Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 13 usuários online :: 0 registrados, 0 invisíveis e 13 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Movie Mode
3 participantes
Página 1 de 1
Movie Mode
por erickcivetta Qui 10 Jul 2014, 15:16
Não estou conseguindo desinstalar ele.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:08:56, on 10/07/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17028)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ctfmon.exe
E:\documentos\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [VastSvr] C:\Program Files (x86)\LED Soft\LED Manager 2010\VastSvr.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [CyberGhost] "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{63626896-B87D-414C-9F0A-C2F5E7AFC797}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{63626896-B87D-414C-9F0A-C2F5E7AFC797}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: uMGeDm - GenTechnologies Apps, LLC - C:\ProgramData\hOdGfFkcXSC\uMGeDm.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9399 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:08:56, on 10/07/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17028)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ctfmon.exe
E:\documentos\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [VastSvr] C:\Program Files (x86)\LED Soft\LED Manager 2010\VastSvr.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [CyberGhost] "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{63626896-B87D-414C-9F0A-C2F5E7AFC797}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{63626896-B87D-414C-9F0A-C2F5E7AFC797}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: uMGeDm - GenTechnologies Apps, LLC - C:\ProgramData\hOdGfFkcXSC\uMGeDm.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9399 bytes
erickcivetta- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 10/07/2014
Idade : 26 -
Re: Movie Mode
por Power Max Qui 10 Jul 2014, 15:18
Olá.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Movie Mode
por erickcivetta Qui 10 Jul 2014, 15:24
# AdwCleaner v3.215 - Relatório criado 10/07/2014 às 15:21:30
# Atualizado 09/07/2014 por Xplode
# Sistema Operacional : Windows 8 Pro (64 bits)
# Usuário : Laerte - LAERTE-PC
# Executando de : E:\documentos\Downloads\adwcleaner_3.215.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Users\Laerte\AppData\Local\MovieMode
Arquivo Deletada : C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.17028
-\\ Mozilla Firefox v25.0.1 (pt-BR)
[ Arquivo : C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ Arquivo : C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [27941 octets] - [10/07/2014 13:22:42]
AdwCleaner[R1].txt - [1426 octets] - [10/07/2014 13:29:30]
AdwCleaner[R2].txt - [1491 octets] - [10/07/2014 13:36:38]
AdwCleaner[R3].txt - [1551 octets] - [10/07/2014 14:35:07]
AdwCleaner[R4].txt - [1611 octets] - [10/07/2014 14:35:53]
AdwCleaner[R5].txt - [1731 octets] - [10/07/2014 15:20:25]
AdwCleaner[S0].txt - [23117 octets] - [10/07/2014 13:23:57]
AdwCleaner[S1].txt - [1476 octets] - [10/07/2014 13:32:14]
AdwCleaner[S2].txt - [1663 octets] - [10/07/2014 14:47:02]
AdwCleaner[S3].txt - [1643 octets] - [10/07/2014 15:21:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1703 octets] ##########
# Atualizado 09/07/2014 por Xplode
# Sistema Operacional : Windows 8 Pro (64 bits)
# Usuário : Laerte - LAERTE-PC
# Executando de : E:\documentos\Downloads\adwcleaner_3.215.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Users\Laerte\AppData\Local\MovieMode
Arquivo Deletada : C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.17028
-\\ Mozilla Firefox v25.0.1 (pt-BR)
[ Arquivo : C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ Arquivo : C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [27941 octets] - [10/07/2014 13:22:42]
AdwCleaner[R1].txt - [1426 octets] - [10/07/2014 13:29:30]
AdwCleaner[R2].txt - [1491 octets] - [10/07/2014 13:36:38]
AdwCleaner[R3].txt - [1551 octets] - [10/07/2014 14:35:07]
AdwCleaner[R4].txt - [1611 octets] - [10/07/2014 14:35:53]
AdwCleaner[R5].txt - [1731 octets] - [10/07/2014 15:20:25]
AdwCleaner[S0].txt - [23117 octets] - [10/07/2014 13:23:57]
AdwCleaner[S1].txt - [1476 octets] - [10/07/2014 13:32:14]
AdwCleaner[S2].txt - [1663 octets] - [10/07/2014 14:47:02]
AdwCleaner[S3].txt - [1643 octets] - [10/07/2014 15:21:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1703 octets] ##########
erickcivetta- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 10/07/2014
Idade : 26 -
Re: Movie Mode
por Power Max Qui 10 Jul 2014, 15:31
Desative temporariamente seu antivírus para evitar conflitos.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Movie Mode
por erickcivetta Qui 10 Jul 2014, 15:55
Zoek.exe v5.0.0.0 Updated 05-July-2014
Tool run by Laerte on 10/07/2014 at 15:37:39,40.
Microsoft Windows 8 Pro 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: E:\documentos\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
10/07/2014 15:38:31 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-328663290-3358504069-2450093490-1001\Software\Microsoft\Internet Explorer\SearchScopes\{66AFF466-3E56-480E-9D04-FB15B21F12B4} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\prefs.js:
user_pref("browser.search.defaultenginename", "");
Added to C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default
user.js not found
---- Lines search.com modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program
---- Lines extensions.2M7To14Jx removed from prefs.js ----
user_pref("extensions.2M7To14Jx.epoch", "1396880568");
user_pref("extensions.2M7To14Jx.url", "http://installsunny.us/sync2/?q=hfZ9ofq7D7sMCyVUojU9qihTB6lKDzt4oktitNtVh7n0rjnEqda7rdnFrTrEtMFHhd9Fqda9rdgFqds
---- Lines extensions.gia9N removed from prefs.js ----
user_pref("extensions.gia9N.epoch", "1396880568");
user_pref("extensions.gia9N.url", "http://installsunny.us/sync2/?q=hfZ9ofV9CShEAen0pjn8tMqLDe49CNU0nVsMCMlNhd9Fqda9rdgEqdwGqjkMBzqUojw9rdnEqTw9rTw8qGh
---- FireFox user.js and prefs.js backups ----
prefs_072014_1545_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Mozilla Firefox\searchplugins\search_the_web.xml deleted
C:\PROGRA~2\Internet Download Manager deleted
C:\Users\Laerte\AppData\Roaming\Thinstall deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\GreenApp deleted
C:\PROGRA~3\Allmyapps deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Laerte\AppData\Local\Thinstall deleted
C:\Users\Laerte\AppData\Local\avgchrome deleted
C:\Users\Laerte\Searches deleted
C:\windows\SysNative\drivers\{5e1eb58a-cd04-42a5-b710-2b964d2a3d50}Gw64.sys deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\extensions\staged deleted
C:\Users\Laerte\AppData\Roaming\unins000.exe deleted
C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\extensions\firefox@mybuzzsearch.com deleted
"C:\Windows\Installer\71bcb22.msi" deleted
"C:\PROGRA~3\b0ba2ebabc992261\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~3\b0ba2ebabc992261\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.old" deleted
"C:\PROGRA~3\b0ba2ebabc992261\{497C131E-2032-051B-B32A-C69A960FBB13}" deleted
"C:\PROGRA~3\b0ba2ebabc992261\{497C131E-2032-051B-B32A-C69A960FBB13}.old" deleted
"C:\PROGRA~3\b0ba2ebabc992261\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\PROGRA~3\b0ba2ebabc992261" deleted
==== Firefox Extensions Registry ======================
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Laerte\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [05/06/2014 23:23]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default
- BrowseSmart - %ProfilePath%\extensions\firefox@browsesmart.net
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default
D8D46B299C6649600A6BD134CDE7FE67 - C:\Users\Laerte\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
D6AA6A52ABEA37F3602E72ECD610B5FB - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
180DE82A3CFD8EB6734D9457EC762F3D - C:\Users\Laerte\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal
==== Chrome Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Laerte\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[02/01/2014 15:32]
YoutubeAdblocker - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
Best Save - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
YoutubeAdblocker - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
Best Save - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
Best Save - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
YoutubeAdblocker - Laerte\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - Laerte\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - Laerte\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
Downloader - Laerte\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
Google Wallet - Laerte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Laerte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
YoutubeAdblocker - Laerte\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - Laerte\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - Laerte\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
YoutubeAdblocker - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
Best Save - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
YoutubeAdblocker - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
==== Chrome Fix ======================
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_virtual-dj.softonic.com.br_0.localstorage deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_virtual-dj.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Laerte\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Laerte\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Laerte\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=smt_pay_hp_06_hao123_br"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Laerte\Desktop\ConvertXtoDVD 5.lnk - C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe
C:\Users\Laerte\Desktop\CyberGhost 5.lnk - C:\Program Files (x86)\CyberGhost 5\CyberGhost.exe
C:\Users\Laerte\Desktop\DVD Shrink 3.2.lnk - C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe
C:\Users\Laerte\Desktop\DVDFab 8 Qt.lnk - C:\Program Files (x86)\DVDFab 8 Qt\DVDFab.exe
C:\Users\Laerte\Desktop\fsx - Atalho.lnk - C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe
C:\Users\Laerte\Desktop\Microsoft Office.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
C:\Users\Laerte\Desktop\pc antigo.lnk - E:\pc antigo
C:\Users\Laerte\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Laerte\Desktop\PowerISO.lnk - C:\Program Files (x86)\PowerISO\PowerISO.exe
C:\Users\Laerte\Desktop\VirtualDJ Home FREE.lnk - C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe
C:\Users\UpdatusUser\Desktop\Free FLV to MP4 Converter.lnk - C:\Program Files (x86)\DoremiSoft\Free FLV to MP4 Converter\DoremiSoftFreeware.exe
C:\Users\UpdatusUser\Desktop\Hao123.lnk - C:\Users\Laerte\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Nero 2014.lnk - C:\Windows\Installer\{D5115C78-2D22-4668-A5E2-6C87DED3ED1B}\NeroLauncher.ex_06255901E67449719980557FAA5EC1C6.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fsx.lnk - C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lixeira (17).lnk -
C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lixeira (18).lnk -
C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lixeira (19).lnk -
C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\zoek (1).lnk - E:\documentos\Downloads\zoek (1).exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5\CyberGhost 5.lnk - C:\Program Files\CyberGhost 5\CyberGhost.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5\Uninstall CyberGhost 5.lnk - C:\Program Files (x86)\CyberGhost 5\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Desinstalar hao123.lnk - C:\Users\Laerte\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe -uninstall
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Hao123.lnk - C:\Users\Laerte\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CyberGhost 5.lnk - C:\Program Files\CyberGhost 5\CyberGhost.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ares.lnk - C:\Program Files (x86)\Ares\Ares.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\fsx - Atalho.lnk - C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk - C:\Users\Laerte\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\a268da32-a0e5-4bee-bb5b-94ae0d919a35 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ad9fc6c8-5a92-4d1f-ab30-6c771015ca85 deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31Z96T25 will be deleted at reboot
C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\352F7A6T will be deleted at reboot
C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5Q7V745 will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=251 folders=129 8913253 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Laerte\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Laerte\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31Z96T25" not found
"C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\352F7A6T" not found
"C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5Q7V745" not found
==== EOF on 10/07/2014 at 15:52:12,48 ======================
Tool run by Laerte on 10/07/2014 at 15:37:39,40.
Microsoft Windows 8 Pro 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: E:\documentos\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
10/07/2014 15:38:31 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-328663290-3358504069-2450093490-1001\Software\Microsoft\Internet Explorer\SearchScopes\{66AFF466-3E56-480E-9D04-FB15B21F12B4} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\prefs.js:
user_pref("browser.search.defaultenginename", "");
Added to C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default
user.js not found
---- Lines search.com modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program
---- Lines extensions.2M7To14Jx removed from prefs.js ----
user_pref("extensions.2M7To14Jx.epoch", "1396880568");
user_pref("extensions.2M7To14Jx.url", "http://installsunny.us/sync2/?q=hfZ9ofq7D7sMCyVUojU9qihTB6lKDzt4oktitNtVh7n0rjnEqda7rdnFrTrEtMFHhd9Fqda9rdgFqds
---- Lines extensions.gia9N removed from prefs.js ----
user_pref("extensions.gia9N.epoch", "1396880568");
user_pref("extensions.gia9N.url", "http://installsunny.us/sync2/?q=hfZ9ofV9CShEAen0pjn8tMqLDe49CNU0nVsMCMlNhd9Fqda9rdgEqdwGqjkMBzqUojw9rdnEqTw9rTw8qGh
---- FireFox user.js and prefs.js backups ----
prefs_072014_1545_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Mozilla Firefox\searchplugins\search_the_web.xml deleted
C:\PROGRA~2\Internet Download Manager deleted
C:\Users\Laerte\AppData\Roaming\Thinstall deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\GreenApp deleted
C:\PROGRA~3\Allmyapps deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Laerte\AppData\Local\Thinstall deleted
C:\Users\Laerte\AppData\Local\avgchrome deleted
C:\Users\Laerte\Searches deleted
C:\windows\SysNative\drivers\{5e1eb58a-cd04-42a5-b710-2b964d2a3d50}Gw64.sys deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\extensions\staged deleted
C:\Users\Laerte\AppData\Roaming\unins000.exe deleted
C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\extensions\firefox@mybuzzsearch.com deleted
"C:\Windows\Installer\71bcb22.msi" deleted
"C:\PROGRA~3\b0ba2ebabc992261\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~3\b0ba2ebabc992261\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.old" deleted
"C:\PROGRA~3\b0ba2ebabc992261\{497C131E-2032-051B-B32A-C69A960FBB13}" deleted
"C:\PROGRA~3\b0ba2ebabc992261\{497C131E-2032-051B-B32A-C69A960FBB13}.old" deleted
"C:\PROGRA~3\b0ba2ebabc992261\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\PROGRA~3\b0ba2ebabc992261" deleted
==== Firefox Extensions Registry ======================
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Laerte\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [05/06/2014 23:23]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default
- BrowseSmart - %ProfilePath%\extensions\firefox@browsesmart.net
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default
D8D46B299C6649600A6BD134CDE7FE67 - C:\Users\Laerte\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
D6AA6A52ABEA37F3602E72ECD610B5FB - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
180DE82A3CFD8EB6734D9457EC762F3D - C:\Users\Laerte\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal
==== Chrome Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Laerte\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[02/01/2014 15:32]
YoutubeAdblocker - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
Best Save - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
YoutubeAdblocker - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
Best Save - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
Best Save - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
YoutubeAdblocker - Laerte\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - Laerte\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - Laerte\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
Downloader - Laerte\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
Google Wallet - Laerte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Laerte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
YoutubeAdblocker - Laerte\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - Laerte\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - Laerte\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
YoutubeAdblocker - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
Best Save - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
YoutubeAdblocker - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned
Best Save - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
safeweeB - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck
==== Chrome Fix ======================
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_virtual-dj.softonic.com.br_0.localstorage deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_virtual-dj.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Laerte\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\epnhocolmfalldbnlnklbgndeneaoned deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Laerte\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Laerte\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\Laerte\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ojkjgdgkibmahocpefkmgokcgbfnchck deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=smt_pay_hp_06_hao123_br"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Laerte\Desktop\ConvertXtoDVD 5.lnk - C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe
C:\Users\Laerte\Desktop\CyberGhost 5.lnk - C:\Program Files (x86)\CyberGhost 5\CyberGhost.exe
C:\Users\Laerte\Desktop\DVD Shrink 3.2.lnk - C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe
C:\Users\Laerte\Desktop\DVDFab 8 Qt.lnk - C:\Program Files (x86)\DVDFab 8 Qt\DVDFab.exe
C:\Users\Laerte\Desktop\fsx - Atalho.lnk - C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe
C:\Users\Laerte\Desktop\Microsoft Office.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
C:\Users\Laerte\Desktop\pc antigo.lnk - E:\pc antigo
C:\Users\Laerte\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Laerte\Desktop\PowerISO.lnk - C:\Program Files (x86)\PowerISO\PowerISO.exe
C:\Users\Laerte\Desktop\VirtualDJ Home FREE.lnk - C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe
C:\Users\UpdatusUser\Desktop\Free FLV to MP4 Converter.lnk - C:\Program Files (x86)\DoremiSoft\Free FLV to MP4 Converter\DoremiSoftFreeware.exe
C:\Users\UpdatusUser\Desktop\Hao123.lnk - C:\Users\Laerte\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Nero 2014.lnk - C:\Windows\Installer\{D5115C78-2D22-4668-A5E2-6C87DED3ED1B}\NeroLauncher.ex_06255901E67449719980557FAA5EC1C6.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fsx.lnk - C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lixeira (17).lnk -
C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lixeira (18).lnk -
C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lixeira (19).lnk -
C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\zoek (1).lnk - E:\documentos\Downloads\zoek (1).exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5\CyberGhost 5.lnk - C:\Program Files\CyberGhost 5\CyberGhost.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5\Uninstall CyberGhost 5.lnk - C:\Program Files (x86)\CyberGhost 5\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Desinstalar hao123.lnk - C:\Users\Laerte\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe -uninstall
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Hao123.lnk - C:\Users\Laerte\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CyberGhost 5.lnk - C:\Program Files\CyberGhost 5\CyberGhost.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ares.lnk - C:\Program Files (x86)\Ares\Ares.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\fsx - Atalho.lnk - C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Laerte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk - C:\Users\Laerte\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\a268da32-a0e5-4bee-bb5b-94ae0d919a35 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ad9fc6c8-5a92-4d1f-ab30-6c771015ca85 deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31Z96T25 will be deleted at reboot
C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\352F7A6T will be deleted at reboot
C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5Q7V745 will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=251 folders=129 8913253 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Laerte\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Laerte\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31Z96T25" not found
"C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\352F7A6T" not found
"C:\Users\Laerte\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5Q7V745" not found
==== EOF on 10/07/2014 at 15:52:12,48 ======================
erickcivetta- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 10/07/2014
Idade : 26 -
Re: Movie Mode
por Power Max Qui 10 Jul 2014, 16:23
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Movie Mode
por erickcivetta Qui 10 Jul 2014, 16:33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Pro x64
Ran by Laerte on 10/07/2014 at 16:27:45,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-328663290-3358504069-2450093490-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Laerte\AppData\Roaming\mozilla\firefox\profiles\n42okgg9.default\minidumps [1 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/07/2014 at 16:32:40,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Pro x64
Ran by Laerte on 10/07/2014 at 16:27:45,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-328663290-3358504069-2450093490-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Laerte\AppData\Roaming\mozilla\firefox\profiles\n42okgg9.default\minidumps [1 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/07/2014 at 16:32:40,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
erickcivetta- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 10/07/2014
Idade : 26 -
Re: Movie Mode
por Power Max Qui 10 Jul 2014, 16:37
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Movie Mode
por erickcivetta Qui 10 Jul 2014, 16:57
~ Relatório do ZHPDiag v2014.7.9.103 - Nicolas Coolman (09/07/2014)
~ Iniciado por Laerte (10/07/2014 16:52:41)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.17028 (Defaut)
MFIE: Mozilla Firefox 25.0.1
GCIE: Google Chrome v35.0.1916.153
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Pro, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2008
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
CCleaner v4.08
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 25
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4060 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 88 GB (60%) free of 146 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LAERTE-PC
~ User Name: Laerte
~ All Users Names: UpdatusUser, Laerte, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Laerte\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Laerte\AppData\Roaming\
~ %Desktop% : C:\Users\Laerte\Desktop\
~ %Favorites% : C:\Users\Laerte\Favorites\
~ %LocalAppData% : C:\Users\Laerte\AppData\Local\
~ %StartMenu% : C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 88 Go of 146 Go)
D: Floppy drive, Flash card reader, USB Key (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 684 Go of 785 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.27E552632E6394DE0FA555EFDBA29A49] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 23:12:11.) -- C:\Windows\System32\wininet.dll [2239488]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.29/05/2014 - 19:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.3865C4E388B31940C8BB9F73D9738E93] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.08/02/2014 - 01:34:16.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.26/02/2014 - 20:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3317
~ Mes musiques (My Musics) : 1/402
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 1/5787
~ Mon Bureau (My Desktop) : 3/236
~ Menu demarrer (Programs) : 1/56
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.085FCC89B98B037E298EF35E12681AB7] - (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [935936] [PID.4592]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.5012]
[MD5.C93AF0D04D36B847B1AEFA273BF5A3D4] - (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe [337432] [PID.5080]
[MD5.1F0A97900FC718CE617A722BEF8580CD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.5092]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.4172]
[MD5.736F14A085B0CD73291A1C83B5551A7E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8074752] [PID.2112]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.5.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\prefs.js
M2 - MFEP: prefs.js [Laerte - n42okgg9.default\firefox@browsesmart.net] [] BrowseSmart v1.0.0 (..) =>PUP.BrowseSmart
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Laerte\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [CyberGhost] . (.CyberGhost S.R.L. - CyberGhost.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [VastSvr] C:\Program Files (x86)\LED Soft\LED Manager 2010\VastSvr.exe (.not file.)
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] Chave orfã
O4 - HKUS\S-1-5-21-328663290-3358504069-2450093490-1001\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKUS\S-1-5-21-328663290-3358504069-2450093490-1001\..\Run: [CyberGhost] . (.CyberGhost S.R.L. - CyberGhost.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{63626896-B87D-414C-9F0A-C2F5E7AFC797}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4E39E81-D486-4117-9199-1A0B510B5D76}: DhcpNameServer = 189.7.32.33 189.7.32.38 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{63626896-B87D-414C-9F0A-C2F5E7AFC797}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{E4E39E81-D486-4117-9199-1A0B510B5D76}: DhcpNameServer = 189.7.32.33 189.7.32.38 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.32.33 189.7.32.38 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
O23 - Service: uMGeDm (uMGeDm) . (.GenTechnologies Apps, LLC - MovieMode Service.) - C:\ProgramData\hOdGfFkcXSC\uMGeDm.exe =>PUP.MovieMode
~ Services: 11 Legitimates Filtered in 00mn 05s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{D02D8504-0FB8-4EFE-970F-89F135FED2E4}] (...) -- F:\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D0C4AA92-AF69-4F82-B36D-EACA3ECD488E}] (...) -- C:\Users\Laerte\AppData\Local\PriceMeter\uninst.exe (.not file.) [0] =>PUP.PriceMeter
[MD5.00000000000000000000000000000000] [APT] [{ECE34AFA-7D8A-4A20-8B42-E87397D032D1}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (badriver) . (. - .) - C:\Windows\System32\drivers\badriver.sys (.not file.)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
O41 - Driver: ({5e1eb58a-cd04-42a5-b710-2b964d2a3d50}Gw64) . (. - .) - C:\Windows\System32\drivers\{5e1eb58a-cd04-42a5-b710-2b964d2a3d50}Gw64.sys (.not file.)
~ Drivers: 50 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.2.5 - (.Seekar Ltd.) [HKLM][64Bits] -- Ares
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM][64Bits] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: USB all-in-one game controller - (...) [HKLM][64Bits] -- USB all-in-one game controller
O42 - Logiciel: Version 1.0 - (...) [HKLM][64Bits] -- {A901BF63-29AD-49A3-B067-231925E98B62}_is1
~ Logic: 26 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\zhongqing]
~ Key Software: 253 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/10/2013 - 11:04:38 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 18/01/2014 - 18:37:59 - [] ----D C:\Program Files (x86)\USB all-in-one game controller
O43 - CFD: 18/06/2014 - 19:54:02 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 09/07/2014 - 14:10:06 - [] ----D C:\ProgramData\hOdGfFkcXSC
O43 - CFD: 09/10/2013 - 14:35:51 - [] ----D C:\Users\Laerte\AppData\Roaming\Baidu Security
O43 - CFD: 18/05/2014 - 21:39:29 - [] ----D C:\Users\Laerte\AppData\Local\Ares
O43 - CFD: 10/07/2014 - 15:24:18 - [] ----D C:\Users\Laerte\AppData\Local\MovieMode =>PUP.MovieMode
O43 - CFD: 14/01/2014 - 14:30:02 - [0] ----D C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSX BMW 760
O43 - CFD: 01/01/2014 - 15:03:13 - [0] ----D C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LED Soft
~ Program Folder: 150 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.930D8AC59C35684A44921C7851606DC6] - 09/07/2014 - 14:38:44 ---A- . (...) -- C:\Windows\DirectX.log [143771]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/07/2014 - 13:45:23 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 10/07/2014 - 15:37:09 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.ADB1DD8FE414B39BBD6897BB864A966C] - 10/07/2014 - 15:52:12 ---A- . (...) -- C:\zoek-results.log [32132]
O44 - LFC:[MD5.E6FAE57D5CB629B7931D0B1F0566A1D1] - 10/07/2014 - 16:05:26 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [154410]
O44 - LFC:[MD5.68D781412807B45092F6CF1F86FA02E9] - 10/07/2014 - 16:05:26 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [762618]
~ Files: 58 Legitimates Filtered in 00mn 20s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:08/12/2013 - 12:56:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:08/12/2013 - 12:56:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [205320] =>.ALWIL Software
O58 - SDL:27/02/2014 - 23:15:47 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:27/02/2014 - 23:15:56 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:28/02/2013 - 22:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:22/08/2013 - 09:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
~ Drivers: 51 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][20/04/2014] (...) -- C:\Users\Laerte\AppData\Roaming\inst.exe [99384]
[MD5.DE0A1C0C637A5C22456A9A2275200370] [SPRF][27/10/2013] (...) -- C:\Users\Laerte\AppData\Roaming\unins000.dat [17542]
[MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][13/10/2013] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\Laerte\Desktop\FLVMPlayer.exe [4953944] =>PUP.FLVMPlayer
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS =>PUP.BuzzSearch
~ BTK: 33 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 04/10/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/10/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 29/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 08/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 12/06/2014 64624 | (CGVPNCliService) . (.CyberGhost S.R.L.) - C:\Program Files\CyberGhost 5\Service.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 12/09/2013 920864 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 17/09/2013 1364256 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 12/09/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 09/07/2014 2315632 | (uMGeDm) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\hOdGfFkcXSC\uMGeDm.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 05s
---\\ Scâner Aditional (088)
Database Version : 13026 - (09/07/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1
[HKLM\SYSTEM\CurrentControlSet\Services\uMGeDm] =>PUP.MovieMode^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply] =>PUP.DealPly
C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\extensions\firefox@browsesmart.net =>PUP.BrowseSmart^
C:\Users\Laerte\AppData\Local\MovieMode =>PUP.MovieMode^
C:\Users\Laerte\Desktop\FLVMPlayer.exe =>PUP.FLVMPlayer^
~ Additionnel Scan: 277199 Items scanned in 00mn 17s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BrowseSmart
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.PriceMeter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BuzzSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ MSI: 4 link(s) detected in 00mn 00s
~ 672 Legitimates filtered by white list
End of the scan (434 lines in 01mn 32s)(0)
~ Iniciado por Laerte (10/07/2014 16:52:41)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.17028 (Defaut)
MFIE: Mozilla Firefox 25.0.1
GCIE: Google Chrome v35.0.1916.153
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Pro, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2008
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
CCleaner v4.08
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 25
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4060 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 88 GB (60%) free of 146 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LAERTE-PC
~ User Name: Laerte
~ All Users Names: UpdatusUser, Laerte, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Laerte\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Laerte\AppData\Roaming\
~ %Desktop% : C:\Users\Laerte\Desktop\
~ %Favorites% : C:\Users\Laerte\Favorites\
~ %LocalAppData% : C:\Users\Laerte\AppData\Local\
~ %StartMenu% : C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 88 Go of 146 Go)
D: Floppy drive, Flash card reader, USB Key (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 684 Go of 785 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.27E552632E6394DE0FA555EFDBA29A49] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 23:12:11.) -- C:\Windows\System32\wininet.dll [2239488]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.29/05/2014 - 19:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.3865C4E388B31940C8BB9F73D9738E93] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.08/02/2014 - 01:34:16.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.26/02/2014 - 20:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3317
~ Mes musiques (My Musics) : 1/402
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 1/5787
~ Mon Bureau (My Desktop) : 3/236
~ Menu demarrer (Programs) : 1/56
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.085FCC89B98B037E298EF35E12681AB7] - (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [935936] [PID.4592]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.5012]
[MD5.C93AF0D04D36B847B1AEFA273BF5A3D4] - (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe [337432] [PID.5080]
[MD5.1F0A97900FC718CE617A722BEF8580CD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.5092]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.4172]
[MD5.736F14A085B0CD73291A1C83B5551A7E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8074752] [PID.2112]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.5.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\prefs.js
M2 - MFEP: prefs.js [Laerte - n42okgg9.default\firefox@browsesmart.net] [] BrowseSmart v1.0.0 (..) =>PUP.BrowseSmart
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Laerte\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [CyberGhost] . (.CyberGhost S.R.L. - CyberGhost.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [VastSvr] C:\Program Files (x86)\LED Soft\LED Manager 2010\VastSvr.exe (.not file.)
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] Chave orfã
O4 - HKUS\S-1-5-21-328663290-3358504069-2450093490-1001\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKUS\S-1-5-21-328663290-3358504069-2450093490-1001\..\Run: [CyberGhost] . (.CyberGhost S.R.L. - CyberGhost.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{63626896-B87D-414C-9F0A-C2F5E7AFC797}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4E39E81-D486-4117-9199-1A0B510B5D76}: DhcpNameServer = 189.7.32.33 189.7.32.38 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{63626896-B87D-414C-9F0A-C2F5E7AFC797}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{E4E39E81-D486-4117-9199-1A0B510B5D76}: DhcpNameServer = 189.7.32.33 189.7.32.38 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.32.33 189.7.32.38 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
O23 - Service: uMGeDm (uMGeDm) . (.GenTechnologies Apps, LLC - MovieMode Service.) - C:\ProgramData\hOdGfFkcXSC\uMGeDm.exe =>PUP.MovieMode
~ Services: 11 Legitimates Filtered in 00mn 05s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{D02D8504-0FB8-4EFE-970F-89F135FED2E4}] (...) -- F:\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D0C4AA92-AF69-4F82-B36D-EACA3ECD488E}] (...) -- C:\Users\Laerte\AppData\Local\PriceMeter\uninst.exe (.not file.) [0] =>PUP.PriceMeter
[MD5.00000000000000000000000000000000] [APT] [{ECE34AFA-7D8A-4A20-8B42-E87397D032D1}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (badriver) . (. - .) - C:\Windows\System32\drivers\badriver.sys (.not file.)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
O41 - Driver: ({5e1eb58a-cd04-42a5-b710-2b964d2a3d50}Gw64) . (. - .) - C:\Windows\System32\drivers\{5e1eb58a-cd04-42a5-b710-2b964d2a3d50}Gw64.sys (.not file.)
~ Drivers: 50 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.2.5 - (.Seekar Ltd.) [HKLM][64Bits] -- Ares
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM][64Bits] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: USB all-in-one game controller - (...) [HKLM][64Bits] -- USB all-in-one game controller
O42 - Logiciel: Version 1.0 - (...) [HKLM][64Bits] -- {A901BF63-29AD-49A3-B067-231925E98B62}_is1
~ Logic: 26 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\zhongqing]
~ Key Software: 253 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/10/2013 - 11:04:38 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 18/01/2014 - 18:37:59 - [] ----D C:\Program Files (x86)\USB all-in-one game controller
O43 - CFD: 18/06/2014 - 19:54:02 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 09/07/2014 - 14:10:06 - [] ----D C:\ProgramData\hOdGfFkcXSC
O43 - CFD: 09/10/2013 - 14:35:51 - [] ----D C:\Users\Laerte\AppData\Roaming\Baidu Security
O43 - CFD: 18/05/2014 - 21:39:29 - [] ----D C:\Users\Laerte\AppData\Local\Ares
O43 - CFD: 10/07/2014 - 15:24:18 - [] ----D C:\Users\Laerte\AppData\Local\MovieMode =>PUP.MovieMode
O43 - CFD: 14/01/2014 - 14:30:02 - [0] ----D C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSX BMW 760
O43 - CFD: 01/01/2014 - 15:03:13 - [0] ----D C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LED Soft
~ Program Folder: 150 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.930D8AC59C35684A44921C7851606DC6] - 09/07/2014 - 14:38:44 ---A- . (...) -- C:\Windows\DirectX.log [143771]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/07/2014 - 13:45:23 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 10/07/2014 - 15:37:09 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.ADB1DD8FE414B39BBD6897BB864A966C] - 10/07/2014 - 15:52:12 ---A- . (...) -- C:\zoek-results.log [32132]
O44 - LFC:[MD5.E6FAE57D5CB629B7931D0B1F0566A1D1] - 10/07/2014 - 16:05:26 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [154410]
O44 - LFC:[MD5.68D781412807B45092F6CF1F86FA02E9] - 10/07/2014 - 16:05:26 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [762618]
~ Files: 58 Legitimates Filtered in 00mn 20s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:08/12/2013 - 12:56:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:08/12/2013 - 12:56:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [205320] =>.ALWIL Software
O58 - SDL:27/02/2014 - 23:15:47 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:27/02/2014 - 23:15:56 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:28/02/2013 - 22:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:22/08/2013 - 09:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
~ Drivers: 51 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][20/04/2014] (...) -- C:\Users\Laerte\AppData\Roaming\inst.exe [99384]
[MD5.DE0A1C0C637A5C22456A9A2275200370] [SPRF][27/10/2013] (...) -- C:\Users\Laerte\AppData\Roaming\unins000.dat [17542]
[MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][13/10/2013] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\Laerte\Desktop\FLVMPlayer.exe [4953944] =>PUP.FLVMPlayer
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32 =>PUP.BuzzSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS =>PUP.BuzzSearch
~ BTK: 33 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 04/10/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/10/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 29/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 08/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 12/06/2014 64624 | (CGVPNCliService) . (.CyberGhost S.R.L.) - C:\Program Files\CyberGhost 5\Service.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 12/09/2013 920864 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 17/09/2013 1364256 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 12/09/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 09/07/2014 2315632 | (uMGeDm) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\hOdGfFkcXSC\uMGeDm.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 05s
---\\ Scâner Aditional (088)
Database Version : 13026 - (09/07/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1
[HKLM\SYSTEM\CurrentControlSet\Services\uMGeDm] =>PUP.MovieMode^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply] =>PUP.DealPly
C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\extensions\firefox@browsesmart.net =>PUP.BrowseSmart^
C:\Users\Laerte\AppData\Local\MovieMode =>PUP.MovieMode^
C:\Users\Laerte\Desktop\FLVMPlayer.exe =>PUP.FLVMPlayer^
~ Additionnel Scan: 277199 Items scanned in 00mn 17s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BrowseSmart
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.PriceMeter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BuzzSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ MSI: 4 link(s) detected in 00mn 00s
~ 672 Legitimates filtered by white list
End of the scan (434 lines in 01mn 32s)(0)
erickcivetta- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 10/07/2014
Idade : 26 -
Re: Movie Mode
por Power Max Sex 11 Jul 2014, 09:52
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Movie Mode
por erickcivetta Sex 11 Jul 2014, 12:59
Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Laerte at 11/07/2014 12:58:40
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\Laerte\Desktop\FLVMPlayer.exe
========== Chaves do Registo ==========
ELIMINÉ: Service: uMGeDm
ELIMINÉ Driver Key: badriver
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: {5e1eb58a-cd04-42a5-b710-2b964d2a3d50}Gw64
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS
ELIMINÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply
========== Valores do Registo ==========
ELIMINÉ RunValue: SpUninstallDeleteDir
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\programdata\hodgffkcxsc\umgedm.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {D02D8504-0FB8-4EFE-970F-89F135FED2E4}
ELIMINÉ: {D0C4AA92-AF69-4F82-B36D-EACA3ECD488E}
ELIMINÉ: {ECE34AFA-7D8A-4A20-8B42-E87397D032D1}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO emptyclsidscript zhpfix
========== Recapitulativo ==========
1 : Processo memória
14 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
6 : Ficheiros
3 : Tarefa planificada
1 : Restauração Sistema
1 : Outros
End of clean in 00mn 11s
========== Caminho do ficheiro do relatório ==========
C:\Users\Laerte\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/07/2014 12:58:42 [2529]
Fichier d'export Registre :
Run by Laerte at 11/07/2014 12:58:40
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\Laerte\Desktop\FLVMPlayer.exe
========== Chaves do Registo ==========
ELIMINÉ: Service: uMGeDm
ELIMINÉ Driver Key: badriver
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: {5e1eb58a-cd04-42a5-b710-2b964d2a3d50}Gw64
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBuzzSearch_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBuzzSearch_RASMANCS
ELIMINÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply
========== Valores do Registo ==========
ELIMINÉ RunValue: SpUninstallDeleteDir
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\programdata\hodgffkcxsc\umgedm.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {D02D8504-0FB8-4EFE-970F-89F135FED2E4}
ELIMINÉ: {D0C4AA92-AF69-4F82-B36D-EACA3ECD488E}
ELIMINÉ: {ECE34AFA-7D8A-4A20-8B42-E87397D032D1}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO emptyclsidscript zhpfix
========== Recapitulativo ==========
1 : Processo memória
14 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
6 : Ficheiros
3 : Tarefa planificada
1 : Restauração Sistema
1 : Outros
End of clean in 00mn 11s
========== Caminho do ficheiro do relatório ==========
C:\Users\Laerte\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/07/2014 12:58:42 [2529]
erickcivetta- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 10/07/2014
Idade : 26 -
Re: Movie Mode
por Power Max Sex 11 Jul 2014, 13:07
Reinicie o PC para completar a limpeza.
Depois de reiniciar, faça o seguinte:
Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Depois de reiniciar, faça o seguinte:
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Movie Mode
por erickcivetta Sex 11 Jul 2014, 13:32
~ Relatório do ZHPDiag v2014.7.9.103 - Nicolas Coolman (09/07/2014)
~ Iniciado por Laerte (11/07/2014 13:26:49)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.17028 (Defaut)
MFIE: Mozilla Firefox 25.0.1
GCIE: Google Chrome v35.0.1916.153
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Pro, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2008
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
CCleaner v4.08
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 25
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4060 MB (76% free)
System Restore: Activé (Enable)
System drive C: has 88 GB (60%) free of 146 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LAERTE-PC
~ User Name: Laerte
~ All Users Names: UpdatusUser, Laerte, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Laerte\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Laerte\AppData\Roaming\
~ %Desktop% : C:\Users\Laerte\Desktop\
~ %Favorites% : C:\Users\Laerte\Favorites\
~ %LocalAppData% : C:\Users\Laerte\AppData\Local\
~ %StartMenu% : C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 88 Go of 146 Go)
D: Floppy drive, Flash card reader, USB Key (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 684 Go of 785 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.27E552632E6394DE0FA555EFDBA29A49] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 23:12:11.) -- C:\Windows\System32\wininet.dll [2239488]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.29/05/2014 - 19:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.3865C4E388B31940C8BB9F73D9738E93] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.08/02/2014 - 01:34:16.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.26/02/2014 - 20:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3317
~ Mes musiques (My Musics) : 1/402
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 1/5800
~ Mon Bureau (My Desktop) : 3/236
~ Menu demarrer (Programs) : 1/56
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3676]
[MD5.C93AF0D04D36B847B1AEFA273BF5A3D4] - (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe [337432] [PID.1892]
[MD5.1F0A97900FC718CE617A722BEF8580CD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.3124]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.5044]
[MD5.736F14A085B0CD73291A1C83B5551A7E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8074752] [PID.4700]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [lfmhcpmkbdkbgbmkjoiopeeegenkdikp] FVD Downloader v.5.9.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.5.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Laerte\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [CyberGhost] . (.CyberGhost S.R.L. - CyberGhost.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-328663290-3358504069-2450093490-1001\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKUS\S-1-5-21-328663290-3358504069-2450093490-1001\..\Run: [CyberGhost] . (.CyberGhost S.R.L. - CyberGhost.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{63626896-B87D-414C-9F0A-C2F5E7AFC797}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4E39E81-D486-4117-9199-1A0B510B5D76}: DhcpNameServer = 189.7.32.38 189.7.32.33 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{63626896-B87D-414C-9F0A-C2F5E7AFC797}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{E4E39E81-D486-4117-9199-1A0B510B5D76}: DhcpNameServer = 189.7.32.38 189.7.32.33 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.32.38 189.7.32.33 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
~ Services: 10 Legitimates Filtered in 00mn 12s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 01s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.2.5 - (.Seekar Ltd.) [HKLM][64Bits] -- Ares
O42 - Logiciel: USB all-in-one game controller - (...) [HKLM][64Bits] -- USB all-in-one game controller
~ Logic: 26 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\zhongqing]
~ Key Software: 243 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/10/2013 - 11:04:38 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 18/01/2014 - 18:37:59 - [] ----D C:\Program Files (x86)\USB all-in-one game controller
O43 - CFD: 11/07/2014 - 13:18:07 - [] ----D C:\ProgramData\hOdGfFkcXSC
O43 - CFD: 18/05/2014 - 21:39:29 - [] ----D C:\Users\Laerte\AppData\Local\Ares
O43 - CFD: 11/07/2014 - 12:59:21 - [] ----D C:\Users\Laerte\AppData\Local\MovieMode =>PUP.MovieMode
O43 - CFD: 14/01/2014 - 14:30:02 - [0] ----D C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSX BMW 760
O43 - CFD: 01/01/2014 - 15:03:13 - [0] ----D C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LED Soft
~ Program Folder: 148 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.930D8AC59C35684A44921C7851606DC6] - 09/07/2014 - 14:38:44 ---A- . (...) -- C:\Windows\DirectX.log [143771]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/07/2014 - 13:45:23 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 10/07/2014 - 15:37:09 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.ADB1DD8FE414B39BBD6897BB864A966C] - 10/07/2014 - 15:52:12 ---A- . (...) -- C:\zoek-results.log [32132]
O44 - LFC:[MD5.E6FAE57D5CB629B7931D0B1F0566A1D1] - 10/07/2014 - 19:27:40 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [154410]
O44 - LFC:[MD5.68D781412807B45092F6CF1F86FA02E9] - 10/07/2014 - 19:27:40 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [762618]
~ Files: 58 Legitimates Filtered in 00mn 01s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:08/12/2013 - 12:56:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:08/12/2013 - 12:56:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [205320] =>.ALWIL Software
O58 - SDL:27/02/2014 - 23:15:47 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:27/02/2014 - 23:15:56 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:28/02/2013 - 22:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:22/08/2013 - 09:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
~ Drivers: 51 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][20/04/2014] (...) -- C:\Users\Laerte\AppData\Roaming\inst.exe [99384]
[MD5.DE0A1C0C637A5C22456A9A2275200370] [SPRF][27/10/2013] (...) -- C:\Users\Laerte\AppData\Roaming\unins000.dat [17542]
~ Files: 4 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 04/10/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/10/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 29/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 08/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 12/06/2014 64624 | (CGVPNCliService) . (.CyberGhost S.R.L.) - C:\Program Files\CyberGhost 5\Service.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 12/09/2013 920864 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 17/09/2013 1364256 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 12/09/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scâner Aditional (088)
Database Version : 13026 - (09/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0
C:\Users\Laerte\AppData\Local\MovieMode =>PUP.MovieMode^
~ Additionnel Scan: 276562 Items scanned in 00mn 15s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 648 Legitimates filtered by white list
End of the scan (389 lines in 01mn 06s)(0)
~ Iniciado por Laerte (11/07/2014 13:26:49)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.17028 (Defaut)
MFIE: Mozilla Firefox 25.0.1
GCIE: Google Chrome v35.0.1916.153
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Pro, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2008
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
CCleaner v4.08
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 25
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4060 MB (76% free)
System Restore: Activé (Enable)
System drive C: has 88 GB (60%) free of 146 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LAERTE-PC
~ User Name: Laerte
~ All Users Names: UpdatusUser, Laerte, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Laerte\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Laerte\AppData\Roaming\
~ %Desktop% : C:\Users\Laerte\Desktop\
~ %Favorites% : C:\Users\Laerte\Favorites\
~ %LocalAppData% : C:\Users\Laerte\AppData\Local\
~ %StartMenu% : C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 88 Go of 146 Go)
D: Floppy drive, Flash card reader, USB Key (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 684 Go of 785 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.27E552632E6394DE0FA555EFDBA29A49] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 23:12:11.) -- C:\Windows\System32\wininet.dll [2239488]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.FE7FB9612D354EB41DF4F0FF5D6FB259] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.29/05/2014 - 19:24:46.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.3865C4E388B31940C8BB9F73D9738E93] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.08/02/2014 - 01:34:16.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.26/02/2014 - 20:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3317
~ Mes musiques (My Musics) : 1/402
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 1/5800
~ Mon Bureau (My Desktop) : 3/236
~ Menu demarrer (Programs) : 1/56
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3676]
[MD5.C93AF0D04D36B847B1AEFA273BF5A3D4] - (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe [337432] [PID.1892]
[MD5.1F0A97900FC718CE617A722BEF8580CD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.3124]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.5044]
[MD5.736F14A085B0CD73291A1C83B5551A7E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8074752] [PID.4700]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Laerte\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [lfmhcpmkbdkbgbmkjoiopeeegenkdikp] FVD Downloader v.5.9.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.5.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Laerte\AppData\Roaming\Mozilla\Firefox\Profiles\n42okgg9.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Laerte\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [CyberGhost] . (.CyberGhost S.R.L. - CyberGhost.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-328663290-3358504069-2450093490-1001\..\Run: [ares] . (.Seekar Ltd - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKUS\S-1-5-21-328663290-3358504069-2450093490-1001\..\Run: [CyberGhost] . (.CyberGhost S.R.L. - CyberGhost.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{63626896-B87D-414C-9F0A-C2F5E7AFC797}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4E39E81-D486-4117-9199-1A0B510B5D76}: DhcpNameServer = 189.7.32.38 189.7.32.33 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{63626896-B87D-414C-9F0A-C2F5E7AFC797}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 =>.Google DNS Redirections
O17 - HKLM\System\CS1\Services\Tcpip\..\{E4E39E81-D486-4117-9199-1A0B510B5D76}: DhcpNameServer = 189.7.32.38 189.7.32.33 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.32.38 189.7.32.33 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
~ Services: 10 Legitimates Filtered in 00mn 12s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 01s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.2.5 - (.Seekar Ltd.) [HKLM][64Bits] -- Ares
O42 - Logiciel: USB all-in-one game controller - (...) [HKLM][64Bits] -- USB all-in-one game controller
~ Logic: 26 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baixou Agora]
[HKCU\Software\GbAs]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\zhongqing]
~ Key Software: 243 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/10/2013 - 11:04:38 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 18/01/2014 - 18:37:59 - [] ----D C:\Program Files (x86)\USB all-in-one game controller
O43 - CFD: 11/07/2014 - 13:18:07 - [] ----D C:\ProgramData\hOdGfFkcXSC
O43 - CFD: 18/05/2014 - 21:39:29 - [] ----D C:\Users\Laerte\AppData\Local\Ares
O43 - CFD: 11/07/2014 - 12:59:21 - [] ----D C:\Users\Laerte\AppData\Local\MovieMode =>PUP.MovieMode
O43 - CFD: 14/01/2014 - 14:30:02 - [0] ----D C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSX BMW 760
O43 - CFD: 01/01/2014 - 15:03:13 - [0] ----D C:\Users\Laerte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LED Soft
~ Program Folder: 148 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.930D8AC59C35684A44921C7851606DC6] - 09/07/2014 - 14:38:44 ---A- . (...) -- C:\Windows\DirectX.log [143771]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/07/2014 - 13:45:23 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 10/07/2014 - 15:37:09 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.ADB1DD8FE414B39BBD6897BB864A966C] - 10/07/2014 - 15:52:12 ---A- . (...) -- C:\zoek-results.log [32132]
O44 - LFC:[MD5.E6FAE57D5CB629B7931D0B1F0566A1D1] - 10/07/2014 - 19:27:40 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [154410]
O44 - LFC:[MD5.68D781412807B45092F6CF1F86FA02E9] - 10/07/2014 - 19:27:40 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [762618]
~ Files: 58 Legitimates Filtered in 00mn 01s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:08/12/2013 - 12:56:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:08/12/2013 - 12:56:09 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [205320] =>.ALWIL Software
O58 - SDL:27/02/2014 - 23:15:47 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:27/02/2014 - 23:15:56 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:28/02/2013 - 22:49:12 ---A- . (.Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver.) -- C:\Windows\System32\Drivers\npf.sys [36600]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:22/08/2013 - 09:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]
~ Drivers: 51 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][20/04/2014] (...) -- C:\Users\Laerte\AppData\Roaming\inst.exe [99384]
[MD5.DE0A1C0C637A5C22456A9A2275200370] [SPRF][27/10/2013] (...) -- C:\Users\Laerte\AppData\Roaming\unins000.dat [17542]
~ Files: 4 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 04/10/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/10/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 29/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 08/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 12/06/2014 64624 | (CGVPNCliService) . (.CyberGhost S.R.L.) - C:\Program Files\CyberGhost 5\Service.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 12/09/2013 920864 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 17/09/2013 1364256 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 12/09/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scâner Aditional (088)
Database Version : 13026 - (09/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0
C:\Users\Laerte\AppData\Local\MovieMode =>PUP.MovieMode^
~ Additionnel Scan: 276562 Items scanned in 00mn 15s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 648 Legitimates filtered by white list
End of the scan (389 lines in 01mn 06s)(0)
erickcivetta- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 10/07/2014
Idade : 26 -
Re: Movie Mode
por Power Max Sex 11 Jul 2014, 13:55
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Movie Mode
por erickcivetta Sex 11 Jul 2014, 14:50
Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Laerte at 11/07/2014 14:49:36
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO emptyclsidscript zhpfix
NÃO-TRATADO ________________
========== Recapitulativo ==========
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema
2 : Outros
End of clean in 00mn 17s
========== Caminho do ficheiro do relatório ==========
C:\Users\Laerte\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/07/2014 12:58:42 [2610]
C:\Users\Laerte\AppData\Roaming\ZHP\ZHPFix[R2].txt - 11/07/2014 14:49:38 [1127]
Fichier d'export Registre :
Run by Laerte at 11/07/2014 14:49:36
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO emptyclsidscript zhpfix
NÃO-TRATADO ________________
========== Recapitulativo ==========
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema
2 : Outros
End of clean in 00mn 17s
========== Caminho do ficheiro do relatório ==========
C:\Users\Laerte\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/07/2014 12:58:42 [2610]
C:\Users\Laerte\AppData\Roaming\ZHP\ZHPFix[R2].txt - 11/07/2014 14:49:38 [1127]
erickcivetta- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 10/07/2014
Idade : 26 -
Re: Movie Mode
por Power Max Sex 11 Jul 2014, 15:00
Faça o download do Malwarebytes em um destes links abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Ficamos no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Movie Mode
por erickcivetta Sex 11 Jul 2014, 17:54
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data de Verificação: 11/07/2014
Hora da Verificação: 16:02:34
Logfile: log.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado
OS: Windows 8
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Laerte
Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 463077
Tempo Decorrido: 54 min, 13 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 0
(No malicious items detected)
Módulos: 0
(No malicious items detected)
Chaves de Registro: 2
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-4.1, Quarantined, [242507f85b1ff145b30a850ada28758b],
PUP.Optional.BProtector.A, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Quarantined, [1039f00f9fdbef4738ce5d5126dd7f81],
Valores de Registro: 3
PUP.BProtector, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Quarantined, [0e3b57a8304a96a0852301a937ccf30d]
PUP.BProtector, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [f653c53a95e5e254f6b38f1bb350936d]
PUP.Optional.Snapdo, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Infrastructure Helper, C:\Users\UpdatusUser\AppData\Local\Smartbar\Application\SnapDo.exe startup, Quarantined, [0d3c97685b1fbe7889f5742257ab50b0]
Dados do Registro: 6
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[c5843dc20b6f5fd7e55ee6497b897987]
PUP.Optional.Snapdo, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=BR&userid=9253e721-f603-c621-7079-039e6f915382&searchtype=ds&q={searchTerms}&installDate=13/10/2013),Replaced,[f455e11edd9d3afcbcf760cef80c59a7]
PUP.Optional.Snapdo, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=BR&userid=9253e721-f603-c621-7079-039e6f915382&searchtype=hp&installDate=13/10/2013),Replaced,[ce7b51aec8b29a9cb6feb9757490847c]
PUP.Optional.Snapdo, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=BR&userid=9253e721-f603-c621-7079-039e6f915382&searchtype=ds&q={searchTerms}&installDate=13/10/2013),Replaced,[b5942cd31961b3834f63dd51b15311ef]
PUP.Optional.Snapdo, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=BR&userid=9253e721-f603-c621-7079-039e6f915382&searchtype=ds&q={searchTerms}&installDate=13/10/2013),Replaced,[ca7ffe01314959ddcbea34faea1aac54]
PUP.Optional.Snapdo, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=BR&userid=9253e721-f603-c621-7079-039e6f915382&searchtype=ds&q={searchTerms}&installDate=13/10/2013),Replaced,[cb7ea956710989adc2f42fff05ffb848]
Pastas: 0
(No malicious items detected)
Arquivos: 19
PUP.Optional.DomaIQ, C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir, Quarantined, [0049926ddc9ec373977a889c0afa5fa1],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir, Quarantined, [bd8ca25df387e551c5a2d2ab966a4fb1],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\FreeOnlineRadioPlayerRecorder_V1ToolbarHelper.exe.vir, Quarantined, [62e7b649ed8da492907ed3990ef2f40c],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\hk64tbFree.dll.vir, Quarantined, [c980e41bb4c62d0993d3c8b5a060d927],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\hktbFree.dll.vir, Quarantined, [e168a35c7703a2949bcbc6b7c43cd729],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\ldrtbFree.dll.vir, Quarantined, [2920c936384253e371f59fdeaa5650b0],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\prxtbFree.dll.vir, Quarantined, [ad9c7c83dc9eb680b5b1c9b4e61a857b],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\tbFree.dll.vir, Quarantined, [4affdb24bbbff541baace89546bab749],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir, Quarantined, [8fba659a1763c0763eb7593b689916ea],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir, Quarantined, [c584827dbcbedf57e80d187c5ba6b54b],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir, Quarantined, [e4659a65ee8c3501df16a2f2f1108977],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir, Quarantined, [b792b946d0aa0630f302a7ed7b8637c9],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\Local\Conduit\CT3282722\FreeOnlineRadioPlayerRecorder_V1AutoUpdateHelper.exe.vir, Quarantined, [59f0659aa0da3df933db343832ceb749],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\Local\Temp\CT3282722\spff.exe.vir, Quarantined, [fd4ce81780fa3afc225a4d11f011a25e],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\LocalLow\FreeOnlineRadioPlayerRecorder_V1\hk64tbFree.dll.vir, Quarantined, [f455748be3975bdb75f147365da30af6],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\LocalLow\FreeOnlineRadioPlayerRecorder_V1\hktbFree.dll.vir, Quarantined, [1930837c90ea39fdaabc4a3302fee917],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\LocalLow\FreeOnlineRadioPlayerRecorder_V1\ldrtbFree.dll.vir, Quarantined, [83c69d62dc9e300652145c21b8487e82],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\LocalLow\FreeOnlineRadioPlayerRecorder_V1\tbFree.dll.vir, Quarantined, [0d3cad5289f11c1ac0a6e19cc33d8c74],
PUP.Optional.OpenCandy.A, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\Roaming\OpenCandy\9F87D90B974A4FD1B6CB422FDDF7D628\LatestDLMgr.exe.vir, Quarantined, [62e74ab53b3f2a0cd96584dd3cc5cc34],
Physical Sectors: 0
(No malicious items detected)
(end)
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data de Verificação: 11/07/2014
Hora da Verificação: 16:02:34
Logfile: log.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado
OS: Windows 8
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Laerte
Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 463077
Tempo Decorrido: 54 min, 13 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 0
(No malicious items detected)
Módulos: 0
(No malicious items detected)
Chaves de Registro: 2
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-4.1, Quarantined, [242507f85b1ff145b30a850ada28758b],
PUP.Optional.BProtector.A, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Quarantined, [1039f00f9fdbef4738ce5d5126dd7f81],
Valores de Registro: 3
PUP.BProtector, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Quarantined, [0e3b57a8304a96a0852301a937ccf30d]
PUP.BProtector, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [f653c53a95e5e254f6b38f1bb350936d]
PUP.Optional.Snapdo, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Infrastructure Helper, C:\Users\UpdatusUser\AppData\Local\Smartbar\Application\SnapDo.exe startup, Quarantined, [0d3c97685b1fbe7889f5742257ab50b0]
Dados do Registro: 6
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[c5843dc20b6f5fd7e55ee6497b897987]
PUP.Optional.Snapdo, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=BR&userid=9253e721-f603-c621-7079-039e6f915382&searchtype=ds&q={searchTerms}&installDate=13/10/2013),Replaced,[f455e11edd9d3afcbcf760cef80c59a7]
PUP.Optional.Snapdo, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=BR&userid=9253e721-f603-c621-7079-039e6f915382&searchtype=hp&installDate=13/10/2013),Replaced,[ce7b51aec8b29a9cb6feb9757490847c]
PUP.Optional.Snapdo, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=BR&userid=9253e721-f603-c621-7079-039e6f915382&searchtype=ds&q={searchTerms}&installDate=13/10/2013),Replaced,[b5942cd31961b3834f63dd51b15311ef]
PUP.Optional.Snapdo, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=BR&userid=9253e721-f603-c621-7079-039e6f915382&searchtype=ds&q={searchTerms}&installDate=13/10/2013),Replaced,[ca7ffe01314959ddcbea34faea1aac54]
PUP.Optional.Snapdo, HKU\S-1-5-21-328663290-3358504069-2450093490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (http://www.google.com), Bad: (http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=BR&userid=9253e721-f603-c621-7079-039e6f915382&searchtype=ds&q={searchTerms}&installDate=13/10/2013),Replaced,[cb7ea956710989adc2f42fff05ffb848]
Pastas: 0
(No malicious items detected)
Arquivos: 19
PUP.Optional.DomaIQ, C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir, Quarantined, [0049926ddc9ec373977a889c0afa5fa1],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir, Quarantined, [bd8ca25df387e551c5a2d2ab966a4fb1],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\FreeOnlineRadioPlayerRecorder_V1ToolbarHelper.exe.vir, Quarantined, [62e7b649ed8da492907ed3990ef2f40c],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\hk64tbFree.dll.vir, Quarantined, [c980e41bb4c62d0993d3c8b5a060d927],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\hktbFree.dll.vir, Quarantined, [e168a35c7703a2949bcbc6b7c43cd729],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\ldrtbFree.dll.vir, Quarantined, [2920c936384253e371f59fdeaa5650b0],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\prxtbFree.dll.vir, Quarantined, [ad9c7c83dc9eb680b5b1c9b4e61a857b],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\tbFree.dll.vir, Quarantined, [4affdb24bbbff541baace89546bab749],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir, Quarantined, [8fba659a1763c0763eb7593b689916ea],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir, Quarantined, [c584827dbcbedf57e80d187c5ba6b54b],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir, Quarantined, [e4659a65ee8c3501df16a2f2f1108977],
PUP.Optional.MySearchDial.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir, Quarantined, [b792b946d0aa0630f302a7ed7b8637c9],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\Local\Conduit\CT3282722\FreeOnlineRadioPlayerRecorder_V1AutoUpdateHelper.exe.vir, Quarantined, [59f0659aa0da3df933db343832ceb749],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\Local\Temp\CT3282722\spff.exe.vir, Quarantined, [fd4ce81780fa3afc225a4d11f011a25e],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\LocalLow\FreeOnlineRadioPlayerRecorder_V1\hk64tbFree.dll.vir, Quarantined, [f455748be3975bdb75f147365da30af6],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\LocalLow\FreeOnlineRadioPlayerRecorder_V1\hktbFree.dll.vir, Quarantined, [1930837c90ea39fdaabc4a3302fee917],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\LocalLow\FreeOnlineRadioPlayerRecorder_V1\ldrtbFree.dll.vir, Quarantined, [83c69d62dc9e300652145c21b8487e82],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\LocalLow\FreeOnlineRadioPlayerRecorder_V1\tbFree.dll.vir, Quarantined, [0d3cad5289f11c1ac0a6e19cc33d8c74],
PUP.Optional.OpenCandy.A, C:\AdwCleaner\Quarantine\C\Users\Laerte\AppData\Roaming\OpenCandy\9F87D90B974A4FD1B6CB422FDDF7D628\LatestDLMgr.exe.vir, Quarantined, [62e74ab53b3f2a0cd96584dd3cc5cc34],
Physical Sectors: 0
(No malicious items detected)
(end)
erickcivetta- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 10/07/2014
Idade : 26 -
Re: Movie Mode
por Power Max Sáb 12 Jul 2014, 10:42
Como está seu computador depois destes procedimentos?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Movie Mode
por erickcivetta Sáb 12 Jul 2014, 13:16
O Movie Mode saiu, e o PC esta mais rapido, muito obrigado pela ajuda!
erickcivetta- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 10/07/2014
Idade : 26 -
Re: Movie Mode
por Power Max Sáb 12 Jul 2014, 13:18
Fico feliz que o problema tenha sido resolvido. Só para finalizar siga estes tutoriais abaixo, por gentileza:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]._______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Movie Mode
por Danii Sáb 12 Jul 2014, 14:48
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos