 - [] ----D C:\Users\Usuario\AppData\Local\com
O43 - CFD: 04/10/2011 - 19:34:47 - [] ----D C:\Users\Usuario\AppData\Local\IM
O43 - CFD: 01/03/2013 - 23:12:07 - [] ----D C:\Users\Usuario\AppData\Local\Kunos_Simulazioni
O43 - CFD: 03/06/2014 - 19:38:49 - [] ----D C:\Users\Usuario\AppData\Local\Network_Me_06032206
O43 - CFD: 29/03/2014 - 13:40:52 - [] ----D C:\Users\Usuario\AppData\Local\SimSync.de
O43 - CFD: 05/04/2014 - 21:25:52 - [] ----D C:\Users\Usuario\AppData\Local\TB
O43 - CFD: 17/01/2013 - 19:21:39 - [] ----D C:\Users\Usuario\AppData\Local\_
O43 - CFD: 15/08/2011 - 17:49:53 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2010 IndyCar Trackpack
O43 - CFD: 19/08/2012 - 16:32:01 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACTC
O43 - CFD: 11/07/2011 - 14:55:45 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluebirds
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1976 LE v1.1
O43 - CFD: 26/08/2011 - 20:39:29 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1977 LE v1.1
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1994 Season F1-S-R
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1994 Season F1-S-R Track Pack
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 2000 RVR
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 IMT 2012 ULTIMATE by IMT-Modding Team
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 Seven 1975 IPE v1.2
O43 - CFD: 01/01/2008 - 23:03:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Converter
O43 - CFD: 23/12/2013 - 19:31:01 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kart Racing Pro
O43 - CFD: 13/07/2011 - 21:38:21 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod DTM v3.5
O43 - CFD: 01/05/2014 - 19:06:19 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod VFR F1 2014 2.0
O43 - CFD: 30/03/2014 - 11:21:08 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod VFR F1 2014 V1.0
O43 - CFD: 05/08/2013 - 10:29:45 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pagoda Mod Group IZOD IndyCar DW12 2012-2013
O43 - CFD: 03/10/2013 - 01:41:25 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PMG IZOD IndyCar Series DW12 Update v1.2
O43 - CFD: 06/04/2013 - 03:43:06 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Porsche 911 RSR V 1.0 by Raduis
O43 - CFD: 06/08/2011 - 12:48:29 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Queensland Raceway 1.00
O43 - CFD: 20/09/2011 - 18:27:05 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Red Bull Ring 2010 - The Prologue
O43 - CFD: 19/09/2011 - 19:59:22 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SGT500 FIX V3.1
O43 - CFD: 01/01/2008 - 23:03:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimracingPro
O43 - CFD: 13/07/2011 - 20:07:58 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSGT by RMT for GTR2
O43 - CFD: 01/01/2008 - 23:03:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSVR
O43 - CFD: 03/10/2013 - 01:41:25 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC 2012 V2 by Racing Studio
O43 - CFD: 01/05/2014 - 19:06:19 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC 2013 by Racing Studio
O43 - CFD: 01/05/2014 - 19:06:19 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC 2013 TrackPack by Racing Studio
O43 - CFD: 14/03/2012 - 01:33:27 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC Evolution
O43 - CFD: 11/05/2012 - 13:27:02 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC Evolution 1.7
O43 - CFD: 11/07/2012 - 20:08:48 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC Evolution 1.8
~ Program Folder: 223 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.1CB775123FFD04A9C69D633E2FD95FA2] - 04/06/2014 - 19:53:23 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146056]
O44 - LFC:[MD5.1E021548BEF1E607B0B0592C23FEB840] - 04/06/2014 - 19:53:23 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [703270]
O44 - LFC:[MD5.340B0467E98A8C92697D73034DB4BCB7] - 06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.D1AC2270D0D6223CB7C2754426F1EF1F] - 06/06/2014 - 23:25:31 ---A- . (...) -- C:\ntuser.dat [262144]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat.LOG2 [0]
O44 - LFC:[MD5.9D13C3B515CF946320EAC1DE9D257B6E] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e42-ede3-11e3-93ed-00241df58551}.TM.blf [65536]
O44 - LFC:[MD5.5D46F3FC5DB12DFC4DB270204FE6FFC4] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e42-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000001.regtrans-ms [524288]
O44 - LFC:[MD5.59071590099D21DD439896592338BF95] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e42-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000002.regtrans-ms [524288]
O44 - LFC:[MD5.2195C5B848C57DEF4314FA6C97BD3D26] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e46-ede3-11e3-93ed-00241df58551}.TM.blf [65536]
O44 - LFC:[MD5.584036681D4A551CCB80E2999DA223BE] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e46-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000001.regtrans-ms [524288]
O44 - LFC:[MD5.59071590099D21DD439896592338BF95] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e46-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000002.regtrans-ms [524288]
O44 - LFC:[MD5.088B8118878A2FA17513C98956A7B982] - 06/06/2014 - 23:25:40 -SHA- . (...) -- C:\ntuser.dat.LOG1 [5120]
O44 - LFC:[MD5.6D265C8B9E7339FCE44A3965F0F63E2C] - 09/06/2014 - 20:41:37 ---A- . (...) -- C:\files.log [99]
O44 - LFC:[MD5.D7657DDB4B5B6EC4141C4E08FADF3B9A] - 09/06/2014 - 20:41:43 ---A- . (...) -- C:\folders.log [500]
O44 - LFC:[MD5.A0A5DC2BC9AC33A7540B3683FD90E9C2] - 09/06/2014 - 20:41:43 ---A- . (...) -- C:\zoek-results.log [21501]
~ Files: 55 Legitimates Filtered in 00mn 02s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{50ecdd9f-abb7-11e0-b284-806e6f6e6963}\AutoRun\command. (...) -- D:\BlueBirds.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/07/2011 - 07:19:32 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [254528]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:02/12/2007 - 23:20:54 ---A- . (.Windows (R) Codename Longhorn DDK provider - Sample NDIS 6.0 Intermediate Miniport Driver.) -- C:\Windows\System32\Drivers\RtVlan60.sys [24064]
O58 - SDL:13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:10/05/2011 - 08:06:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [51712]
O58 - SDL:27/04/2010 - 20:57:12 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Bus Enumerator Driver.) -- C:\Windows\System32\Drivers\WmBEnum.sys [26440]
O58 - SDL:27/04/2010 - 18:02:42 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Hid Filter Driver.) -- C:\Windows\System32\Drivers\WmFilter.sys [43976]
O58 - SDL:27/04/2010 - 20:57:14 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Hid Lower Filter Driver.) -- C:\Windows\System32\Drivers\WmHidLo.sys [36936]
O58 - SDL:27/04/2010 - 20:57:20 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Hid Device Driver.) -- C:\Windows\System32\Drivers\WmVirHid.sys [16200]
O58 - SDL:27/04/2010 - 18:03:12 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Translation Driver.) -- C:\Windows\System32\Drivers\WmXlCore.sys [77512]
~ Drivers: 73 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 06/06/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 13/05/2014 - C:\Windows\System32\drivers\ssnfd.sys (ssnfd) .(.Search Snacks - Search Snacks Driver x64.) - LEGACY_SSNFD
~ Legacy: 91 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{50029D3A-9D40-46C9-A000-266727752374}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{9D1ADFE5-88D7-434F-91B9-8EA40C895FF7}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "8B501B6E56F182443979D1DFA8309BD4" . (.SupraSavings.) -- c:\Windows\Installer\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}\icon64.ico =>PUP.SupraSavings
O90 - PUC: "BD04C21DD7DC68D42958E5F22E63394E" . (.SupraSavings.) -- c:\Windows\Installer\{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}\icon64.ico =>PUP.SupraSavings
~ Update Products: 2 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.9D0767859EE938C0C4FAC30693109843] [WIS][03/06/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\39d8f6.msi [3162112] =>PUP.SupraSavings
[MD5.9A5263D3C011F34BFA10C5458CF27197] [WIS][03/06/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\3f2c95.msi [4997120] =>PUP.SupraSavings
~ WIS: 2 Legitimates Filtered in 00mn 04s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32 =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASAPI32 =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASMANCS =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASAPI32 =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASMANCS =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentFirstBrowser_1403-8dda2b5a_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentFirstBrowser_1403-8dda2b5a_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_PTAutoUpdateHelper_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_PTAutoUpdateHelper_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 455 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 15/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/05/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Disabled 06/04/2011 349472 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
SS - | Demand 28/08/2013 1432400 | (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Auto 09/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/06/2011 934176 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 09/06/2014 77705 | (ProtectMonitor) . (...) - C:\Program Files\PCDApp\StartHelp.exe =>Trojan.BitCoinMiner
SS - | Auto 10/07/1658 0 | (sssvc) . (...) - C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 10/10/2013 144152 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE64.exe
SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 31/01/2012 19232 | (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
SR - | Auto 06/06/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 30/04/2014 1617696 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 30/04/2014 21007192 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 19/05/2014 927520 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/05/2014 413128 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s
---\\ Scâner Aditional (088)
Database Version : 13026 - (09/06/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 3
[HKLM\SYSTEM\CurrentControlSet\Services\ProtectMonitor] =>Trojan.BitCoinMiner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer] =>PUP.ContentExplorer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCData App] =>Trojan.BitCoinMiner^
C:\Users\Usuario\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer^
C:\Windows\Installer\39d8f6.msi =>PUP.SupraSavings^
C:\Windows\Installer\3f2c95.msi =>PUP.SupraSavings^
~ Additionnel Scan: 684697 Items scanned in 00mn 37s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Proxy Management (R5)
~ AMI: 1 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.BitCoinMiner
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Minibar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ContentExplorer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupraSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.ExpressFiles
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ MSI: 7 link(s) detected in 00mn 00s
~ 989 Legitimates filtered by white list
End of the scan (570 lines in 02mn 07s)(0)
----------------------------------------------------------------------------------------------
TRAVEI AI, COMO CONTINUAR?
~ Relatório do ZHPDiag v2014.6.9.87 - Nicolas Coolman (09/06/2014)
~ Iniciado por Usuario (09/06/2014 20:52:02)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.2.1012
SUPERAntiSpyware v5.7.1018
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.10
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.1.3 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8190 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 193 GB (41%) free of 466 GB
---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 193 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 552 Go of 1397 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 04:24:46.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A19DB004D954BBC9C4EC125711E1D1C2] - (.Microsoft Corporation - Internet Extensions for Win32.) (.10/12/2012 - 14:03:44.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.20/11/2010 - 00:23:36.) -- C:\Windows\system32\Drivers\AFD.sys [499712]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.FAF015B07E3A2874A790A39B7D2C579F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.20/11/2010 - 00:27:44.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 04:33:48.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/504
~ Mes musiques (My Musics) : 1/13938
~ Mes Favoris (My Favorites) : 1/284
~ Mes Documents (My Documents) : 1/301
~ Mon Bureau (My Desktop) : 1/228
~ Menu demarrer (Programs) : 1/48
~ Hidden Files: Scanned in 00mn 18s
---\\ Processos lançados
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2240]
[MD5.A6D772AA861E673636D48B6EB452ADE3] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [98696] [PID.2988]
[MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.1144]
[MD5.44FE94FCDF97E574B6986C5A81758628] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840] [PID.2820]
[MD5.F5546A846F16DB4578DF72F30AACB1FC] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8066560] [PID.864]
[MD5.718D79F2E7EC3AFFD3661DA81F93BBEA] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [413128] [PID.948]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1484]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.1948]
[MD5.F431DC5D94F4B2FDBC927655D8A9B10E] - (.Autodesk, Inc. - Content Service.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232] [PID.2004]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.1288]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2132]
[MD5.C22ADABFABBC2B7AC189C87D87B1ABD6] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696] [PID.2304]
~ Processes Running: Scanned in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3148761829-2675718000-1710086865-1000\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B187C997-A3C4-41FF-9264-903D12E3B711}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B187C997-A3C4-41FF-9264-903D12E3B711}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B187C997-A3C4-41FF-9264-903D12E3B711}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Protect Monitor (ProtectMonitor) . (...) - C:\Program Files\PCDApp\StartHelp.exe =>Trojan.BitCoinMiner
O23 - Service: Search Snacks Client Service (sssvc) . (...) - C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe (.not file.)
~ Services: 12 Legitimates Filtered in 00mn 10s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl] (...) -- C:\Users\Usuario\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\MinibarChrome.exe (.not file.) [0] =>PUP.Minibar
[MD5.00000000000000000000000000000000] [APT] [{751EF41F-FB85-45AD-9710-D45E234BC5AB}] (...) -- C:\Users\Usuario\Downloads\rfactor Formula 1 2011 FSONECLUB v1.0\fsoneclub_2011_v1.0.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\DLL-files.com Fixer_UPDATES [296]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 26c369d3-9db7-4fb8-b602-399276538202 [514]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 714edc0e-17e5-4ec2-9d9e-4e207604f554 [514]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 03s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (ssnfd) . (.Search Snacks - Search Snacks Driver x64.) - C:\Windows\System32\drivers\ssnfd.sys
~ Drivers: 99 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: 2010 IndyCar Trackpack - (...) [HKCU][64Bits] -- 2010 IndyCar Trackpack
O42 - Logiciel: ACTC (remove only) - (...) [HKLM][64Bits] -- ACTC
O42 - Logiciel: Bathurst v1.5 (2010 V8SC) - (.Team ORSM.) [HKLM][64Bits] -- {DDD54BB5-416B-41AE-A67A-F7BAC01C6CA1}_is1
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM][64Bits] -- ContentExplorer =>PUP.ContentExplorer
O42 - Logiciel: EF Magnificent Park Int - (.LMT.) [HKLM][64Bits] -- {92397E5A-186B-4806-8001-CE54A1449BF8}_is1
O42 - Logiciel: EnduranceSeries Addon (UNOFFICIAL) V3.00 - (...) [HKLM][64Bits] -- EnduranceSeries Addon (UNOFFICIAL) V3.00
O42 - Logiciel: F1 1977 LE v1.1 - (...) [HKCU][64Bits] -- F1 1977 LE v1.1
O42 - Logiciel: F1 2001RMT 2.00 - (...) [HKLM][64Bits] -- F1 2001RMT 2.00
O42 - Logiciel: F1 RMT 2011 Patch v1.01 - (...) [HKLM][64Bits] -- F1 RMT 2011 Patch v1.01
O42 - Logiciel: F1RFT 2008 V3 Trackpack 2 3.1 - (...) [HKLM][64Bits] -- F1RFT 2008 V3 Trackpack 2
O42 - Logiciel: F1RFT 2008 V3 Trackpack 3.0 - (...) [HKLM][64Bits] -- F1RFT 2008 V3 Trackpack
O42 - Logiciel: F1RFT 2012 DEMO - (...) [HKLM][64Bits] -- F1RFT 2012 DEMO
O42 - Logiciel: F1RMT 2001 TrackPack Uninstall - (...) [HKLM][64Bits] -- F1RMT 2001 TrackPack Uninstall
O42 - Logiciel: F1RMT 2012 0.85 - (...) [HKLM][64Bits] -- F1RMT 2012 0.85
O42 - Logiciel: F1_2011_F1R_V5.0 - (...) [HKCU][64Bits] -- F1_2011_F1R_V5.0
O42 - Logiciel: Formula Truck 2013 versão 1.10 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {D2F8554C-14CF-4313-A732-B59D9B20C3AD}_is1
O42 - Logiciel: Formula Truck versão 1.00 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {B6D220AC-B024-43CE-820C-4E7F395DD006}_is1
O42 - Logiciel: Free_Ven_s_pro 25 - (.setup.) [HKLM][64Bits] -- Free_Ven_s_pro 25
O42 - Logiciel: GAME STOCK CAR versão 1.600 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {7786E684-E12B-4738-85B4-7F2A65AF87C7}_is1
O42 - Logiciel: GTR Evolution - (.SimBin.) [HKLM][64Bits] -- GTR Evolution_1.1.1.2_is1
O42 - Logiciel: Game Stock Car Extreme versão 1.15 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {0DDE356A-68FA-4768-A94E-B7BE98EB4259}_is1
O42 - Logiciel: Leo's FFB Tuner - (.Nick 'Kosmo' Rammos.) [HKLM][64Bits] -- {7BFA6779-7690-4ED1-AE16-B948742E2FDE}
O42 - Logiciel: Mediaa_Play_AIR_1.4 - (.enter.) [HKLM][64Bits] -- Mediaa_Play_AIR_1.4
O42 - Logiciel: Mod DTM v3.5 - (.Race-Online.) [HKLM][64Bits] -- {4A091FC6-6DFE-4CB0-BF45-D90AB2353226}
O42 - Logiciel: Mod VFR F1 2014 V1.0 - (...) [HKCU][64Bits] -- Mod VFR F1 2014 V1.0
O42 - Logiciel: Monza F1 CM 2011 also singapore and new brazil - (...) [HKLM][64Bits] -- Monza F1 CM 2011 also singapore and new brazil
O42 - Logiciel: PC Data App - (...) [HKLM][64Bits] -- PCData App =>Trojan.BitCoinMiner
O42 - Logiciel: Queensland Raceway 1.00 - (...) [HKCU][64Bits] -- Queensland Raceway 1.00
O42 - Logiciel: Race Injection - (...) [HKLM][64Bits] -- Race Injection_is1
O42 - Logiciel: Race On - (.SimBin.) [HKLM][64Bits] -- Race On_is1
O42 - Logiciel: Red Bull Ring 2010 - The Prologue - (...) [HKCU][64Bits] -- Red Bull Ring 2010 - The Prologue
O42 - Logiciel: SRM 1990 Official Patch 1.00 - (.S.R.M. Team.) [HKLM][64Bits] -- SRM 1990 Official Patch 1.00
O42 - Logiciel: Search Snacks - (.Search Snacks.) [HKLM][64Bits] -- SearchSnacks
O42 - Logiciel: V8FU Season 2011 Skin Update - (.Team ORSM.) [HKLM][64Bits] -- {4250E912-12F6-485F-8901-EB596F67F02E}_is1
O42 - Logiciel: WSGT by RMT for GTR2 - (...) [HKCU][64Bits] -- WSGT by RMT for GTR2
O42 - Logiciel: WTCC 2011 - (...) [HKCU][64Bits] -- WTCC 2011
O42 - Logiciel: WTCC 2011 TRACKPACK - (...) [HKCU][64Bits] -- WTCC 2011 TRACKPACK
O42 - Logiciel: WTCC 2011 by IMT-Series - (...) [HKLM][64Bits] -- WTCC 2011 by IMT-Series
O42 - Logiciel: WTCC 2012 1.1 - (...) [HKCU][64Bits] -- WTCC 2012 1.1
O42 - Logiciel: WTCC 2012 MOD 1.0 by IMT-Series Modding - (...) [HKCU][64Bits] -- WTCC 2012 MOD 1.0 by IMT-Series Modding
O42 - Logiciel: WTCC Evolution 1.7 - (...) [HKLM][64Bits] -- WTCC Evolution 1.7
~ Logic: 81 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ACTC]
[HKCU\Software\Baidu Security]
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer
[HKCU\Software\HLDS]
[HKCU\Software\IncrediMail]
[HKCU\Software\Network_Me]
[HKCU\Software\PCDataApp]
[HKCU\Software\RFE Plugin Series]
[HKCU\Software\SimGarage]
[HKCU\Software\Zotac]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Deterium Racing Technologies]
[HKLM\Software\Wow6432Node\PCDataApp]
[HKLM\Software\Wow6432Node\baidu]
[HKLM\Software\Wow6432Node\fst]
~ Key Software: 392 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/09/2012 - 21:10:35 - [] ----D C:\Program Files (x86)\ACTC
O43 - CFD: 09/06/2014 - 19:35:53 - [] ----D C:\Program Files (x86)\Free_Ven_s_pro 25
O43 - CFD: 21/04/2013 - 19:07:19 - [] ----D C:\Program Files (x86)\FTruck
O43 - CFD: 08/04/2014 - 21:20:44 - [] ----D C:\Program Files (x86)\FTruck2013
O43 - CFD: 22/01/2013 - 18:58:26 - [] ----D C:\Program Files (x86)\GSC
O43 - CFD: 08/07/2012 - 18:28:30 - [] ----D C:\Program Files (x86)\GSC FRED
O43 - CFD: 31/08/2013 - 00:07:57 - [] ----D C:\Program Files (x86)\GSC2012
O43 - CFD: 05/09/2012 - 18:24:04 - [] ----D C:\Program Files (x86)\GTR2
O43 - CFD: 23/12/2013 - 19:36:28 - [] ----D C:\Program Files (x86)\Kart Racing Pro
O43 - CFD: 22/09/2013 - 22:39:31 - [] ----D C:\Program Files (x86)\Leo's FFB Tuner
O43 - CFD: 09/06/2014 - 19:38:57 - [] ----D C:\Program Files (x86)\Mediaa_Play_AIR_1.4
O43 - CFD: 03/06/2014 - 19:16:53 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 04/10/2011 - 19:32:32 - [] ----D C:\ProgramData\IM
O43 - CFD: 04/10/2011 - 19:31:39 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 31/10/2011 - 17:16:16 - [] ----D C:\ProgramData\jgy50JtoEAFke73spIp
O43 - CFD: 21/09/2013 - 20:17:24 - [] ----D C:\ProgramData\reiza
O43 - CFD: 09/06/2014 - 20:28:15 - [] ----D C:\Users\Usuario\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 08/02/2012 - 20:02:17 - [] ----D C:\Users\Usuario\AppData\Roaming\NLC Modding Group
O43 - CFD: 30/03/2012 - 05:32:06 - [] ----D C:\Users\Usuario\AppData\Roaming\Simraceway
O43 - CFD: 03/04/2012 - 18:57:53 - [] --H-D C:\Users\Usuario\AppData\Roaming\TempMods
O43 - CFD: 03/06/2014 - 19:15:10 - [0] ----D C:\Users\Usuario\AppData\Local\1stBrowser
O43 - CFD: 03/06/2014 - 19:15:10 - [] ----D C:\Users\Usuario\AppData\Local\1stBrowserUninstall
O43 - CFD: 22/11/2013 - 19:27:26 - [] ----D C:\Users\Usuario\AppData\Local\Achim_Ennenbach_([Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O43 - CFD: 09/06/2014 - 19:39:02 - [] ----D C:\Users\Usuario\AppData\Local\com
O43 - CFD: 04/10/2011 - 19:34:47 - [] ----D C:\Users\Usuario\AppData\Local\IM
O43 - CFD: 01/03/2013 - 23:12:07 - [] ----D C:\Users\Usuario\AppData\Local\Kunos_Simulazioni
O43 - CFD: 03/06/2014 - 19:38:49 - [] ----D C:\Users\Usuario\AppData\Local\Network_Me_06032206
O43 - CFD: 29/03/2014 - 13:40:52 - [] ----D C:\Users\Usuario\AppData\Local\SimSync.de
O43 - CFD: 05/04/2014 - 21:25:52 - [] ----D C:\Users\Usuario\AppData\Local\TB
O43 - CFD: 17/01/2013 - 19:21:39 - [] ----D C:\Users\Usuario\AppData\Local\_
O43 - CFD: 15/08/2011 - 17:49:53 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2010 IndyCar Trackpack
O43 - CFD: 19/08/2012 - 16:32:01 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACTC
O43 - CFD: 11/07/2011 - 14:55:45 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluebirds
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1976 LE v1.1
O43 - CFD: 26/08/2011 - 20:39:29 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1977 LE v1.1
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1994 Season F1-S-R
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1994 Season F1-S-R Track Pack
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 2000 RVR
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 IMT 2012 ULTIMATE by IMT-Modding Team
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 Seven 1975 IPE v1.2
O43 - CFD: 01/01/2008 - 23:03:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Converter
O43 - CFD: 23/12/2013 - 19:31:01 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kart Racing Pro
O43 - CFD: 13/07/2011 - 21:38:21 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod DTM v3.5
O43 - CFD: 01/05/2014 - 19:06:19 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod VFR F1 2014 2.0
O43 - CFD: 30/03/2014 - 11:21:08 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod VFR F1 2014 V1.0
O43 - CFD: 05/08/2013 - 10:29:45 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pagoda Mod Group IZOD IndyCar DW12 2012-2013
O43 - CFD: 03/10/2013 - 01:41:25 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PMG IZOD IndyCar Series DW12 Update v1.2
O43 - CFD: 06/04/2013 - 03:43:06 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Porsche 911 RSR V 1.0 by Raduis
O43 - CFD: 06/08/2011 - 12:48:29 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Queensland Raceway 1.00
O43 - CFD: 20/09/2011 - 18:27:05 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Red Bull Ring 2010 - The Prologue
O43 - CFD: 19/09/2011 - 19:59:22 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SGT500 FIX V3.1
O43 - CFD: 01/01/2008 - 23:03:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimracingPro
O43 - CFD: 13/07/2011 - 20:07:58 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSGT by RMT for GTR2
O43 - CFD: 01/01/2008 - 23:03:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSVR
O43 - CFD: 03/10/2013 - 01:41:25 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC 2012 V2 by Racing Studio
O43 - CFD: 01/05/2014 - 19:06:19 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC 2013 by Racing Studio
O43 - CFD: 01/05/2014 - 19:06:19 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC 2013 TrackPack by Racing Studio
O43 - CFD: 14/03/2012 - 01:33:27 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC Evolution
O43 - CFD: 11/05/2012 - 13:27:02 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC Evolution 1.7
O43 - CFD: 11/07/2012 - 20:08:48 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC Evolution 1.8
~ Program Folder: 223 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.1CB775123FFD04A9C69D633E2FD95FA2] - 04/06/2014 - 19:53:23 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146056]
O44 - LFC:[MD5.1E021548BEF1E607B0B0592C23FEB840] - 04/06/2014 - 19:53:23 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [703270]
O44 - LFC:[MD5.340B0467E98A8C92697D73034DB4BCB7] - 06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.D1AC2270D0D6223CB7C2754426F1EF1F] - 06/06/2014 - 23:25:31 ---A- . (...) -- C:\ntuser.dat [262144]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat.LOG2 [0]
O44 - LFC:[MD5.9D13C3B515CF946320EAC1DE9D257B6E] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e42-ede3-11e3-93ed-00241df58551}.TM.blf [65536]
O44 - LFC:[MD5.5D46F3FC5DB12DFC4DB270204FE6FFC4] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e42-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000001.regtrans-ms [524288]
O44 - LFC:[MD5.59071590099D21DD439896592338BF95] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e42-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000002.regtrans-ms [524288]
O44 - LFC:[MD5.2195C5B848C57DEF4314FA6C97BD3D26] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e46-ede3-11e3-93ed-00241df58551}.TM.blf [65536]
O44 - LFC:[MD5.584036681D4A551CCB80E2999DA223BE] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e46-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000001.regtrans-ms [524288]
O44 - LFC:[MD5.59071590099D21DD439896592338BF95] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e46-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000002.regtrans-ms [524288]
O44 - LFC:[MD5.088B8118878A2FA17513C98956A7B982] - 06/06/2014 - 23:25:40 -SHA- . (...) -- C:\ntuser.dat.LOG1 [5120]
O44 - LFC:[MD5.6D265C8B9E7339FCE44A3965F0F63E2C] - 09/06/2014 - 20:41:37 ---A- . (...) -- C:\files.log [99]
O44 - LFC:[MD5.D7657DDB4B5B6EC4141C4E08FADF3B9A] - 09/06/2014 - 20:41:43 ---A- . (...) -- C:\folders.log [500]
O44 - LFC:[MD5.A0A5DC2BC9AC33A7540B3683FD90E9C2] - 09/06/2014 - 20:41:43 ---A- . (...) -- C:\zoek-results.log [21501]
~ Files: 55 Legitimates Filtered in 00mn 02s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{50ecdd9f-abb7-11e0-b284-806e6f6e6963}\AutoRun\command. (...) -- D:\BlueBirds.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/07/2011 - 07:19:32 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [254528]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:02/12/2007 - 23:20:54 ---A- . (.Windows (R) Codename Longhorn DDK provider - Sample NDIS 6.0 Intermediate Miniport Driver.) -- C:\Windows\System32\Drivers\RtVlan60.sys [24064]
O58 - SDL:13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:10/05/2011 - 08:06:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [51712]
O58 - SDL:27/04/2010 - 20:57:12 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Bus Enumerator Driver.) -- C:\Windows\System32\Drivers\WmBEnum.sys [26440]
O58 - SDL:27/04/2010 - 18:02:42 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Hid Filter Driver.) -- C:\Windows\System32\Drivers\WmFilter.sys [43976]
O58 - SDL:27/04/2010 - 20:57:14 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Hid Lower Filter Driver.) -- C:\Windows\System32\Drivers\WmHidLo.sys [36936]
O58 - SDL:27/04/2010 - 20:57:20 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Hid Device Driver.) -- C:\Windows\System32\Drivers\WmVirHid.sys [16200]
O58 - SDL:27/04/2010 - 18:03:12 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Translation Driver.) -- C:\Windows\System32\Drivers\WmXlCore.sys [77512]
~ Drivers: 73 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 06/06/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 13/05/2014 - C:\Windows\System32\drivers\ssnfd.sys (ssnfd) .(.Search Snacks - Search Snacks Driver x64.) - LEGACY_SSNFD
~ Legacy: 91 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{50029D3A-9D40-46C9-A000-266727752374}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{9D1ADFE5-88D7-434F-91B9-8EA40C895FF7}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "8B501B6E56F182443979D1DFA8309BD4" . (.SupraSavings.) -- c:\Windows\Installer\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}\icon64.ico =>PUP.SupraSavings
O90 - PUC: "BD04C21DD7DC68D42958E5F22E63394E" . (.SupraSavings.) -- c:\Windows\Installer\{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}\icon64.ico =>PUP.SupraSavings
~ Update Products: 2 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.9D0767859EE938C0C4FAC30693109843] [WIS][03/06/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\39d8f6.msi [3162112] =>PUP.SupraSavings
[MD5.9A5263D3C011F34BFA10C5458CF27197] [WIS][03/06/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\3f2c95.msi [4997120] =>PUP.SupraSavings
~ WIS: 2 Legitimates Filtered in 00mn 04s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32 =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS =>PUP.ContentExplorer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASAPI32 =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASMANCS =>Adware.ExpressFiles
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASAPI32 =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASMANCS =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentFirstBrowser_1403-8dda2b5a_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentFirstBrowser_1403-8dda2b5a_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASAPI32 =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASMANCS =>Adware.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_PTAutoUpdateHelper_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_PTAutoUpdateHelper_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 455 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 15/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/05/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Disabled 06/04/2011 349472 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
SS - | Demand 28/08/2013 1432400 | (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Auto 09/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/06/2011 934176 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 09/06/2014 77705 | (ProtectMonitor) . (...) - C:\Program Files\PCDApp\StartHelp.exe =>Trojan.BitCoinMiner
SS - | Auto 10/07/1658 0 | (sssvc) . (...) - C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 10/10/2013 144152 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE64.exe
SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 31/01/2012 19232 | (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
SR - | Auto 06/06/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 30/04/2014 1617696 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 30/04/2014 21007192 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 19/05/2014 927520 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/05/2014 413128 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s
---\\ Scâner Aditional (088)
Database Version : 13026 - (09/06/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 3
[HKLM\SYSTEM\CurrentControlSet\Services\ProtectMonitor] =>Trojan.BitCoinMiner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer] =>PUP.ContentExplorer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCData App] =>Trojan.BitCoinMiner^
C:\Users\Usuario\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
[HKCU\Software\ContentExplorer] =>PUP.ContentExplorer^
C:\Windows\Installer\39d8f6.msi =>PUP.SupraSavings^
C:\Windows\Installer\3f2c95.msi =>PUP.SupraSavings^
~ Additionnel Scan: 684697 Items scanned in 00mn 37s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Proxy Management (R5)
~ AMI: 1 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.BitCoinMiner
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Minibar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ContentExplorer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupraSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.ExpressFiles
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ MSI: 7 link(s) detected in 00mn 00s
~ 989 Legitimates filtered by white list
End of the scan (570 lines in 02mn 07s)(0)
----------------------------------------------------------------------------------------------
TRAVEI AI, COMO CONTINUAR?
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Re: CE_UmbrellaCert +1 p/ eliminar
por Power Max Seg 09 Jun 2014, 22:25
Olá Fred.Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Seg 09 Jun 2014, 22:59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Usuario on 09/06/2014 at 22:37:41,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_updates.job"
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\dll-files.com fixer"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/06/2014 at 22:47:55,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Usuario on 09/06/2014 at 22:37:41,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_updates.job"
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\dll-files.com fixer"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/06/2014 at 22:47:55,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Re: CE_UmbrellaCert +1 p/ eliminar
por Power Max Seg 09 Jun 2014, 23:37
Sugiro que desinstale o Bonjour, que é desnecessário.____________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Ter 10 Jun 2014, 14:06, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Ter 10 Jun 2014, 00:12
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Usuario at 10/06/2014 00:09:34
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 11s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\users\usuario\appdata\roaming\contentexplorer\uninstall.exe
AUSENTE Uninstall Process: c:\program files\pcdapp\uninstaller.exe
AUSENTE Uninstall Process: c:\program files (x86)\searchsnacks\uninstall.exe
========== Estado dos serviços ==========
SSNFD Parado
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PCData App]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchSnacks]
ELIMINÉ: Service: sssvc
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: ssnfd
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\fst
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\8B501B6E56F182443979D1DFA8309BD4]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\8B501B6E56F182443979D1DFA8309BD4]
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\BD04C21DD7DC68D42958E5F22E63394E]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\BD04C21DD7DC68D42958E5F22E63394E]
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentFirstBrowser_1403-8dda2b5a_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentFirstBrowser_1403-8dda2b5a_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASMANCS
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\ssnfd.sys
ELIMINÉ: C:\Windows\Installer\39d8f6.msi
ELIMINÉ: C:\Windows\Installer\3f2c95.msi
ELIMINÉ Temporários windows (128) (2.122.431 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
ELIMINÉ: {751EF41F-FB85-45AD-9710-D45E234BC5AB}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
30 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
5 : Ficheiros
3 : Softwares
1 : Estado dos serviços
2 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 22s
========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/06/2014 00:09:46 [3808]
Fichier d'export Registre :
Run by Usuario at 10/06/2014 00:09:34
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 11s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\users\usuario\appdata\roaming\contentexplorer\uninstall.exe
AUSENTE Uninstall Process: c:\program files\pcdapp\uninstaller.exe
AUSENTE Uninstall Process: c:\program files (x86)\searchsnacks\uninstall.exe
========== Estado dos serviços ==========
SSNFD Parado
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PCData App]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchSnacks]
ELIMINÉ: Service: sssvc
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: ssnfd
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\fst
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\8B501B6E56F182443979D1DFA8309BD4]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\8B501B6E56F182443979D1DFA8309BD4]
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\BD04C21DD7DC68D42958E5F22E63394E]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\BD04C21DD7DC68D42958E5F22E63394E]
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExpressFiles_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\funmoods_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentFirstBrowser_1403-8dda2b5a_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentFirstBrowser_1403-8dda2b5a_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayerChecker_RASMANCS
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\ssnfd.sys
ELIMINÉ: C:\Windows\Installer\39d8f6.msi
ELIMINÉ: C:\Windows\Installer\3f2c95.msi
ELIMINÉ Temporários windows (128) (2.122.431 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
ELIMINÉ: {751EF41F-FB85-45AD-9710-D45E234BC5AB}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
30 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
5 : Ficheiros
3 : Softwares
1 : Estado dos serviços
2 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 22s
========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/06/2014 00:09:46 [3808]
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Re: CE_UmbrellaCert +1 p/ eliminar
por Power Max Ter 10 Jun 2014, 00:18
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Ter 10 Jun 2014, 06:45
~ Relatório do ZHPDiag v2014.6.9.87 - Nicolas Coolman (09/06/2014)
~ Iniciado por Usuario (10/06/2014 06:39:33)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.2.1012
SUPERAntiSpyware v5.7.1018
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.10
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.1.3 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8190 MB (73% free)
System Restore: Activé (Enable)
System drive C: has 192 GB (41%) free of 466 GB
---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 192 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 552 Go of 1397 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 04:24:46.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A19DB004D954BBC9C4EC125711E1D1C2] - (.Microsoft Corporation - Internet Extensions for Win32.) (.10/12/2012 - 14:03:44.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.20/11/2010 - 00:23:36.) -- C:\Windows\system32\Drivers\AFD.sys [499712]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.FAF015B07E3A2874A790A39B7D2C579F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.20/11/2010 - 00:27:44.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 04:33:48.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/504
~ Mes musiques (My Musics) : 1/13938
~ Mes Favoris (My Favorites) : 1/285
~ Mes Documents (My Documents) : 1/301
~ Mon Bureau (My Desktop) : 1/232
~ Menu demarrer (Programs) : 1/48
~ Hidden Files: Scanned in 00mn 33s
---\\ Processos lançados
[MD5.A6D772AA861E673636D48B6EB452ADE3] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [98696] [PID.1956]
[MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.1604]
[MD5.44FE94FCDF97E574B6986C5A81758628] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840] [PID.2508]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2968]
[MD5.F5546A846F16DB4578DF72F30AACB1FC] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8066560] [PID.1844]
[MD5.718D79F2E7EC3AFFD3661DA81F93BBEA] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [413128] [PID.952]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1356]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.660]
[MD5.F431DC5D94F4B2FDBC927655D8A9B10E] - (.Autodesk, Inc. - Content Service.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232] [PID.1392]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2656]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2744]
[MD5.C22ADABFABBC2B7AC189C87D87B1ABD6] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696] [PID.2920]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [bepbmhgboaologfdajaanbcjmnhjmhfn] Google Voice Search Hotword (Beta) v.0.1.1.5019, (Désactivé)
G2 - GCE: Preference [User Data\Default] [dnhpdliibojhegemfjheidglijccjfmc] hotword helper v.0.0.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 03s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3148761829-2675718000-1710086865-1000\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B187C997-A3C4-41FF-9264-903D12E3B711}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B187C997-A3C4-41FF-9264-903D12E3B711}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B187C997-A3C4-41FF-9264-903D12E3B711}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 26c369d3-9db7-4fb8-b602-399276538202 [514]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 714edc0e-17e5-4ec2-9d9e-4e207604f554 [514]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 03s
---\\ Software instalados (042)
O42 - Logiciel: 2010 IndyCar Trackpack - (...) [HKCU][64Bits] -- 2010 IndyCar Trackpack
O42 - Logiciel: ACTC (remove only) - (...) [HKLM][64Bits] -- ACTC
O42 - Logiciel: Bathurst v1.5 (2010 V8SC) - (.Team ORSM.) [HKLM][64Bits] -- {DDD54BB5-416B-41AE-A67A-F7BAC01C6CA1}_is1
O42 - Logiciel: EF Magnificent Park Int - (.LMT.) [HKLM][64Bits] -- {92397E5A-186B-4806-8001-CE54A1449BF8}_is1
O42 - Logiciel: EnduranceSeries Addon (UNOFFICIAL) V3.00 - (...) [HKLM][64Bits] -- EnduranceSeries Addon (UNOFFICIAL) V3.00
O42 - Logiciel: F1 1977 LE v1.1 - (...) [HKCU][64Bits] -- F1 1977 LE v1.1
O42 - Logiciel: F1 2001RMT 2.00 - (...) [HKLM][64Bits] -- F1 2001RMT 2.00
O42 - Logiciel: F1 RMT 2011 Patch v1.01 - (...) [HKLM][64Bits] -- F1 RMT 2011 Patch v1.01
O42 - Logiciel: F1RFT 2008 V3 Trackpack 2 3.1 - (...) [HKLM][64Bits] -- F1RFT 2008 V3 Trackpack 2
O42 - Logiciel: F1RFT 2008 V3 Trackpack 3.0 - (...) [HKLM][64Bits] -- F1RFT 2008 V3 Trackpack
O42 - Logiciel: F1RFT 2012 DEMO - (...) [HKLM][64Bits] -- F1RFT 2012 DEMO
O42 - Logiciel: F1RMT 2001 TrackPack Uninstall - (...) [HKLM][64Bits] -- F1RMT 2001 TrackPack Uninstall
O42 - Logiciel: F1RMT 2012 0.85 - (...) [HKLM][64Bits] -- F1RMT 2012 0.85
O42 - Logiciel: F1_2011_F1R_V5.0 - (...) [HKCU][64Bits] -- F1_2011_F1R_V5.0
O42 - Logiciel: Formula Truck 2013 versão 1.10 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {D2F8554C-14CF-4313-A732-B59D9B20C3AD}_is1
O42 - Logiciel: Formula Truck versão 1.00 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {B6D220AC-B024-43CE-820C-4E7F395DD006}_is1
O42 - Logiciel: Free_Ven_s_pro 25 - (.setup.) [HKLM][64Bits] -- Free_Ven_s_pro 25
O42 - Logiciel: GAME STOCK CAR versão 1.600 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {7786E684-E12B-4738-85B4-7F2A65AF87C7}_is1
O42 - Logiciel: GTR Evolution - (.SimBin.) [HKLM][64Bits] -- GTR Evolution_1.1.1.2_is1
O42 - Logiciel: Game Stock Car Extreme versão 1.15 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {0DDE356A-68FA-4768-A94E-B7BE98EB4259}_is1
O42 - Logiciel: Leo's FFB Tuner - (.Nick 'Kosmo' Rammos.) [HKLM][64Bits] -- {7BFA6779-7690-4ED1-AE16-B948742E2FDE}
O42 - Logiciel: Mediaa_Play_AIR_1.4 - (.enter.) [HKLM][64Bits] -- Mediaa_Play_AIR_1.4
O42 - Logiciel: Mod DTM v3.5 - (.Race-Online.) [HKLM][64Bits] -- {4A091FC6-6DFE-4CB0-BF45-D90AB2353226}
O42 - Logiciel: Mod VFR F1 2014 V1.0 - (...) [HKCU][64Bits] -- Mod VFR F1 2014 V1.0
O42 - Logiciel: Monza F1 CM 2011 also singapore and new brazil - (...) [HKLM][64Bits] -- Monza F1 CM 2011 also singapore and new brazil
O42 - Logiciel: Queensland Raceway 1.00 - (...) [HKCU][64Bits] -- Queensland Raceway 1.00
O42 - Logiciel: Race Injection - (...) [HKLM][64Bits] -- Race Injection_is1
O42 - Logiciel: Race On - (.SimBin.) [HKLM][64Bits] -- Race On_is1
O42 - Logiciel: Red Bull Ring 2010 - The Prologue - (...) [HKCU][64Bits] -- Red Bull Ring 2010 - The Prologue
O42 - Logiciel: SRM 1990 Official Patch 1.00 - (.S.R.M. Team.) [HKLM][64Bits] -- SRM 1990 Official Patch 1.00
O42 - Logiciel: V8FU Season 2011 Skin Update - (.Team ORSM.) [HKLM][64Bits] -- {4250E912-12F6-485F-8901-EB596F67F02E}_is1
O42 - Logiciel: WSGT by RMT for GTR2 - (...) [HKCU][64Bits] -- WSGT by RMT for GTR2
O42 - Logiciel: WTCC 2011 - (...) [HKCU][64Bits] -- WTCC 2011
O42 - Logiciel: WTCC 2011 TRACKPACK - (...) [HKCU][64Bits] -- WTCC 2011 TRACKPACK
O42 - Logiciel: WTCC 2011 by IMT-Series - (...) [HKLM][64Bits] -- WTCC 2011 by IMT-Series
O42 - Logiciel: WTCC 2012 1.1 - (...) [HKCU][64Bits] -- WTCC 2012 1.1
O42 - Logiciel: WTCC 2012 MOD 1.0 by IMT-Series Modding - (...) [HKCU][64Bits] -- WTCC 2012 MOD 1.0 by IMT-Series Modding
O42 - Logiciel: WTCC Evolution 1.7 - (...) [HKLM][64Bits] -- WTCC Evolution 1.7
~ Logic: 78 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ACTC]
[HKCU\Software\HLDS]
[HKCU\Software\IncrediMail]
[HKCU\Software\Network_Me]
[HKCU\Software\PCDataApp]
[HKCU\Software\RFE Plugin Series]
[HKCU\Software\SimGarage]
[HKCU\Software\Zotac]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Deterium Racing Technologies]
[HKLM\Software\Wow6432Node\PCDataApp]
[HKLM\Software\Wow6432Node\SearchSnacks]
~ Key Software: 380 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/09/2012 - 21:10:35 - [] ----D C:\Program Files (x86)\ACTC
O43 - CFD: 09/06/2014 - 21:59:06 - [] ----D C:\Program Files (x86)\Free_Ven_s_pro 25
O43 - CFD: 21/04/2013 - 19:07:19 - [] ----D C:\Program Files (x86)\FTruck
O43 - CFD: 08/04/2014 - 21:20:44 - [] ----D C:\Program Files (x86)\FTruck2013
O43 - CFD: 22/01/2013 - 18:58:26 - [] ----D C:\Program Files (x86)\GSC
O43 - CFD: 08/07/2012 - 18:28:30 - [] ----D C:\Program Files (x86)\GSC FRED
O43 - CFD: 31/08/2013 - 00:07:57 - [] ----D C:\Program Files (x86)\GSC2012
O43 - CFD: 05/09/2012 - 18:24:04 - [] ----D C:\Program Files (x86)\GTR2
O43 - CFD: 23/12/2013 - 19:36:28 - [] ----D C:\Program Files (x86)\Kart Racing Pro
O43 - CFD: 22/09/2013 - 22:39:31 - [] ----D C:\Program Files (x86)\Leo's FFB Tuner
O43 - CFD: 09/06/2014 - 21:59:16 - [] ----D C:\Program Files (x86)\Mediaa_Play_AIR_1.4
O43 - CFD: 10/06/2014 - 00:17:47 - [0] ----D C:\ProgramData\Baidu Security
O43 - CFD: 04/10/2011 - 19:32:32 - [] ----D C:\ProgramData\IM
O43 - CFD: 04/10/2011 - 19:31:39 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 31/10/2011 - 17:16:16 - [] ----D C:\ProgramData\jgy50JtoEAFke73spIp
O43 - CFD: 21/09/2013 - 20:17:24 - [] ----D C:\ProgramData\reiza
O43 - CFD: 08/02/2012 - 20:02:17 - [] ----D C:\Users\Usuario\AppData\Roaming\NLC Modding Group
O43 - CFD: 30/03/2012 - 05:32:06 - [] ----D C:\Users\Usuario\AppData\Roaming\Simraceway
O43 - CFD: 03/04/2012 - 18:57:53 - [] --H-D C:\Users\Usuario\AppData\Roaming\TempMods
O43 - CFD: 22/11/2013 - 19:27:26 - [] ----D C:\Users\Usuario\AppData\Local\Achim_Ennenbach_([Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O43 - CFD: 09/06/2014 - 19:39:02 - [] ----D C:\Users\Usuario\AppData\Local\com
O43 - CFD: 04/10/2011 - 19:34:47 - [] ----D C:\Users\Usuario\AppData\Local\IM
O43 - CFD: 01/03/2013 - 23:12:07 - [] ----D C:\Users\Usuario\AppData\Local\Kunos_Simulazioni
O43 - CFD: 03/06/2014 - 19:38:49 - [] ----D C:\Users\Usuario\AppData\Local\Network_Me_06032206
O43 - CFD: 29/03/2014 - 13:40:52 - [] ----D C:\Users\Usuario\AppData\Local\SimSync.de
O43 - CFD: 05/04/2014 - 21:25:52 - [] ----D C:\Users\Usuario\AppData\Local\TB
O43 - CFD: 17/01/2013 - 19:21:39 - [] ----D C:\Users\Usuario\AppData\Local\_
O43 - CFD: 15/08/2011 - 17:49:53 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2010 IndyCar Trackpack
O43 - CFD: 19/08/2012 - 16:32:01 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACTC
O43 - CFD: 11/07/2011 - 14:55:45 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluebirds
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1976 LE v1.1
O43 - CFD: 26/08/2011 - 20:39:29 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1977 LE v1.1
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1994 Season F1-S-R
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1994 Season F1-S-R Track Pack
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 2000 RVR
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 IMT 2012 ULTIMATE by IMT-Modding Team
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 Seven 1975 IPE v1.2
O43 - CFD: 01/01/2008 - 23:03:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Converter
O43 - CFD: 23/12/2013 - 19:31:01 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kart Racing Pro
O43 - CFD: 13/07/2011 - 21:38:21 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod DTM v3.5
O43 - CFD: 01/05/2014 - 19:06:19 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod VFR F1 2014 2.0
O43 - CFD: 30/03/2014 - 11:21:08 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod VFR F1 2014 V1.0
O43 - CFD: 05/08/2013 - 10:29:45 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pagoda Mod Group IZOD IndyCar DW12 2012-2013
O43 - CFD: 03/10/2013 - 01:41:25 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PMG IZOD IndyCar Series DW12 Update v1.2
O43 - CFD: 06/04/2013 - 03:43:06 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Porsche 911 RSR V 1.0 by Raduis
O43 - CFD: 06/08/2011 - 12:48:29 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Queensland Raceway 1.00
O43 - CFD: 20/09/2011 - 18:27:05 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Red Bull Ring 2010 - The Prologue
O43 - CFD: 19/09/2011 - 19:59:22 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SGT500 FIX V3.1
O43 - CFD: 01/01/2008 - 23:03:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimracingPro
O43 - CFD: 13/07/2011 - 20:07:58 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSGT by RMT for GTR2
O43 - CFD: 01/01/2008 - 23:03:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSVR
O43 - CFD: 03/10/2013 - 01:41:25 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC 2012 V2 by Racing Studio
O43 - CFD: 01/05/2014 - 19:06:19 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC 2013 by Racing Studio
O43 - CFD: 01/05/2014 - 19:06:19 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC 2013 TrackPack by Racing Studio
O43 - CFD: 14/03/2012 - 01:33:27 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC Evolution
O43 - CFD: 11/05/2012 - 13:27:02 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC Evolution 1.7
O43 - CFD: 11/07/2012 - 20:08:48 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC Evolution 1.8
~ Program Folder: 219 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.1CB775123FFD04A9C69D633E2FD95FA2] - 04/06/2014 - 19:53:23 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146056]
O44 - LFC:[MD5.1E021548BEF1E607B0B0592C23FEB840] - 04/06/2014 - 19:53:23 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [703270]
O44 - LFC:[MD5.340B0467E98A8C92697D73034DB4BCB7] - 06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.D1AC2270D0D6223CB7C2754426F1EF1F] - 06/06/2014 - 23:25:31 ---A- . (...) -- C:\ntuser.dat [262144]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat.LOG2 [0]
O44 - LFC:[MD5.9D13C3B515CF946320EAC1DE9D257B6E] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e42-ede3-11e3-93ed-00241df58551}.TM.blf [65536]
O44 - LFC:[MD5.5D46F3FC5DB12DFC4DB270204FE6FFC4] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e42-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000001.regtrans-ms [524288]
O44 - LFC:[MD5.59071590099D21DD439896592338BF95] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e42-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000002.regtrans-ms [524288]
O44 - LFC:[MD5.2195C5B848C57DEF4314FA6C97BD3D26] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e46-ede3-11e3-93ed-00241df58551}.TM.blf [65536]
O44 - LFC:[MD5.584036681D4A551CCB80E2999DA223BE] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e46-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000001.regtrans-ms [524288]
O44 - LFC:[MD5.59071590099D21DD439896592338BF95] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e46-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000002.regtrans-ms [524288]
O44 - LFC:[MD5.088B8118878A2FA17513C98956A7B982] - 06/06/2014 - 23:25:40 -SHA- . (...) -- C:\ntuser.dat.LOG1 [5120]
O44 - LFC:[MD5.6D265C8B9E7339FCE44A3965F0F63E2C] - 09/06/2014 - 20:41:37 ---A- . (...) -- C:\files.log [99]
O44 - LFC:[MD5.D7657DDB4B5B6EC4141C4E08FADF3B9A] - 09/06/2014 - 20:41:43 ---A- . (...) -- C:\folders.log [500]
O44 - LFC:[MD5.A0A5DC2BC9AC33A7540B3683FD90E9C2] - 09/06/2014 - 20:41:43 ---A- . (...) -- C:\zoek-results.log [21501]
~ Files: 55 Legitimates Filtered in 00mn 24s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{50ecdd9f-abb7-11e0-b284-806e6f6e6963}\AutoRun\command. (...) -- D:\BlueBirds.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/07/2011 - 07:19:32 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [254528]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:02/12/2007 - 23:20:54 ---A- . (.Windows (R) Codename Longhorn DDK provider - Sample NDIS 6.0 Intermediate Miniport Driver.) -- C:\Windows\System32\Drivers\RtVlan60.sys [24064]
O58 - SDL:13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:10/05/2011 - 08:06:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [51712]
O58 - SDL:27/04/2010 - 20:57:12 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Bus Enumerator Driver.) -- C:\Windows\System32\Drivers\WmBEnum.sys [26440]
O58 - SDL:27/04/2010 - 18:02:42 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Hid Filter Driver.) -- C:\Windows\System32\Drivers\WmFilter.sys [43976]
O58 - SDL:27/04/2010 - 20:57:14 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Hid Lower Filter Driver.) -- C:\Windows\System32\Drivers\WmHidLo.sys [36936]
O58 - SDL:27/04/2010 - 20:57:20 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Hid Device Driver.) -- C:\Windows\System32\Drivers\WmVirHid.sys [16200]
O58 - SDL:27/04/2010 - 18:03:12 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Translation Driver.) -- C:\Windows\System32\Drivers\WmXlCore.sys [77512]
~ Drivers: 73 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 06/06/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 91 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{50029D3A-9D40-46C9-A000-266727752374}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{9D1ADFE5-88D7-434F-91B9-8EA40C895FF7}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_PTAutoUpdateHelper_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_PTAutoUpdateHelper_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 443 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 15/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/05/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Demand 28/08/2013 1432400 | (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Auto 09/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/06/2011 934176 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 10/10/2013 144152 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE64.exe
SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 31/01/2012 19232 | (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
SR - | Auto 06/06/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 30/04/2014 1617696 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 30/04/2014 21007192 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 19/05/2014 927520 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/05/2014 413128 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s
---\\ Scâner Aditional (088)
Database Version : 13026 - (09/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 684277 Items scanned in 00mn 37s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Extensions (G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Proxy Management (R5)
~ AMI: 2 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 956 Legitimates filtered by white list
End of the scan (500 lines in 02mn 41s)(0)
~ Iniciado por Usuario (10/06/2014 06:39:33)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.2.1012
SUPERAntiSpyware v5.7.1018
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.10
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.1.3 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8190 MB (73% free)
System Restore: Activé (Enable)
System drive C: has 192 GB (41%) free of 466 GB
---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 192 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 552 Go of 1397 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 04:24:46.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A19DB004D954BBC9C4EC125711E1D1C2] - (.Microsoft Corporation - Internet Extensions for Win32.) (.10/12/2012 - 14:03:44.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.20/11/2010 - 00:23:36.) -- C:\Windows\system32\Drivers\AFD.sys [499712]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.FAF015B07E3A2874A790A39B7D2C579F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.20/11/2010 - 00:27:44.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 04:33:48.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/504
~ Mes musiques (My Musics) : 1/13938
~ Mes Favoris (My Favorites) : 1/285
~ Mes Documents (My Documents) : 1/301
~ Mon Bureau (My Desktop) : 1/232
~ Menu demarrer (Programs) : 1/48
~ Hidden Files: Scanned in 00mn 33s
---\\ Processos lançados
[MD5.A6D772AA861E673636D48B6EB452ADE3] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [98696] [PID.1956]
[MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.1604]
[MD5.44FE94FCDF97E574B6986C5A81758628] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840] [PID.2508]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2968]
[MD5.F5546A846F16DB4578DF72F30AACB1FC] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8066560] [PID.1844]
[MD5.718D79F2E7EC3AFFD3661DA81F93BBEA] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [413128] [PID.952]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1356]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.660]
[MD5.F431DC5D94F4B2FDBC927655D8A9B10E] - (.Autodesk, Inc. - Content Service.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232] [PID.1392]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2656]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2744]
[MD5.C22ADABFABBC2B7AC189C87D87B1ABD6] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696] [PID.2920]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [bepbmhgboaologfdajaanbcjmnhjmhfn] Google Voice Search Hotword (Beta) v.0.1.1.5019, (Désactivé)
G2 - GCE: Preference [User Data\Default] [dnhpdliibojhegemfjheidglijccjfmc] hotword helper v.0.0.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 03s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3148761829-2675718000-1710086865-1000\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B187C997-A3C4-41FF-9264-903D12E3B711}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B187C997-A3C4-41FF-9264-903D12E3B711}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B187C997-A3C4-41FF-9264-903D12E3B711}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 26c369d3-9db7-4fb8-b602-399276538202 [514]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 714edc0e-17e5-4ec2-9d9e-4e207604f554 [514]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 03s
---\\ Software instalados (042)
O42 - Logiciel: 2010 IndyCar Trackpack - (...) [HKCU][64Bits] -- 2010 IndyCar Trackpack
O42 - Logiciel: ACTC (remove only) - (...) [HKLM][64Bits] -- ACTC
O42 - Logiciel: Bathurst v1.5 (2010 V8SC) - (.Team ORSM.) [HKLM][64Bits] -- {DDD54BB5-416B-41AE-A67A-F7BAC01C6CA1}_is1
O42 - Logiciel: EF Magnificent Park Int - (.LMT.) [HKLM][64Bits] -- {92397E5A-186B-4806-8001-CE54A1449BF8}_is1
O42 - Logiciel: EnduranceSeries Addon (UNOFFICIAL) V3.00 - (...) [HKLM][64Bits] -- EnduranceSeries Addon (UNOFFICIAL) V3.00
O42 - Logiciel: F1 1977 LE v1.1 - (...) [HKCU][64Bits] -- F1 1977 LE v1.1
O42 - Logiciel: F1 2001RMT 2.00 - (...) [HKLM][64Bits] -- F1 2001RMT 2.00
O42 - Logiciel: F1 RMT 2011 Patch v1.01 - (...) [HKLM][64Bits] -- F1 RMT 2011 Patch v1.01
O42 - Logiciel: F1RFT 2008 V3 Trackpack 2 3.1 - (...) [HKLM][64Bits] -- F1RFT 2008 V3 Trackpack 2
O42 - Logiciel: F1RFT 2008 V3 Trackpack 3.0 - (...) [HKLM][64Bits] -- F1RFT 2008 V3 Trackpack
O42 - Logiciel: F1RFT 2012 DEMO - (...) [HKLM][64Bits] -- F1RFT 2012 DEMO
O42 - Logiciel: F1RMT 2001 TrackPack Uninstall - (...) [HKLM][64Bits] -- F1RMT 2001 TrackPack Uninstall
O42 - Logiciel: F1RMT 2012 0.85 - (...) [HKLM][64Bits] -- F1RMT 2012 0.85
O42 - Logiciel: F1_2011_F1R_V5.0 - (...) [HKCU][64Bits] -- F1_2011_F1R_V5.0
O42 - Logiciel: Formula Truck 2013 versão 1.10 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {D2F8554C-14CF-4313-A732-B59D9B20C3AD}_is1
O42 - Logiciel: Formula Truck versão 1.00 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {B6D220AC-B024-43CE-820C-4E7F395DD006}_is1
O42 - Logiciel: Free_Ven_s_pro 25 - (.setup.) [HKLM][64Bits] -- Free_Ven_s_pro 25
O42 - Logiciel: GAME STOCK CAR versão 1.600 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {7786E684-E12B-4738-85B4-7F2A65AF87C7}_is1
O42 - Logiciel: GTR Evolution - (.SimBin.) [HKLM][64Bits] -- GTR Evolution_1.1.1.2_is1
O42 - Logiciel: Game Stock Car Extreme versão 1.15 - (.Reiza Studios Ltda..) [HKLM][64Bits] -- {0DDE356A-68FA-4768-A94E-B7BE98EB4259}_is1
O42 - Logiciel: Leo's FFB Tuner - (.Nick 'Kosmo' Rammos.) [HKLM][64Bits] -- {7BFA6779-7690-4ED1-AE16-B948742E2FDE}
O42 - Logiciel: Mediaa_Play_AIR_1.4 - (.enter.) [HKLM][64Bits] -- Mediaa_Play_AIR_1.4
O42 - Logiciel: Mod DTM v3.5 - (.Race-Online.) [HKLM][64Bits] -- {4A091FC6-6DFE-4CB0-BF45-D90AB2353226}
O42 - Logiciel: Mod VFR F1 2014 V1.0 - (...) [HKCU][64Bits] -- Mod VFR F1 2014 V1.0
O42 - Logiciel: Monza F1 CM 2011 also singapore and new brazil - (...) [HKLM][64Bits] -- Monza F1 CM 2011 also singapore and new brazil
O42 - Logiciel: Queensland Raceway 1.00 - (...) [HKCU][64Bits] -- Queensland Raceway 1.00
O42 - Logiciel: Race Injection - (...) [HKLM][64Bits] -- Race Injection_is1
O42 - Logiciel: Race On - (.SimBin.) [HKLM][64Bits] -- Race On_is1
O42 - Logiciel: Red Bull Ring 2010 - The Prologue - (...) [HKCU][64Bits] -- Red Bull Ring 2010 - The Prologue
O42 - Logiciel: SRM 1990 Official Patch 1.00 - (.S.R.M. Team.) [HKLM][64Bits] -- SRM 1990 Official Patch 1.00
O42 - Logiciel: V8FU Season 2011 Skin Update - (.Team ORSM.) [HKLM][64Bits] -- {4250E912-12F6-485F-8901-EB596F67F02E}_is1
O42 - Logiciel: WSGT by RMT for GTR2 - (...) [HKCU][64Bits] -- WSGT by RMT for GTR2
O42 - Logiciel: WTCC 2011 - (...) [HKCU][64Bits] -- WTCC 2011
O42 - Logiciel: WTCC 2011 TRACKPACK - (...) [HKCU][64Bits] -- WTCC 2011 TRACKPACK
O42 - Logiciel: WTCC 2011 by IMT-Series - (...) [HKLM][64Bits] -- WTCC 2011 by IMT-Series
O42 - Logiciel: WTCC 2012 1.1 - (...) [HKCU][64Bits] -- WTCC 2012 1.1
O42 - Logiciel: WTCC 2012 MOD 1.0 by IMT-Series Modding - (...) [HKCU][64Bits] -- WTCC 2012 MOD 1.0 by IMT-Series Modding
O42 - Logiciel: WTCC Evolution 1.7 - (...) [HKLM][64Bits] -- WTCC Evolution 1.7
~ Logic: 78 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ACTC]
[HKCU\Software\HLDS]
[HKCU\Software\IncrediMail]
[HKCU\Software\Network_Me]
[HKCU\Software\PCDataApp]
[HKCU\Software\RFE Plugin Series]
[HKCU\Software\SimGarage]
[HKCU\Software\Zotac]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Deterium Racing Technologies]
[HKLM\Software\Wow6432Node\PCDataApp]
[HKLM\Software\Wow6432Node\SearchSnacks]
~ Key Software: 380 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/09/2012 - 21:10:35 - [] ----D C:\Program Files (x86)\ACTC
O43 - CFD: 09/06/2014 - 21:59:06 - [] ----D C:\Program Files (x86)\Free_Ven_s_pro 25
O43 - CFD: 21/04/2013 - 19:07:19 - [] ----D C:\Program Files (x86)\FTruck
O43 - CFD: 08/04/2014 - 21:20:44 - [] ----D C:\Program Files (x86)\FTruck2013
O43 - CFD: 22/01/2013 - 18:58:26 - [] ----D C:\Program Files (x86)\GSC
O43 - CFD: 08/07/2012 - 18:28:30 - [] ----D C:\Program Files (x86)\GSC FRED
O43 - CFD: 31/08/2013 - 00:07:57 - [] ----D C:\Program Files (x86)\GSC2012
O43 - CFD: 05/09/2012 - 18:24:04 - [] ----D C:\Program Files (x86)\GTR2
O43 - CFD: 23/12/2013 - 19:36:28 - [] ----D C:\Program Files (x86)\Kart Racing Pro
O43 - CFD: 22/09/2013 - 22:39:31 - [] ----D C:\Program Files (x86)\Leo's FFB Tuner
O43 - CFD: 09/06/2014 - 21:59:16 - [] ----D C:\Program Files (x86)\Mediaa_Play_AIR_1.4
O43 - CFD: 10/06/2014 - 00:17:47 - [0] ----D C:\ProgramData\Baidu Security
O43 - CFD: 04/10/2011 - 19:32:32 - [] ----D C:\ProgramData\IM
O43 - CFD: 04/10/2011 - 19:31:39 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 31/10/2011 - 17:16:16 - [] ----D C:\ProgramData\jgy50JtoEAFke73spIp
O43 - CFD: 21/09/2013 - 20:17:24 - [] ----D C:\ProgramData\reiza
O43 - CFD: 08/02/2012 - 20:02:17 - [] ----D C:\Users\Usuario\AppData\Roaming\NLC Modding Group
O43 - CFD: 30/03/2012 - 05:32:06 - [] ----D C:\Users\Usuario\AppData\Roaming\Simraceway
O43 - CFD: 03/04/2012 - 18:57:53 - [] --H-D C:\Users\Usuario\AppData\Roaming\TempMods
O43 - CFD: 22/11/2013 - 19:27:26 - [] ----D C:\Users\Usuario\AppData\Local\Achim_Ennenbach_([Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O43 - CFD: 09/06/2014 - 19:39:02 - [] ----D C:\Users\Usuario\AppData\Local\com
O43 - CFD: 04/10/2011 - 19:34:47 - [] ----D C:\Users\Usuario\AppData\Local\IM
O43 - CFD: 01/03/2013 - 23:12:07 - [] ----D C:\Users\Usuario\AppData\Local\Kunos_Simulazioni
O43 - CFD: 03/06/2014 - 19:38:49 - [] ----D C:\Users\Usuario\AppData\Local\Network_Me_06032206
O43 - CFD: 29/03/2014 - 13:40:52 - [] ----D C:\Users\Usuario\AppData\Local\SimSync.de
O43 - CFD: 05/04/2014 - 21:25:52 - [] ----D C:\Users\Usuario\AppData\Local\TB
O43 - CFD: 17/01/2013 - 19:21:39 - [] ----D C:\Users\Usuario\AppData\Local\_
O43 - CFD: 15/08/2011 - 17:49:53 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2010 IndyCar Trackpack
O43 - CFD: 19/08/2012 - 16:32:01 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACTC
O43 - CFD: 11/07/2011 - 14:55:45 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluebirds
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1976 LE v1.1
O43 - CFD: 26/08/2011 - 20:39:29 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1977 LE v1.1
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1994 Season F1-S-R
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 1994 Season F1-S-R Track Pack
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 2000 RVR
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 IMT 2012 ULTIMATE by IMT-Modding Team
O43 - CFD: 01/01/2008 - 23:03:53 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\F1 Seven 1975 IPE v1.2
O43 - CFD: 01/01/2008 - 23:03:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Converter
O43 - CFD: 23/12/2013 - 19:31:01 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kart Racing Pro
O43 - CFD: 13/07/2011 - 21:38:21 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod DTM v3.5
O43 - CFD: 01/05/2014 - 19:06:19 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod VFR F1 2014 2.0
O43 - CFD: 30/03/2014 - 11:21:08 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod VFR F1 2014 V1.0
O43 - CFD: 05/08/2013 - 10:29:45 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pagoda Mod Group IZOD IndyCar DW12 2012-2013
O43 - CFD: 03/10/2013 - 01:41:25 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PMG IZOD IndyCar Series DW12 Update v1.2
O43 - CFD: 06/04/2013 - 03:43:06 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Porsche 911 RSR V 1.0 by Raduis
O43 - CFD: 06/08/2011 - 12:48:29 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Queensland Raceway 1.00
O43 - CFD: 20/09/2011 - 18:27:05 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Red Bull Ring 2010 - The Prologue
O43 - CFD: 19/09/2011 - 19:59:22 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SGT500 FIX V3.1
O43 - CFD: 01/01/2008 - 23:03:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SimracingPro
O43 - CFD: 13/07/2011 - 20:07:58 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSGT by RMT for GTR2
O43 - CFD: 01/01/2008 - 23:03:54 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSVR
O43 - CFD: 03/10/2013 - 01:41:25 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC 2012 V2 by Racing Studio
O43 - CFD: 01/05/2014 - 19:06:19 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC 2013 by Racing Studio
O43 - CFD: 01/05/2014 - 19:06:19 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC 2013 TrackPack by Racing Studio
O43 - CFD: 14/03/2012 - 01:33:27 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC Evolution
O43 - CFD: 11/05/2012 - 13:27:02 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC Evolution 1.7
O43 - CFD: 11/07/2012 - 20:08:48 - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WTCC Evolution 1.8
~ Program Folder: 219 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.1CB775123FFD04A9C69D633E2FD95FA2] - 04/06/2014 - 19:53:23 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146056]
O44 - LFC:[MD5.1E021548BEF1E607B0B0592C23FEB840] - 04/06/2014 - 19:53:23 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [703270]
O44 - LFC:[MD5.340B0467E98A8C92697D73034DB4BCB7] - 06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.D1AC2270D0D6223CB7C2754426F1EF1F] - 06/06/2014 - 23:25:31 ---A- . (...) -- C:\ntuser.dat [262144]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat.LOG2 [0]
O44 - LFC:[MD5.9D13C3B515CF946320EAC1DE9D257B6E] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e42-ede3-11e3-93ed-00241df58551}.TM.blf [65536]
O44 - LFC:[MD5.5D46F3FC5DB12DFC4DB270204FE6FFC4] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e42-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000001.regtrans-ms [524288]
O44 - LFC:[MD5.59071590099D21DD439896592338BF95] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e42-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000002.regtrans-ms [524288]
O44 - LFC:[MD5.2195C5B848C57DEF4314FA6C97BD3D26] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e46-ede3-11e3-93ed-00241df58551}.TM.blf [65536]
O44 - LFC:[MD5.584036681D4A551CCB80E2999DA223BE] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e46-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000001.regtrans-ms [524288]
O44 - LFC:[MD5.59071590099D21DD439896592338BF95] - 06/06/2014 - 23:25:31 -SHA- . (...) -- C:\ntuser.dat{c7636e46-ede3-11e3-93ed-00241df58551}.TMContainer00000000000000000002.regtrans-ms [524288]
O44 - LFC:[MD5.088B8118878A2FA17513C98956A7B982] - 06/06/2014 - 23:25:40 -SHA- . (...) -- C:\ntuser.dat.LOG1 [5120]
O44 - LFC:[MD5.6D265C8B9E7339FCE44A3965F0F63E2C] - 09/06/2014 - 20:41:37 ---A- . (...) -- C:\files.log [99]
O44 - LFC:[MD5.D7657DDB4B5B6EC4141C4E08FADF3B9A] - 09/06/2014 - 20:41:43 ---A- . (...) -- C:\folders.log [500]
O44 - LFC:[MD5.A0A5DC2BC9AC33A7540B3683FD90E9C2] - 09/06/2014 - 20:41:43 ---A- . (...) -- C:\zoek-results.log [21501]
~ Files: 55 Legitimates Filtered in 00mn 24s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{50ecdd9f-abb7-11e0-b284-806e6f6e6963}\AutoRun\command. (...) -- D:\BlueBirds.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:06/06/2014 - 23:06:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/07/2011 - 07:19:32 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [254528]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:02/12/2007 - 23:20:54 ---A- . (.Windows (R) Codename Longhorn DDK provider - Sample NDIS 6.0 Intermediate Miniport Driver.) -- C:\Windows\System32\Drivers\RtVlan60.sys [24064]
O58 - SDL:13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:10/05/2011 - 08:06:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [51712]
O58 - SDL:27/04/2010 - 20:57:12 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Bus Enumerator Driver.) -- C:\Windows\System32\Drivers\WmBEnum.sys [26440]
O58 - SDL:27/04/2010 - 18:02:42 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Hid Filter Driver.) -- C:\Windows\System32\Drivers\WmFilter.sys [43976]
O58 - SDL:27/04/2010 - 20:57:14 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Hid Lower Filter Driver.) -- C:\Windows\System32\Drivers\WmHidLo.sys [36936]
O58 - SDL:27/04/2010 - 20:57:20 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Hid Device Driver.) -- C:\Windows\System32\Drivers\WmVirHid.sys [16200]
O58 - SDL:27/04/2010 - 18:03:12 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Translation Driver.) -- C:\Windows\System32\Drivers\WmXlCore.sys [77512]
~ Drivers: 73 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 06/06/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 91 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{50029D3A-9D40-46C9-A000-266727752374}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{9D1ADFE5-88D7-434F-91B9-8EA40C895FF7}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_PTAutoUpdateHelper_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentBar_PTAutoUpdateHelper_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 443 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 15/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/05/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Demand 28/08/2013 1432400 | (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Auto 09/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/06/2011 934176 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 10/10/2013 144152 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE64.exe
SR - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 31/01/2012 19232 | (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
SR - | Auto 06/06/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 30/04/2014 1617696 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 30/04/2014 21007192 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 19/05/2014 927520 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/05/2014 413128 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s
---\\ Scâner Aditional (088)
Database Version : 13026 - (09/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 684277 Items scanned in 00mn 37s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Extensions (G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Proxy Management (R5)
~ AMI: 2 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 956 Legitimates filtered by white list
End of the scan (500 lines in 02mn 41s)(0)
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Re: CE_UmbrellaCert +1 p/ eliminar
por Power Max Ter 10 Jun 2014, 10:46
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta e nos diga como está o PC depois disto.
Última edição por Power Max em Ter 10 Jun 2014, 14:05, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Ter 10 Jun 2014, 13:07
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Usuario at 10/06/2014 13:05:05
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\SearchSnacks
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\ssnfd.sys
ELIMINÉ Temporários windows (7) (112.642 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Chaves do Registo
1 : Pastas
3 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 51s
========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/06/2014 00:09:46 [3890]
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R2].txt - 10/06/2014 13:05:10 [1073]
Fichier d'export Registre :
Run by Usuario at 10/06/2014 13:05:05
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\SearchSnacks
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\ssnfd.sys
ELIMINÉ Temporários windows (7) (112.642 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Chaves do Registo
1 : Pastas
3 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 51s
========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/06/2014 00:09:46 [3890]
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R2].txt - 10/06/2014 13:05:10 [1073]
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Ter 10 Jun 2014, 13:29
Boa tarde Power Max, fiz a ultima ação no horario do meu alomoço, desliguei o pc e voltei p o trabalho e a noite testarei pra valer.
A primeira impressão foi de q o pedido de instalação ce_umbrellacert ja tinha desaparecido antes mesmo da ultima ação e o pc estava mais lento p rodar desde programas a abertura de pastas, internet, etc... do q o normal. Mas não sei, so saberei a noite.
Ja estava acontecendo antes, mas eu, com meu pouco conhecimento, achava q com as ações realizadas seriam sufucuente para desaparecer estas mensagens, mas não: Meu antivirus é o Avasti e tudo q abria na internet dava dava contaminação maliciosa (google chrome, internet explorer, sistem32). Antes para tentar tirar estes avisos de malwer eu instalei estes programa: SUPER Anti Spyware Free Anti Malware e MALWAREBYTES Free Anti Malware. O q vc acha?
Desde ja meu muitissimo obrigado pela atenção e dedicação a mim e a todo forum, Seu trabalho é bom d++++++++++. Uma pergunta apenas. Power Max é uma pessoa apenas ou um grupo de pessoas da administração. Se for apenas vc (uma pessoa kkkkkkkk), vc é o cara mermão, como vc da conta de responder a toodos? Bom d+d+d+d+d+d+d+d+d+.
PARABENS e noite a genta se comunica
A primeira impressão foi de q o pedido de instalação ce_umbrellacert ja tinha desaparecido antes mesmo da ultima ação e o pc estava mais lento p rodar desde programas a abertura de pastas, internet, etc... do q o normal. Mas não sei, so saberei a noite.
Ja estava acontecendo antes, mas eu, com meu pouco conhecimento, achava q com as ações realizadas seriam sufucuente para desaparecer estas mensagens, mas não: Meu antivirus é o Avasti e tudo q abria na internet dava dava contaminação maliciosa (google chrome, internet explorer, sistem32). Antes para tentar tirar estes avisos de malwer eu instalei estes programa: SUPER Anti Spyware Free Anti Malware e MALWAREBYTES Free Anti Malware. O q vc acha?
Desde ja meu muitissimo obrigado pela atenção e dedicação a mim e a todo forum, Seu trabalho é bom d++++++++++. Uma pergunta apenas. Power Max é uma pessoa apenas ou um grupo de pessoas da administração. Se for apenas vc (uma pessoa kkkkkkkk), vc é o cara mermão, como vc da conta de responder a toodos? Bom d+d+d+d+d+d+d+d+d+.
PARABENS e noite a genta se comunica
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Re: CE_UmbrellaCert +1 p/ eliminar
por Power Max Ter 10 Jun 2014, 14:04
Power Max sou só eu mesmo 
Aproveite que você instalou o Malwarebytes e faça uma limpeza com ele seguindo as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Faça também uma verificação completa com o SUPERAntispyware e remova os problemas que ele encontrar.
Na sua próxima resposta poste este log (relatório) do Malwarebytes e também o do SUPERAntispyware e nos diga como está o PC depois disto.
Ficamos no aguardo.
Aproveite que você instalou o Malwarebytes e faça uma limpeza com ele seguindo as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Faça também uma verificação completa com o SUPERAntispyware e remova os problemas que ele encontrar.
Na sua próxima resposta poste este log (relatório) do Malwarebytes e também o do SUPERAntispyware e nos diga como está o PC depois disto.
Ficamos no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Qua 11 Jun 2014, 06:38
Um só. Vc é um "monstro", brigadão.
Ai vai Malwarebytes Anti-Malware (23 arquivos infectados). O Anti Spyware Free Anti Malware ainda esta rodando (até agora 65 arquivos infectados). , qndo acabar eu posto o log.
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data de Verificação: 10/06/2014
Hora da Verificação: 18:28:45
Logfile: log malware.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.06.10.02
Rootkit Database: v2014.06.02.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado
OS: Windows 7 Service Pack 1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Usuario
Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 1613669
Tempo Decorrido: 10 hr, 59 min, 12 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 0
(No malicious items detected)
Módulos: 0
(No malicious items detected)
Chaves de Registro: 1
PUP.Optional.DealPly.A, HKU\S-1-5-21-3148761829-2675718000-1710086865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, , [38921b5b3546c1755429f1aeaa58946c],
Valores de Registro: 0
(No malicious items detected)
Dados do Registro: 0
(No malicious items detected)
Pastas: 0
(No malicious items detected)
Arquivos: 23
PUP.Optional.AdPeak.A, C:\AdwCleaner\Quarantine\C\Program Files\SupraSavings\SecureAssist.dll.vir, , [d2f851254635a5917105d469926e2fd1],
PUP.Optional.NewPlayer.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe.vir, , [a3278ee8d3a8ab8ba74e354b20e1d828],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir, , [2aa053235f1c81b5c6b8186c5ca555ab],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.93\MiniSP.dll.vir, , [f8d286f0126949ed1d378db8e31db947],
Backdoor.Bot.ED, C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Local\fst_br_147\upfst_br_147.exe.vir, , [6367076fcead9a9c283db6c603fe12ee],
PUP.Optional.FreeSoft, C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Local\fst_br_147\Download\majfstbr.exe.vir, , [ccfe7cfac7b4072ffbfaabd011f0b848],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda\10.20.101.5_0\plugins\TBVerifier.dll.vir, , [94368beb6c0f2412773ec28058a8aa56],
PUP.Optional.AdPeak.A, C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\SecureAssist.dll.vir, , [f3d73f37314aa88e6c0a70cd8d73d729],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, , [ba10a9cda5d6ef47f77f98a541bf5ba5],
PUP.Optional.SupraSavings.A, C:\temp\t.msi, , [4288ff7790eb9a9c65d79dbf966e8e72],
PUP.Optional.Conduit.A, C:\zoek\in\USERTEMP\nse9D9F.exe, , [6268d99d7ffccb6b99e58df7aa57cd33],
PUP.Optional.Conduit.A, C:\zoek\in\USERTEMP\nsj15D5.exe, , [92386b0beb90cf679fdf7b094fb243bd],
PUP.Optional.Conduit.A, C:\zoek\in\USERTEMP\nsj1C4B.exe, , [d5f53541cfac4fe7bbc35a2a36cb5ea2],
PUP.Optional.Conduit.A, C:\zoek\in\USERTEMP\nso9860.exe, , [9535c3b3e19ac96db6c88ef6d928ec14],
PUP.Optional.Conduit.A, C:\zoek\in\USERTEMP\nso6847\SpSetup.exe, , [a02a482e8bf067cf136bbbc9fe03639d],
PUP.Optional.Conduit.A, C:\zoek\in\USERTEMP\31d2df79-48be-41a7-8fd0-27e0c419d8bb\spidentifierimpl.exe, , [22a86d0908739a9c8563c3c203fee719],
PUP.Optional.FirstSeenToday, C:\zoek\in\USERTEMP\31d2df79-48be-41a7-8fd0-27e0c419d8bb\software\Freesofttoday.exe, , [0cbe6e084239999d9dcb820134cd2cd4],
PUP.Optional.NewPlayer.A, C:\zoek\in\USERTEMP\31d2df79-48be-41a7-8fd0-27e0c419d8bb\software\New_Player.exe, , [97333e382e4df046f9fcb8c83dc42ad6],
PUP.Optional.Conduit.A, C:\Users\Usuario\AppData\Local\TB\APISupport\MiniSP_1.0.2.93\MiniSP.dll, , [d7f31d59413a57df470d6cd9be42b64a],
PUP.Hacktool.Patcher, E:\Nova pasta\RFACTOR 2\rFactor.2.Beta.v1.0.0.5.Patch.Crack\rFactor.2.Beta.v1.0.0.5.Patch.Crack\rfactor2.v1.0.0.5-patch.exe, , [6862e3934d2e1f17189e927313edda26],
RiskWare.Tool.CK, E:\Nova pasta (3)\Nova pasta\AUTOCAD 2013\xf-2013.zip, , [735702744f2ce056855d9a1f3fc136ca],
RiskWare.Tool.CK, E:\Nova pasta (3)\Nova pasta\AUTOCAD 2013\xf-autocad-kg_x32.exe, , [69613e3826559c9a27bbf6c33cc433cd],
RiskWare.Tool.CK, E:\Nova pasta (3)\Nova pasta\AUTOCAD 2013\xf-autocad-kg_x64.exe, , [6664e0966a11e45227bbbbfee719b24e],
Physical Sectors: 0
(No malicious items detected)
(end)
Ai vai Malwarebytes Anti-Malware (23 arquivos infectados). O Anti Spyware Free Anti Malware ainda esta rodando (até agora 65 arquivos infectados). , qndo acabar eu posto o log.
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data de Verificação: 10/06/2014
Hora da Verificação: 18:28:45
Logfile: log malware.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.06.10.02
Rootkit Database: v2014.06.02.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado
OS: Windows 7 Service Pack 1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Usuario
Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 1613669
Tempo Decorrido: 10 hr, 59 min, 12 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 0
(No malicious items detected)
Módulos: 0
(No malicious items detected)
Chaves de Registro: 1
PUP.Optional.DealPly.A, HKU\S-1-5-21-3148761829-2675718000-1710086865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, , [38921b5b3546c1755429f1aeaa58946c],
Valores de Registro: 0
(No malicious items detected)
Dados do Registro: 0
(No malicious items detected)
Pastas: 0
(No malicious items detected)
Arquivos: 23
PUP.Optional.AdPeak.A, C:\AdwCleaner\Quarantine\C\Program Files\SupraSavings\SecureAssist.dll.vir, , [d2f851254635a5917105d469926e2fd1],
PUP.Optional.NewPlayer.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe.vir, , [a3278ee8d3a8ab8ba74e354b20e1d828],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir, , [2aa053235f1c81b5c6b8186c5ca555ab],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.93\MiniSP.dll.vir, , [f8d286f0126949ed1d378db8e31db947],
Backdoor.Bot.ED, C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Local\fst_br_147\upfst_br_147.exe.vir, , [6367076fcead9a9c283db6c603fe12ee],
PUP.Optional.FreeSoft, C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Local\fst_br_147\Download\majfstbr.exe.vir, , [ccfe7cfac7b4072ffbfaabd011f0b848],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda\10.20.101.5_0\plugins\TBVerifier.dll.vir, , [94368beb6c0f2412773ec28058a8aa56],
PUP.Optional.AdPeak.A, C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\SecureAssist.dll.vir, , [f3d73f37314aa88e6c0a70cd8d73d729],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, , [ba10a9cda5d6ef47f77f98a541bf5ba5],
PUP.Optional.SupraSavings.A, C:\temp\t.msi, , [4288ff7790eb9a9c65d79dbf966e8e72],
PUP.Optional.Conduit.A, C:\zoek\in\USERTEMP\nse9D9F.exe, , [6268d99d7ffccb6b99e58df7aa57cd33],
PUP.Optional.Conduit.A, C:\zoek\in\USERTEMP\nsj15D5.exe, , [92386b0beb90cf679fdf7b094fb243bd],
PUP.Optional.Conduit.A, C:\zoek\in\USERTEMP\nsj1C4B.exe, , [d5f53541cfac4fe7bbc35a2a36cb5ea2],
PUP.Optional.Conduit.A, C:\zoek\in\USERTEMP\nso9860.exe, , [9535c3b3e19ac96db6c88ef6d928ec14],
PUP.Optional.Conduit.A, C:\zoek\in\USERTEMP\nso6847\SpSetup.exe, , [a02a482e8bf067cf136bbbc9fe03639d],
PUP.Optional.Conduit.A, C:\zoek\in\USERTEMP\31d2df79-48be-41a7-8fd0-27e0c419d8bb\spidentifierimpl.exe, , [22a86d0908739a9c8563c3c203fee719],
PUP.Optional.FirstSeenToday, C:\zoek\in\USERTEMP\31d2df79-48be-41a7-8fd0-27e0c419d8bb\software\Freesofttoday.exe, , [0cbe6e084239999d9dcb820134cd2cd4],
PUP.Optional.NewPlayer.A, C:\zoek\in\USERTEMP\31d2df79-48be-41a7-8fd0-27e0c419d8bb\software\New_Player.exe, , [97333e382e4df046f9fcb8c83dc42ad6],
PUP.Optional.Conduit.A, C:\Users\Usuario\AppData\Local\TB\APISupport\MiniSP_1.0.2.93\MiniSP.dll, , [d7f31d59413a57df470d6cd9be42b64a],
PUP.Hacktool.Patcher, E:\Nova pasta\RFACTOR 2\rFactor.2.Beta.v1.0.0.5.Patch.Crack\rFactor.2.Beta.v1.0.0.5.Patch.Crack\rfactor2.v1.0.0.5-patch.exe, , [6862e3934d2e1f17189e927313edda26],
RiskWare.Tool.CK, E:\Nova pasta (3)\Nova pasta\AUTOCAD 2013\xf-2013.zip, , [735702744f2ce056855d9a1f3fc136ca],
RiskWare.Tool.CK, E:\Nova pasta (3)\Nova pasta\AUTOCAD 2013\xf-autocad-kg_x32.exe, , [69613e3826559c9a27bbf6c33cc433cd],
RiskWare.Tool.CK, E:\Nova pasta (3)\Nova pasta\AUTOCAD 2013\xf-autocad-kg_x64.exe, , [6664e0966a11e45227bbbbfee719b24e],
Physical Sectors: 0
(No malicious items detected)
(end)
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Re: CE_UmbrellaCert +1 p/ eliminar
por Power Max Qua 11 Jun 2014, 10:27
Você deve ter postado este log do Malwarebytes antes de remover os problemas, porque está constando que eles não foram removidos. Depois de postar este log você selecionou e removeu todos estes problemas? Eles estão na quarentena dele? Se estiverem na quarentena está tudo certo.Ai vai Malwarebytes Anti-Malware (23 arquivos infectados).
__________________________________________________________________________________________________________________
Ok, fico na espera.O Anti Spyware Free Anti Malware ainda esta rodando (até agora 65 arquivos infectados). , qndo acabar eu posto o log.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Qua 11 Jun 2014, 19:39
Boa noite Power Max, meu pc ficou scaneando hoje o dia inteiro e tive um probleminha com falta de enegia na cidade hoje e qndo chegeui em casa e religuei meu pc não consegui exportar mais no Malwarebytes Anti-Malware. O programa trava e não extrai ou isso demora mesmo?
Os avisos de antivirus do avast continuam apitando sem parar. O q vc acha do avast? nunca tive problema até este ultimo dois meses.
Para comunicar o CE_umbrella, brigadão, sumiu,, nunca mais apareceu.
E consegui do Anti Spyware Free Anti Malware este log abxo e não sei se a açõa foi interrompida no meio do processo. De qualquer forma enquanto vc não me responde, q sei q nâo vai demorar, estou fazendo tudo de novo (scan p Malwarebytes Anti-Malware e p Anti Spyware Free Anti Malware), ou não precisa? Aguardo resposta.
SUPERAntiSpyware Scan Log
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Generated 06/11/2014 at 09:05 AM
Application Version : 5.7.1026
Core Rules Database Version : 11294
Trace Rules Database Version: 9106
Scan type : Complete Scan
Total Scan Time : 14:47:31
Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 602
Memory threats detected : 0
Registry items scanned : 70920
Registry threats detected : 0
File items scanned : 1350725
File threats detected : 65
Adware.Tracking Cookie
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\CRXGN8OW.txt [ /fastclick.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\Q3Q3FPFS.txt [ /track.adform.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\HGI010T7.txt [ /burstnet.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\2MXZDPVO.txt [ /smartadserver.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\6N25F6VJ.txt [ /adtechus.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\MIVTXYDM.txt [ /questionmarket.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\983QOA83.txt [ /ads1.solocpm.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\LB065RC7.txt [ /revsci.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\G445FPK7.txt [ /ads.yahoo.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\OJMCR407.txt [ /tribalfusion.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\QEH81MD1.txt [ /casalemedia.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\1M8WW943.txt [ /pcladvert.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\BF4ULO3A.txt [ /ads.pubmatic.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\N81Q1XBM.txt [ /advertising.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\DQXNITET.txt [ /ru4.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\LGCKV7XR.txt [ /realmediadigital.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\RN3520GM.txt [ /ads.creative-serving.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\0W11VP9Z.txt [ /script6.bannerairport.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\DW1D8P04.txt [ /c1.adform.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\VQ2F75HS.txt [ /at.atwola.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\J650JCJD.txt [ /doubleclick.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\XJZ7ATAG.txt [ /adserv.psafe.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\DC50JQLL.txt [ /ad.360yield.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\S4JHCDTF.txt [ /www.burstnet.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\M31LWGCE.txt [ /atdmt.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\460LYXCK.txt [ /bs.serving-sys.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\KZBSLQVF.txt [ /serving-sys.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\362FE2YO.txt [ /adform.net ]
C:\USERS\USUARIO\Cookies\CRXGN8OW.txt [ Cookie:usuario@fastclick.net/ ]
C:\USERS\USUARIO\Cookies\Q3Q3FPFS.txt [ Cookie:usuario@track.adform.net/ ]
C:\USERS\USUARIO\Cookies\MIVTXYDM.txt [ Cookie:usuario@questionmarket.com/ ]
C:\USERS\USUARIO\Cookies\983QOA83.txt [ Cookie:usuario@ads1.solocpm.com/ ]
C:\USERS\USUARIO\Cookies\LB065RC7.txt [ Cookie:usuario@revsci.net/ ]
C:\USERS\USUARIO\Cookies\OJMCR407.txt [ Cookie:usuario@tribalfusion.com/ ]
C:\USERS\USUARIO\Cookies\N81Q1XBM.txt [ Cookie:usuario@advertising.com/ ]
C:\USERS\USUARIO\Cookies\DQXNITET.txt [ Cookie:usuario@ru4.com/ ]
C:\USERS\USUARIO\Cookies\LGCKV7XR.txt [ Cookie:usuario@realmediadigital.com/ ]
C:\USERS\USUARIO\Cookies\0W11VP9Z.txt [ Cookie:usuario@script6.bannerairport.com/ ]
C:\USERS\USUARIO\Cookies\DW1D8P04.txt [ Cookie:usuario@c1.adform.net/ ]
C:\USERS\USUARIO\Cookies\VQ2F75HS.txt [ Cookie:usuario@at.atwola.com/ ]
C:\USERS\USUARIO\Cookies\J650JCJD.txt [ Cookie:usuario@doubleclick.net/ ]
C:\USERS\USUARIO\Cookies\XJZ7ATAG.txt [ Cookie:usuario@adserv.psafe.com/ ]
C:\USERS\USUARIO\Cookies\S4JHCDTF.txt [ Cookie:usuario@[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ]
C:\USERS\USUARIO\Cookies\M31LWGCE.txt [ Cookie:usuario@atdmt.com/ ]
C:\USERS\USUARIO\Cookies\460LYXCK.txt [ Cookie:usuario@bs.serving-sys.com/ ]
C:\USERS\USUARIO\Cookies\362FE2YO.txt [ Cookie:usuario@adform.net/ ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Trojan.Agent/Gen-StartPage
ZIP ARCHIVE( C:\ZOEK\IN\RECYCLE.BIN\S-1-5-21-3148761829-2675718000-1710086865-1000\$RW3IIPV.ZIP )/FLASHPLAY10.30.45.CPL
C:\ZOEK\IN\RECYCLE.BIN\S-1-5-21-3148761829-2675718000-1710086865-1000\$RW3IIPV.ZIP
Os avisos de antivirus do avast continuam apitando sem parar. O q vc acha do avast? nunca tive problema até este ultimo dois meses.
Para comunicar o CE_umbrella, brigadão, sumiu,, nunca mais apareceu.
E consegui do Anti Spyware Free Anti Malware este log abxo e não sei se a açõa foi interrompida no meio do processo. De qualquer forma enquanto vc não me responde, q sei q nâo vai demorar, estou fazendo tudo de novo (scan p Malwarebytes Anti-Malware e p Anti Spyware Free Anti Malware), ou não precisa? Aguardo resposta.
SUPERAntiSpyware Scan Log
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Generated 06/11/2014 at 09:05 AM
Application Version : 5.7.1026
Core Rules Database Version : 11294
Trace Rules Database Version: 9106
Scan type : Complete Scan
Total Scan Time : 14:47:31
Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 602
Memory threats detected : 0
Registry items scanned : 70920
Registry threats detected : 0
File items scanned : 1350725
File threats detected : 65
Adware.Tracking Cookie
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\CRXGN8OW.txt [ /fastclick.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\Q3Q3FPFS.txt [ /track.adform.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\HGI010T7.txt [ /burstnet.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\2MXZDPVO.txt [ /smartadserver.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\6N25F6VJ.txt [ /adtechus.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\MIVTXYDM.txt [ /questionmarket.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\983QOA83.txt [ /ads1.solocpm.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\LB065RC7.txt [ /revsci.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\G445FPK7.txt [ /ads.yahoo.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\OJMCR407.txt [ /tribalfusion.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\QEH81MD1.txt [ /casalemedia.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\1M8WW943.txt [ /pcladvert.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\BF4ULO3A.txt [ /ads.pubmatic.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\N81Q1XBM.txt [ /advertising.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\DQXNITET.txt [ /ru4.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\LGCKV7XR.txt [ /realmediadigital.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\RN3520GM.txt [ /ads.creative-serving.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\0W11VP9Z.txt [ /script6.bannerairport.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\DW1D8P04.txt [ /c1.adform.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\VQ2F75HS.txt [ /at.atwola.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\J650JCJD.txt [ /doubleclick.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\XJZ7ATAG.txt [ /adserv.psafe.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\DC50JQLL.txt [ /ad.360yield.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\S4JHCDTF.txt [ /www.burstnet.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\M31LWGCE.txt [ /atdmt.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\460LYXCK.txt [ /bs.serving-sys.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\KZBSLQVF.txt [ /serving-sys.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\362FE2YO.txt [ /adform.net ]
C:\USERS\USUARIO\Cookies\CRXGN8OW.txt [ Cookie:usuario@fastclick.net/ ]
C:\USERS\USUARIO\Cookies\Q3Q3FPFS.txt [ Cookie:usuario@track.adform.net/ ]
C:\USERS\USUARIO\Cookies\MIVTXYDM.txt [ Cookie:usuario@questionmarket.com/ ]
C:\USERS\USUARIO\Cookies\983QOA83.txt [ Cookie:usuario@ads1.solocpm.com/ ]
C:\USERS\USUARIO\Cookies\LB065RC7.txt [ Cookie:usuario@revsci.net/ ]
C:\USERS\USUARIO\Cookies\OJMCR407.txt [ Cookie:usuario@tribalfusion.com/ ]
C:\USERS\USUARIO\Cookies\N81Q1XBM.txt [ Cookie:usuario@advertising.com/ ]
C:\USERS\USUARIO\Cookies\DQXNITET.txt [ Cookie:usuario@ru4.com/ ]
C:\USERS\USUARIO\Cookies\LGCKV7XR.txt [ Cookie:usuario@realmediadigital.com/ ]
C:\USERS\USUARIO\Cookies\0W11VP9Z.txt [ Cookie:usuario@script6.bannerairport.com/ ]
C:\USERS\USUARIO\Cookies\DW1D8P04.txt [ Cookie:usuario@c1.adform.net/ ]
C:\USERS\USUARIO\Cookies\VQ2F75HS.txt [ Cookie:usuario@at.atwola.com/ ]
C:\USERS\USUARIO\Cookies\J650JCJD.txt [ Cookie:usuario@doubleclick.net/ ]
C:\USERS\USUARIO\Cookies\XJZ7ATAG.txt [ Cookie:usuario@adserv.psafe.com/ ]
C:\USERS\USUARIO\Cookies\S4JHCDTF.txt [ Cookie:usuario@[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ]
C:\USERS\USUARIO\Cookies\M31LWGCE.txt [ Cookie:usuario@atdmt.com/ ]
C:\USERS\USUARIO\Cookies\460LYXCK.txt [ Cookie:usuario@bs.serving-sys.com/ ]
C:\USERS\USUARIO\Cookies\362FE2YO.txt [ Cookie:usuario@adform.net/ ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.script6.bannerairport.com [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Trojan.Agent/Gen-StartPage
ZIP ARCHIVE( C:\ZOEK\IN\RECYCLE.BIN\S-1-5-21-3148761829-2675718000-1710086865-1000\$RW3IIPV.ZIP )/FLASHPLAY10.30.45.CPL
C:\ZOEK\IN\RECYCLE.BIN\S-1-5-21-3148761829-2675718000-1710086865-1000\$RW3IIPV.ZIP
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Re: CE_UmbrellaCert +1 p/ eliminar
por Power Max Qua 11 Jun 2014, 19:42
O log do SuperAntispyware está limpo, só cookies foram encontrados, os quais são inofensivos.
Quando o Avast dá o alerta, como é o alerta? Qual arquivo ele fala que está contaminado?
Quando o Avast dá o alerta, como é o alerta? Qual arquivo ele fala que está contaminado?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Qua 11 Jun 2014, 19:44
Acho q consegui o log do:
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data de Verificação: 11/06/2014
Hora da Verificação: 19:20:03
Logfile: malware.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.06.11.08
Rootkit Database: v2014.06.02.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado
OS: Windows 7 Service Pack 1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Usuario
Tipo da Verificação: Verificar Ameaça
Resultado: Completado
Arquivos Verificados: 280523
Tempo Decorrido: 7 min, 43 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 0
(No malicious items detected)
Módulos: 0
(No malicious items detected)
Chaves de Registro: 5
PUP.Optional.Feven.A, HKU\S-1-5-21-3148761829-2675718000-1710086865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Free_Ven_s_pro 25, No Action By User, [1c18096e84f7201671a6d1cce9194db3],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\Free_Ven_s_pro 25, Quarantined, [78bce196c3b84ee8c15ac1dc71918d73],
PUP.Optional.MediaPlayer.A, HKLM\SOFTWARE\WOW6432NODE\Mediaa_Play_AIR_1.4, Quarantined, [ea4a24534f2ccb6b14719dffdf238e72],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-21-3148761829-2675718000-1710086865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Mediaa_Play_AIR_1.4, Quarantined, [fd37a2d5accfcb6bc9be0c9007fb26da],
PUP.Optional.MediaPlayer.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Mediaa_Play_AIR_1.4, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
Valores de Registro: 0
(No malicious items detected)
Dados do Registro: 0
(No malicious items detected)
Pastas: 2
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
Arquivos: 24
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\1293297481.mxaddon, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\360-58028.crx, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\58028.crx, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\58028.xpi, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\background.html, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\bgNova.html, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\Free_Ven_s_pro 25.ico, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-bho.dll, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\1293297481.mxaddon, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\2405a8b4-dae2-4900-893e-cc5220341a27-2.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\2405a8b4-dae2-4900-893e-cc5220341a27-3.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\2405a8b4-dae2-4900-893e-cc5220341a27-4.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\2405a8b4-dae2-4900-893e-cc5220341a27-5.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\360-58488.crx, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\58488.crx, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\58488.xpi, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\background.html, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\bgNova.html, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-codedownloader.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-nova.dll, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-nova.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-novainstaller.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4.ico, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Uninstall.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data de Verificação: 11/06/2014
Hora da Verificação: 19:20:03
Logfile: malware.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.06.11.08
Rootkit Database: v2014.06.02.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado
OS: Windows 7 Service Pack 1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Usuario
Tipo da Verificação: Verificar Ameaça
Resultado: Completado
Arquivos Verificados: 280523
Tempo Decorrido: 7 min, 43 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 0
(No malicious items detected)
Módulos: 0
(No malicious items detected)
Chaves de Registro: 5
PUP.Optional.Feven.A, HKU\S-1-5-21-3148761829-2675718000-1710086865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Free_Ven_s_pro 25, No Action By User, [1c18096e84f7201671a6d1cce9194db3],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\Free_Ven_s_pro 25, Quarantined, [78bce196c3b84ee8c15ac1dc71918d73],
PUP.Optional.MediaPlayer.A, HKLM\SOFTWARE\WOW6432NODE\Mediaa_Play_AIR_1.4, Quarantined, [ea4a24534f2ccb6b14719dffdf238e72],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-21-3148761829-2675718000-1710086865-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Mediaa_Play_AIR_1.4, Quarantined, [fd37a2d5accfcb6bc9be0c9007fb26da],
PUP.Optional.MediaPlayer.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Mediaa_Play_AIR_1.4, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
Valores de Registro: 0
(No malicious items detected)
Dados do Registro: 0
(No malicious items detected)
Pastas: 2
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
Arquivos: 24
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\1293297481.mxaddon, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\360-58028.crx, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\58028.crx, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\58028.xpi, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\background.html, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\bgNova.html, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.Feven.A, C:\Program Files (x86)\Free_Ven_s_pro 25\Free_Ven_s_pro 25.ico, Quarantined, [0331cea9146764d208fc910b0df5e61a],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-bho.dll, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\1293297481.mxaddon, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\2405a8b4-dae2-4900-893e-cc5220341a27-2.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\2405a8b4-dae2-4900-893e-cc5220341a27-3.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\2405a8b4-dae2-4900-893e-cc5220341a27-4.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\2405a8b4-dae2-4900-893e-cc5220341a27-5.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\360-58488.crx, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\58488.crx, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\58488.xpi, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\background.html, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\bgNova.html, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-codedownloader.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-nova.dll, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-nova.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-novainstaller.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4.ico, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Uninstall.exe, Quarantined, [5bd9ed8a106b48ee1e2b7e1eae542bd5],
Physical Sectors: 0
(No malicious items detected)
(end)
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Re: CE_UmbrellaCert +1 p/ eliminar
por Power Max Qua 11 Jun 2014, 20:00
Você usou só a verificação de ameaças, que não é tão completa como a que é mostrada no tutorial que te passei. Siga as dicas abaixo para fazer a limpeza completa:
Como executar uma verificação personalizada com o Malwarebytes:
- Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Verificar Agora:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas estas opções:
Verificar Objetos na Memória
Verificar as Configurações da Inicialização e do Registro
Verificar Arquivos Compactados
Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.
Depois disto clique no botão Iniciar Verificação como mostra a imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Assim que a verificação terminar, caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows onde você clicará nela:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Você notará que ele já mostra uma ação padrão para os itens (que normalmente é a de mover para a quarentena).
Para remover as infecções, deixe a opção Quarentena no menu Ação selecionada em todos os itens e clique no botão Aplicar Ações, como mostra esta imagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, clique em Sim (ou Yes) como mostra esta imagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Depois disto é só postar o novo log de verificação que o Malwarebytes irá criar em sua próxima resposta.
Como executar uma verificação personalizada com o Malwarebytes:
- Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Verificar Agora:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas estas opções:
Verificar Objetos na Memória
Verificar as Configurações da Inicialização e do Registro
Verificar Arquivos Compactados
Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.
Depois disto clique no botão Iniciar Verificação como mostra a imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Assim que a verificação terminar, caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows onde você clicará nela:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Você notará que ele já mostra uma ação padrão para os itens (que normalmente é a de mover para a quarentena).
Para remover as infecções, deixe a opção Quarentena no menu Ação selecionada em todos os itens e clique no botão Aplicar Ações, como mostra esta imagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, clique em Sim (ou Yes) como mostra esta imagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Depois disto é só postar o novo log de verificação que o Malwarebytes irá criar em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Qua 11 Jun 2014, 20:01
Eu segui o tutorial sim e demoro pa caramba, mas estou repetindo a verificação.
No avast esse aparece direto
C:\\Windows\System32\svchost.exe
ou esse
C:\\Windows\System32\svchose.exe
E esses aparecem qndo abro qlquer pgina na net
C:\\Program Files(x86)\...\chrome.exe
C:\\Program Files(x86)\...\iexplore.exe
No avast esse aparece direto
C:\\Windows\System32\svchost.exe
ou esse
C:\\Windows\System32\svchose.exe
E esses aparecem qndo abro qlquer pgina na net
C:\\Program Files(x86)\...\chrome.exe
C:\\Program Files(x86)\...\iexplore.exe
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Re: CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Qui 12 Jun 2014, 19:40
Boa noite Power Max, acho q agora os scans deram certo, mas o avast continua apitando virus, o q vc acha d eu desinstalar o avast. Vc acha q com Malwarebytes Anti-Malware e Anti Spyware Free Anti Malware no meu pc, estou protegido?
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Update, 12/06/2014 02:25:12, SYSTEM, USUARIO-PC, Scheduler, Malware Database, 2014.6.12.3, 2014.6.12.4,
Protection, 12/06/2014 02:25:14, SYSTEM, USUARIO-PC, Protection, Refresh, Starting,
Protection, 12/06/2014 02:25:14, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 12/06/2014 02:25:14, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 12/06/2014 02:26:17, SYSTEM, USUARIO-PC, Protection, Refresh, Success,
Protection, 12/06/2014 02:26:17, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/06/2014 02:26:18, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Started,
Update, 12/06/2014 08:04:35, SYSTEM, USUARIO-PC, Scheduler, Malware Database, 2014.6.12.4, 2014.6.12.5,
Protection, 12/06/2014 08:04:37, SYSTEM, USUARIO-PC, Protection, Refresh, Starting,
Protection, 12/06/2014 08:04:37, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 12/06/2014 08:04:37, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 12/06/2014 08:05:13, SYSTEM, USUARIO-PC, Protection, Refresh, Success,
Protection, 12/06/2014 08:05:13, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/06/2014 08:05:13, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Started,
Update, 12/06/2014 11:03:26, SYSTEM, USUARIO-PC, Scheduler, Malware Database, 2014.6.12.5, 2014.6.12.6,
Protection, 12/06/2014 11:03:49, SYSTEM, USUARIO-PC, Protection, Refresh, Starting,
Protection, 12/06/2014 11:03:49, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 12/06/2014 11:03:50, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 12/06/2014 11:04:22, SYSTEM, USUARIO-PC, Protection, Refresh, Success,
Protection, 12/06/2014 11:04:22, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/06/2014 11:04:23, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Started,
Protection, 12/06/2014 19:26:50, SYSTEM, USUARIO-PC, Protection, Malware Protection, Starting,
Protection, 12/06/2014 19:26:50, SYSTEM, USUARIO-PC, Protection, Malware Protection, Started,
Protection, 12/06/2014 19:26:50, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/06/2014 19:27:05, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Started,
(end)
-------------------------------------------------------------------------------------------------------------------------------
SUPERAntiSpyware Scan Log
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Generated 06/12/2014 at 12:21 PM
Application Version : 5.7.1026
Core Rules Database Version : 11300
Trace Rules Database Version: 9112
Scan type : Complete Scan
Total Scan Time : 10:21:26
Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 602
Memory threats detected : 0
Registry items scanned : 86313
Registry threats detected : 0
File items scanned : 1351880
File threats detected : 59
Adware.Tracking Cookie
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\CRXGN8OW.txt [ /fastclick.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\Q3Q3FPFS.txt [ /track.adform.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\HGI010T7.txt [ /burstnet.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\2MXZDPVO.txt [ /smartadserver.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\K6CPY0O1.txt [ /tradedoubler.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\6N25F6VJ.txt [ /adtechus.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\MIVTXYDM.txt [ /questionmarket.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\983QOA83.txt [ /ads1.solocpm.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\5X8M7RUJ.txt [ /revsci.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\YVHX224N.txt [ /ads.yahoo.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\1HUBFLUH.txt [ /tribalfusion.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\QEH81MD1.txt [ /casalemedia.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\1M8WW943.txt [ /pcladvert.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\EURV7Y4M.txt [ /ads.pubmatic.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\423T16QT.txt [ /mediaplex.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\N81Q1XBM.txt [ /advertising.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\DQXNITET.txt [ /ru4.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\XHYMVGA6.txt [ /imrworldwide.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\LGCKV7XR.txt [ /realmediadigital.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\RN3520GM.txt [ /ads.creative-serving.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\M6NKWNU0.txt [ /tacoda.at.atwola.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\KY4CWXA9.txt [ /interclick.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\0W11VP9Z.txt [ /script6.bannerairport.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\DW1D8P04.txt [ /c1.adform.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\6KGCQ6PM.txt [ /survey.g.doubleclick.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\KJ30DV1B.txt [ /at.atwola.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\W2GH1WXS.txt [ /doubleclick.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\XJZ7ATAG.txt [ /adserv.psafe.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\DC50JQLL.txt [ /ad.360yield.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\S4JHCDTF.txt [ /www.burstnet.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\M31LWGCE.txt [ /atdmt.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\460LYXCK.txt [ /bs.serving-sys.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\HEDQE08W.txt [ /serving-sys.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\362FE2YO.txt [ /adform.net ]
C:\USERS\USUARIO\Cookies\CRXGN8OW.txt [ Cookie:usuario@fastclick.net/ ]
C:\USERS\USUARIO\Cookies\Q3Q3FPFS.txt [ Cookie:usuario@track.adform.net/ ]
C:\USERS\USUARIO\Cookies\K6CPY0O1.txt [ Cookie:usuario@tradedoubler.com/ ]
C:\USERS\USUARIO\Cookies\MIVTXYDM.txt [ Cookie:usuario@questionmarket.com/ ]
C:\USERS\USUARIO\Cookies\983QOA83.txt [ Cookie:usuario@ads1.solocpm.com/ ]
C:\USERS\USUARIO\Cookies\5X8M7RUJ.txt [ Cookie:usuario@revsci.net/ ]
C:\USERS\USUARIO\Cookies\1HUBFLUH.txt [ Cookie:usuario@tribalfusion.com/ ]
C:\USERS\USUARIO\Cookies\N81Q1XBM.txt [ Cookie:usuario@advertising.com/ ]
C:\USERS\USUARIO\Cookies\DQXNITET.txt [ Cookie:usuario@ru4.com/ ]
C:\USERS\USUARIO\Cookies\XHYMVGA6.txt [ Cookie:usuario@imrworldwide.com/ ]
C:\USERS\USUARIO\Cookies\LGCKV7XR.txt [ Cookie:usuario@realmediadigital.com/ ]
C:\USERS\USUARIO\Cookies\KY4CWXA9.txt [ Cookie:usuario@interclick.com/ ]
C:\USERS\USUARIO\Cookies\0W11VP9Z.txt [ Cookie:usuario@script6.bannerairport.com/ ]
C:\USERS\USUARIO\Cookies\DW1D8P04.txt [ Cookie:usuario@c1.adform.net/ ]
C:\USERS\USUARIO\Cookies\6KGCQ6PM.txt [ Cookie:usuario@survey.g.doubleclick.net/ ]
C:\USERS\USUARIO\Cookies\KJ30DV1B.txt [ Cookie:usuario@at.atwola.com/ ]
C:\USERS\USUARIO\Cookies\W2GH1WXS.txt [ Cookie:usuario@doubleclick.net/ ]
C:\USERS\USUARIO\Cookies\XJZ7ATAG.txt [ Cookie:usuario@adserv.psafe.com/ ]
C:\USERS\USUARIO\Cookies\S4JHCDTF.txt [ Cookie:usuario@[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ]
C:\USERS\USUARIO\Cookies\M31LWGCE.txt [ Cookie:usuario@atdmt.com/ ]
C:\USERS\USUARIO\Cookies\460LYXCK.txt [ Cookie:usuario@bs.serving-sys.com/ ]
C:\USERS\USUARIO\Cookies\362FE2YO.txt [ Cookie:usuario@adform.net/ ]
.yadro.ru [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Trojan.Agent/Gen-StartPage
ZIP ARCHIVE( C:\ZOEK\IN\RECYCLE.BIN\S-1-5-21-3148761829-2675718000-1710086865-1000\$RW3IIPV.ZIP )/FLASHPLAY10.30.45.CPL
C:\ZOEK\IN\RECYCLE.BIN\S-1-5-21-3148761829-2675718000-1710086865-1000\$RW3IIPV.ZIP
Brigadão e fico no aguardo.
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Update, 12/06/2014 02:25:12, SYSTEM, USUARIO-PC, Scheduler, Malware Database, 2014.6.12.3, 2014.6.12.4,
Protection, 12/06/2014 02:25:14, SYSTEM, USUARIO-PC, Protection, Refresh, Starting,
Protection, 12/06/2014 02:25:14, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 12/06/2014 02:25:14, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 12/06/2014 02:26:17, SYSTEM, USUARIO-PC, Protection, Refresh, Success,
Protection, 12/06/2014 02:26:17, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/06/2014 02:26:18, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Started,
Update, 12/06/2014 08:04:35, SYSTEM, USUARIO-PC, Scheduler, Malware Database, 2014.6.12.4, 2014.6.12.5,
Protection, 12/06/2014 08:04:37, SYSTEM, USUARIO-PC, Protection, Refresh, Starting,
Protection, 12/06/2014 08:04:37, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 12/06/2014 08:04:37, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 12/06/2014 08:05:13, SYSTEM, USUARIO-PC, Protection, Refresh, Success,
Protection, 12/06/2014 08:05:13, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/06/2014 08:05:13, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Started,
Update, 12/06/2014 11:03:26, SYSTEM, USUARIO-PC, Scheduler, Malware Database, 2014.6.12.5, 2014.6.12.6,
Protection, 12/06/2014 11:03:49, SYSTEM, USUARIO-PC, Protection, Refresh, Starting,
Protection, 12/06/2014 11:03:49, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 12/06/2014 11:03:50, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 12/06/2014 11:04:22, SYSTEM, USUARIO-PC, Protection, Refresh, Success,
Protection, 12/06/2014 11:04:22, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/06/2014 11:04:23, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Started,
Protection, 12/06/2014 19:26:50, SYSTEM, USUARIO-PC, Protection, Malware Protection, Starting,
Protection, 12/06/2014 19:26:50, SYSTEM, USUARIO-PC, Protection, Malware Protection, Started,
Protection, 12/06/2014 19:26:50, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Starting,
Protection, 12/06/2014 19:27:05, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Started,
(end)
-------------------------------------------------------------------------------------------------------------------------------
SUPERAntiSpyware Scan Log
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Generated 06/12/2014 at 12:21 PM
Application Version : 5.7.1026
Core Rules Database Version : 11300
Trace Rules Database Version: 9112
Scan type : Complete Scan
Total Scan Time : 10:21:26
Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 602
Memory threats detected : 0
Registry items scanned : 86313
Registry threats detected : 0
File items scanned : 1351880
File threats detected : 59
Adware.Tracking Cookie
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\CRXGN8OW.txt [ /fastclick.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\Q3Q3FPFS.txt [ /track.adform.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\HGI010T7.txt [ /burstnet.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\2MXZDPVO.txt [ /smartadserver.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\K6CPY0O1.txt [ /tradedoubler.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\6N25F6VJ.txt [ /adtechus.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\MIVTXYDM.txt [ /questionmarket.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\983QOA83.txt [ /ads1.solocpm.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\5X8M7RUJ.txt [ /revsci.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\YVHX224N.txt [ /ads.yahoo.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\1HUBFLUH.txt [ /tribalfusion.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\QEH81MD1.txt [ /casalemedia.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\1M8WW943.txt [ /pcladvert.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\EURV7Y4M.txt [ /ads.pubmatic.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\423T16QT.txt [ /mediaplex.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\N81Q1XBM.txt [ /advertising.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\DQXNITET.txt [ /ru4.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\XHYMVGA6.txt [ /imrworldwide.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\LGCKV7XR.txt [ /realmediadigital.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\RN3520GM.txt [ /ads.creative-serving.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\M6NKWNU0.txt [ /tacoda.at.atwola.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\KY4CWXA9.txt [ /interclick.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\0W11VP9Z.txt [ /script6.bannerairport.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\DW1D8P04.txt [ /c1.adform.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\6KGCQ6PM.txt [ /survey.g.doubleclick.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\KJ30DV1B.txt [ /at.atwola.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\W2GH1WXS.txt [ /doubleclick.net ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\XJZ7ATAG.txt [ /adserv.psafe.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\DC50JQLL.txt [ /ad.360yield.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\S4JHCDTF.txt [ /www.burstnet.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\M31LWGCE.txt [ /atdmt.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\460LYXCK.txt [ /bs.serving-sys.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\HEDQE08W.txt [ /serving-sys.com ]
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Cookies\362FE2YO.txt [ /adform.net ]
C:\USERS\USUARIO\Cookies\CRXGN8OW.txt [ Cookie:usuario@fastclick.net/ ]
C:\USERS\USUARIO\Cookies\Q3Q3FPFS.txt [ Cookie:usuario@track.adform.net/ ]
C:\USERS\USUARIO\Cookies\K6CPY0O1.txt [ Cookie:usuario@tradedoubler.com/ ]
C:\USERS\USUARIO\Cookies\MIVTXYDM.txt [ Cookie:usuario@questionmarket.com/ ]
C:\USERS\USUARIO\Cookies\983QOA83.txt [ Cookie:usuario@ads1.solocpm.com/ ]
C:\USERS\USUARIO\Cookies\5X8M7RUJ.txt [ Cookie:usuario@revsci.net/ ]
C:\USERS\USUARIO\Cookies\1HUBFLUH.txt [ Cookie:usuario@tribalfusion.com/ ]
C:\USERS\USUARIO\Cookies\N81Q1XBM.txt [ Cookie:usuario@advertising.com/ ]
C:\USERS\USUARIO\Cookies\DQXNITET.txt [ Cookie:usuario@ru4.com/ ]
C:\USERS\USUARIO\Cookies\XHYMVGA6.txt [ Cookie:usuario@imrworldwide.com/ ]
C:\USERS\USUARIO\Cookies\LGCKV7XR.txt [ Cookie:usuario@realmediadigital.com/ ]
C:\USERS\USUARIO\Cookies\KY4CWXA9.txt [ Cookie:usuario@interclick.com/ ]
C:\USERS\USUARIO\Cookies\0W11VP9Z.txt [ Cookie:usuario@script6.bannerairport.com/ ]
C:\USERS\USUARIO\Cookies\DW1D8P04.txt [ Cookie:usuario@c1.adform.net/ ]
C:\USERS\USUARIO\Cookies\6KGCQ6PM.txt [ Cookie:usuario@survey.g.doubleclick.net/ ]
C:\USERS\USUARIO\Cookies\KJ30DV1B.txt [ Cookie:usuario@at.atwola.com/ ]
C:\USERS\USUARIO\Cookies\W2GH1WXS.txt [ Cookie:usuario@doubleclick.net/ ]
C:\USERS\USUARIO\Cookies\XJZ7ATAG.txt [ Cookie:usuario@adserv.psafe.com/ ]
C:\USERS\USUARIO\Cookies\S4JHCDTF.txt [ Cookie:usuario@[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ]
C:\USERS\USUARIO\Cookies\M31LWGCE.txt [ Cookie:usuario@atdmt.com/ ]
C:\USERS\USUARIO\Cookies\460LYXCK.txt [ Cookie:usuario@bs.serving-sys.com/ ]
C:\USERS\USUARIO\Cookies\362FE2YO.txt [ Cookie:usuario@adform.net/ ]
.yadro.ru [ C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Trojan.Agent/Gen-StartPage
ZIP ARCHIVE( C:\ZOEK\IN\RECYCLE.BIN\S-1-5-21-3148761829-2675718000-1710086865-1000\$RW3IIPV.ZIP )/FLASHPLAY10.30.45.CPL
C:\ZOEK\IN\RECYCLE.BIN\S-1-5-21-3148761829-2675718000-1710086865-1000\$RW3IIPV.ZIP
Brigadão e fico no aguardo.
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Re: CE_UmbrellaCert +1 p/ eliminar
por Power Max Qui 12 Jun 2014, 19:47
Você postou o log de proteção do Malwarebytes, mas o que precisamos é do log de verificação.
Como acessar o Log (relatório) do Malwarebytes:
Para isto abra o Malwarebytes > Clique no botão Histórico > Clique em Logs de Aplicativos > E dê um duplo clique com o botão esquerdo do mouse sobre o Log de Verificação mais atual para abri-lo. Isto é mostrado nesta imagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Na próxima tela que surgirá clique no botão Exportar > e clique na opção Arquivo texto (*.txt):
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Na outra tela que vai aparecer dê um nome para este relatório (como LOG por exemplo) > Clique em Área de Trabalho (para que ele seja salvo no seu Desktop) > Clique em Salvar:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique em OK na próxima mensagem que aparece:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Aí é só postar este log.
Como acessar o Log (relatório) do Malwarebytes:
Para isto abra o Malwarebytes > Clique no botão Histórico > Clique em Logs de Aplicativos > E dê um duplo clique com o botão esquerdo do mouse sobre o Log de Verificação mais atual para abri-lo. Isto é mostrado nesta imagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Na próxima tela que surgirá clique no botão Exportar > e clique na opção Arquivo texto (*.txt):
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Na outra tela que vai aparecer dê um nome para este relatório (como LOG por exemplo) > Clique em Área de Trabalho (para que ele seja salvo no seu Desktop) > Clique em Salvar:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique em OK na próxima mensagem que aparece:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Aí é só postar este log.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_UmbrellaCert +1 p/ eliminar
por Fred Lima Qui 12 Jun 2014, 20:27
Perdão, mas depois q vc me avisou fui olhar o historico e não tinha arquivo de verificação. Vou ter q fazer o scan d novo?
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Fred Lima- Iniciante
- Mensagens : 22
Reputação : 0
Data de inscrição : 09/06/2014
Re: CE_UmbrellaCert +1 p/ eliminar
por Power Max Qui 12 Jun 2014, 20:32
Nesta imagem que você postou está mostrando que há um log de verificação criado na data de ontem. Eu fico te pedindo este log para ter certeza que você fez o procedimento de forma correta, pois o que mais nos aparece aqui no fórum são pessoas que não fazem os procedimentos do jeito certo, e assim os vírus não são removidos.
Mas se você tiver feito a verificação personalizada como te passei e removido os vírus, eles devem estar na quarentena do Malwarebytes, veja se estão lá e me diga por gentileza.
Mas se você tiver feito a verificação personalizada como te passei e removido os vírus, eles devem estar na quarentena do Malwarebytes, veja se estão lá e me diga por gentileza.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Página 1 de 2 • 1, 2
Tópicos semelhantes» Como eliminar o startqone?
» Eliminar Adwares e Malwares
» como eliminar o ce_umbrellacert
» malware-gen
» Eliminar searchult dos navegadores
» Eliminar Adwares e Malwares
» como eliminar o ce_umbrellacert
» malware-gen
» Eliminar searchult dos navegadores
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|