Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 20 usuários online :: 0 registrados, 0 invisíveis e 20 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Preciso remover Movie Mode do Chrome
2 participantes
Página 1 de 1
Preciso remover Movie Mode do Chrome
por Lucas Fagundes Ter 29 Jul 2014, 15:35
Estão aparecendo propagandas geradas por este Movie Mode nas páginas da web.
A princípio eu não estava conseguindo desinstalar ele no Programa e Recursos (Painel de Controle), mas agora com o auxilio do AdwCleaner ele foi retirado da lista de programas, porém continua gerando propagandas nas páginas da web. Já usei outros dois programas similares ao AdwCleaner, mas não consigo resolver.
Cheguei nesse fórum através da resposta de um usuário do Yahoo!Respostas.
A princípio eu não estava conseguindo desinstalar ele no Programa e Recursos (Painel de Controle), mas agora com o auxilio do AdwCleaner ele foi retirado da lista de programas, porém continua gerando propagandas nas páginas da web. Já usei outros dois programas similares ao AdwCleaner, mas não consigo resolver.
Cheguei nesse fórum através da resposta de um usuário do Yahoo!Respostas.
Lucas Fagundes- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 29/07/2014
Re: Preciso remover Movie Mode do Chrome
por Power Max Ter 29 Jul 2014, 15:38
Olá Lucas.
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que está em C:\AdwCleaner\AdwCleaner[S0].txt para que possamos analisar. Poste também os relatórios dos outros programas que você usou (caso eles estejam disponíveis).
Ficamos na espera.
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que está em C:\AdwCleaner\AdwCleaner[S0].txt para que possamos analisar. Poste também os relatórios dos outros programas que você usou (caso eles estejam disponíveis).
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Preciso remover Movie Mode do Chrome
por Lucas Fagundes Ter 29 Jul 2014, 15:48
# AdwCleaner v3.301 - Relatório criado 29/07/2014 às 14:33:58
# Atualizado 28/07/2014 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : positivo - POSITIVO-PC
# Executando de : C:\Users\positivo\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : IePluginServices
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\MovieMode
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\ProgramData\MovieMode
Pasta Deletada : C:\ProgramData\NCH Software
Pasta Deletada : C:\ProgramData\QuickSet
Pasta Deletada : C:\ProgramData\WindowsMangerProtect
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Pasta Deletada : C:\Program Files\baidu
Pasta Deletada : C:\Program Files\Desk 365
Pasta Deletada : C:\Program Files\DomaIQ Uninstaller
Pasta Deletada : C:\Program Files\GS Supporter
Pasta Deletada : C:\Program Files\NCH Software
Pasta Deletada : C:\Program Files\WinZipper
Pasta Deletada : C:\Users\Administrador\AppData\Local\torch
Pasta Deletada : C:\Users\Convidado\AppData\Local\torch
Pasta Deletada : C:\Users\positivo\AppData\Local\lollipop
Pasta Deletada : C:\Users\positivo\AppData\Local\MovieMode
Pasta Deletada : C:\Users\positivo\AppData\Local\torch
Pasta Deletada : C:\Users\positivo\AppData\Local\Temp\baidu
Pasta Deletada : C:\Users\positivo\AppData\Roaming\337
Pasta Deletada : C:\Users\positivo\AppData\Roaming\baidu
Pasta Deletada : C:\Users\positivo\AppData\Roaming\Desk 365
Pasta Deletada : C:\Users\positivo\AppData\Roaming\eIntaller
Pasta Deletada : C:\Users\positivo\AppData\Roaming\NCH Software
Pasta Deletada : C:\Users\positivo\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\positivo\AppData\Roaming\UpdaterEX
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Tarefas ] *****
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\positivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Deletedo : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{5dee0f7c}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\SmartBar
Chave Deletedo : HKCU\Software\SupHpUISoft
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\DynConIE
Chave Deletedo : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\FlvPlayer
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\omiga-plusSoftware
Chave Deletedo : HKLM\Software\omigaplusSvc
Chave Deletedo : HKLM\Software\qvo6Software
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWindowsMangerProtect
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\V9
Chave Deletedo : HKLM\Software\winzipersvc
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17207
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Google Chrome v36.0.1985.125
[ Arquivo : C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [9066 octets] - [29/07/2014 14:13:40]
AdwCleaner[S0].txt - [7399 octets] - [29/07/2014 14:33:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7459 octets] ##########
# Atualizado 28/07/2014 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : positivo - POSITIVO-PC
# Executando de : C:\Users\positivo\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : IePluginServices
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\MovieMode
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\ProgramData\MovieMode
Pasta Deletada : C:\ProgramData\NCH Software
Pasta Deletada : C:\ProgramData\QuickSet
Pasta Deletada : C:\ProgramData\WindowsMangerProtect
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Pasta Deletada : C:\Program Files\baidu
Pasta Deletada : C:\Program Files\Desk 365
Pasta Deletada : C:\Program Files\DomaIQ Uninstaller
Pasta Deletada : C:\Program Files\GS Supporter
Pasta Deletada : C:\Program Files\NCH Software
Pasta Deletada : C:\Program Files\WinZipper
Pasta Deletada : C:\Users\Administrador\AppData\Local\torch
Pasta Deletada : C:\Users\Convidado\AppData\Local\torch
Pasta Deletada : C:\Users\positivo\AppData\Local\lollipop
Pasta Deletada : C:\Users\positivo\AppData\Local\MovieMode
Pasta Deletada : C:\Users\positivo\AppData\Local\torch
Pasta Deletada : C:\Users\positivo\AppData\Local\Temp\baidu
Pasta Deletada : C:\Users\positivo\AppData\Roaming\337
Pasta Deletada : C:\Users\positivo\AppData\Roaming\baidu
Pasta Deletada : C:\Users\positivo\AppData\Roaming\Desk 365
Pasta Deletada : C:\Users\positivo\AppData\Roaming\eIntaller
Pasta Deletada : C:\Users\positivo\AppData\Roaming\NCH Software
Pasta Deletada : C:\Users\positivo\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\positivo\AppData\Roaming\UpdaterEX
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Tarefas ] *****
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\positivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Deletedo : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{5dee0f7c}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\SmartBar
Chave Deletedo : HKCU\Software\SupHpUISoft
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\DynConIE
Chave Deletedo : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\FlvPlayer
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\omiga-plusSoftware
Chave Deletedo : HKLM\Software\omigaplusSvc
Chave Deletedo : HKLM\Software\qvo6Software
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWindowsMangerProtect
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\V9
Chave Deletedo : HKLM\Software\winzipersvc
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17207
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Google Chrome v36.0.1985.125
[ Arquivo : C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [9066 octets] - [29/07/2014 14:13:40]
AdwCleaner[S0].txt - [7399 octets] - [29/07/2014 14:33:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7459 octets] ##########
Lucas Fagundes- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 29/07/2014
(RESOLVIDO) Preciso remover Movie Mode do Chrome
por Lucas Fagundes Ter 29 Jul 2014, 15:49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by positivo on 29/07/2014 at 14:54:40,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\vafplayer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstaller
~~~ Files
Successfully deleted: [File] "C:\Windows\System32\Tasks\desk 365 runasstduser"
Successfully deleted: [File] C:\Windows\system32\sho1D45.tmp
Successfully deleted: [File] C:\Windows\system32\sho2C57.tmp
Successfully deleted: [File] C:\Windows\system32\sho63E4.tmp
Successfully deleted: [File] C:\Windows\system32\sho695E.tmp
Successfully deleted: [File] C:\Windows\system32\sho6EAD.tmp
Successfully deleted: [File] C:\Windows\system32\sho6FD6.tmp
Successfully deleted: [File] C:\Windows\system32\sho707.tmp
Successfully deleted: [File] C:\Windows\system32\shoBBB3.tmp
Successfully deleted: [File] C:\Windows\system32\shoDF4B.tmp
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/07/2014 at 14:59:01,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by positivo on 29/07/2014 at 14:54:40,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\vafplayer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstaller
~~~ Files
Successfully deleted: [File] "C:\Windows\System32\Tasks\desk 365 runasstduser"
Successfully deleted: [File] C:\Windows\system32\sho1D45.tmp
Successfully deleted: [File] C:\Windows\system32\sho2C57.tmp
Successfully deleted: [File] C:\Windows\system32\sho63E4.tmp
Successfully deleted: [File] C:\Windows\system32\sho695E.tmp
Successfully deleted: [File] C:\Windows\system32\sho6EAD.tmp
Successfully deleted: [File] C:\Windows\system32\sho6FD6.tmp
Successfully deleted: [File] C:\Windows\system32\sho707.tmp
Successfully deleted: [File] C:\Windows\system32\shoBBB3.tmp
Successfully deleted: [File] C:\Windows\system32\shoDF4B.tmp
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/07/2014 at 14:59:01,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lucas Fagundes- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 29/07/2014
Re: Preciso remover Movie Mode do Chrome
por Power Max Ter 29 Jul 2014, 15:50
Além destes dois você executou mais algum?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Preciso remover Movie Mode do Chrome
por Lucas Fagundes Ter 29 Jul 2014, 15:59
Eu pensei que havia usado um outro, mas não lembro o nome e não acho nenhuma pasta ou ícone aqui no computador. No momento estou tentando usar o ZHPDiag, mas não estou conseguindo.
Lucas Fagundes- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 29/07/2014
Re: Preciso remover Movie Mode do Chrome
por Power Max Ter 29 Jul 2014, 16:00
Desative temporariamente seu antivírus para evitar conflitos.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Preciso remover Movie Mode do Chrome
por Lucas Fagundes Ter 29 Jul 2014, 16:29
Zoek.exe v5.0.0.0 Updated 28-07-2014
Tool run by positivo on 29/07/2014 at 16:09:01,67.
Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\positivo\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
29/07/2014 16:09:56 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\InstallMate deleted
C:\Users\positivo\Searches deleted
C:\Windows\E2010.tmp deleted
C:\Windows\OSD10.tmp deleted
C:\Windows\system32\tasks\UpdaterEX deleted
C:\Windows\tasks\UpdaterEX.job deleted
C:\Windows\system32\tasks\Omiga Plus RunAsStdUser deleted
"C:\PROGRA~2\e5a6d1d216aaf119\{CA41BB14-E67B-1653-C57B-5CA99418A866}" deleted
"C:\PROGRA~2\e5a6d1d216aaf119" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"support@vdownloader.com"="C:\Program Files\VDownloader\Addons\FireFox" [19/07/2013 22:19]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eoccbpoodnckjdnackiffhjfkogfhnhh - C:\Program Files\VDownloader\Addons\Chrome.crx[16/06/2012 09:09]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[30/04/2014 21:59]
greattsaver - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
greattsaver - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
greattsaver - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
greattsaver - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
greattsaver - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
greattsaver - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
greattsaver - positivo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
YouTube - positivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - positivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
White Minimalism - positivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmngdobapmnebgjfmdilabeclgnjiga
Google Wallet - positivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - positivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
greattsaver - positivo\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
==== Chrome Fix ======================
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\positivo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\positivo\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com.br/"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://myhome.vi-view.com/web/?type=ds&ts=1406388603&from=smt&uid=SAMSUNGXHM321HI_S29PJ56ZA15208&q={searchTerms}"
"Search Page"="http://myhome.vi-view.com/web/?type=ds&ts=1406388603&from=smt&uid=SAMSUNGXHM321HI_S29PJ56ZA15208&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.com.br/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4291949376-2249992431-2029294269-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-4291949376-2249992431-2029294269-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-4291949376-2249992431-2029294269-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-4291949376-2249992431-2029294269-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\positivo\Desktop\Adobe Photoshop CS6.lnk - C:\Program Files\Adobe\Adobe Photoshop CS6\Photoshop.exe
C:\Users\positivo\Desktop\AdwCleaner - Atalho.lnk - C:\Users\positivo\Downloads\AdwCleaner.exe
C:\Users\positivo\Desktop\Dropbox.lnk - C:\Users\positivo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\positivo\Desktop\JRT - Atalho.lnk - C:\Users\positivo\Downloads\JRT.exe
C:\Users\positivo\Desktop\Painel de Controle iCloud.lnk - C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe
C:\Users\positivo\Desktop\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\positivo\Desktop\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\positivo\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\positivo\Desktop\ZHPDiag2 - Atalho.lnk - C:\Users\positivo\Downloads\ZHPDiag2.exe
C:\Users\positivo\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\positivo\Desktop\zoek - Atalho.lnk - C:\Users\positivo\Downloads\zoek.exe
C:\Users\positivo\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Download Assistant.lnk - C:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Amazing Audio.lnk - C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe Offer
C:\Users\Public\Desktop\Ative o antivírus GRÁTIS por 1 ano.lnk -
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Battery Manager.lnk - C:\Program Files\Technology Pack\Battery Manager\BatteryAppManager.exe
C:\Users\Public\Desktop\Conheça seu Computador.lnk -
C:\Users\Public\Desktop\File Safe.lnk - C:\Program Files\Technology Pack\File Safe\FileSafe.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
C:\Users\Public\Desktop\Manual do Usuário.lnk -
C:\Users\Public\Desktop\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Relação de Assistências Técnicas Autorizadas.lnk -
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\Smartcam.lnk - C:\Program Files\Technology Pack\Smartcam\Smartcam.exe
C:\Users\Public\Desktop\VDownloader.lnk - C:\Program Files\VDownloader\VDownloader.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in Users Start Menu ======================
C:\Users\positivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\positivo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\positivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\positivo\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk - C:\Program Files\VDownloader\VDownloader.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word Starter 2010.lnk - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604160000"
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\3e0e1230-1fe8-4c0d-8dec-5cd7c8b52a5b deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\52fd3755-d9c8-4358-bbb5-013986c60d13 deleted successfully
==== Empty IE Cache ======================
C:\Users\positivo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\positivo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\positivo\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=61 folders=23 17505020 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\positivo\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\positivo\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\positivo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBA8UME6\static.issuu.com" not found
==== EOF on 29/07/2014 at 16:25:35,38 ======================
Tool run by positivo on 29/07/2014 at 16:09:01,67.
Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\positivo\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
29/07/2014 16:09:56 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\InstallMate deleted
C:\Users\positivo\Searches deleted
C:\Windows\E2010.tmp deleted
C:\Windows\OSD10.tmp deleted
C:\Windows\system32\tasks\UpdaterEX deleted
C:\Windows\tasks\UpdaterEX.job deleted
C:\Windows\system32\tasks\Omiga Plus RunAsStdUser deleted
"C:\PROGRA~2\e5a6d1d216aaf119\{CA41BB14-E67B-1653-C57B-5CA99418A866}" deleted
"C:\PROGRA~2\e5a6d1d216aaf119" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"support@vdownloader.com"="C:\Program Files\VDownloader\Addons\FireFox" [19/07/2013 22:19]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eoccbpoodnckjdnackiffhjfkogfhnhh - C:\Program Files\VDownloader\Addons\Chrome.crx[16/06/2012 09:09]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[30/04/2014 21:59]
greattsaver - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
greattsaver - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
greattsaver - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
greattsaver - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
greattsaver - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
greattsaver - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
greattsaver - positivo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
YouTube - positivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - positivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
White Minimalism - positivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmngdobapmnebgjfmdilabeclgnjiga
Google Wallet - positivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - positivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
greattsaver - positivo\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani
==== Chrome Fix ======================
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\positivo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
C:\Users\positivo\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pgogpgeimncdpnmdlfdfffageopokani deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com.br/"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://myhome.vi-view.com/web/?type=ds&ts=1406388603&from=smt&uid=SAMSUNGXHM321HI_S29PJ56ZA15208&q={searchTerms}"
"Search Page"="http://myhome.vi-view.com/web/?type=ds&ts=1406388603&from=smt&uid=SAMSUNGXHM321HI_S29PJ56ZA15208&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.com.br/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4291949376-2249992431-2029294269-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-4291949376-2249992431-2029294269-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-4291949376-2249992431-2029294269-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-4291949376-2249992431-2029294269-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\positivo\Desktop\Adobe Photoshop CS6.lnk - C:\Program Files\Adobe\Adobe Photoshop CS6\Photoshop.exe
C:\Users\positivo\Desktop\AdwCleaner - Atalho.lnk - C:\Users\positivo\Downloads\AdwCleaner.exe
C:\Users\positivo\Desktop\Dropbox.lnk - C:\Users\positivo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\positivo\Desktop\JRT - Atalho.lnk - C:\Users\positivo\Downloads\JRT.exe
C:\Users\positivo\Desktop\Painel de Controle iCloud.lnk - C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe
C:\Users\positivo\Desktop\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\positivo\Desktop\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\positivo\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\positivo\Desktop\ZHPDiag2 - Atalho.lnk - C:\Users\positivo\Downloads\ZHPDiag2.exe
C:\Users\positivo\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\positivo\Desktop\zoek - Atalho.lnk - C:\Users\positivo\Downloads\zoek.exe
C:\Users\positivo\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Download Assistant.lnk - C:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Amazing Audio.lnk - C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe Offer
C:\Users\Public\Desktop\Ative o antivírus GRÁTIS por 1 ano.lnk -
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Battery Manager.lnk - C:\Program Files\Technology Pack\Battery Manager\BatteryAppManager.exe
C:\Users\Public\Desktop\Conheça seu Computador.lnk -
C:\Users\Public\Desktop\File Safe.lnk - C:\Program Files\Technology Pack\File Safe\FileSafe.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
C:\Users\Public\Desktop\Manual do Usuário.lnk -
C:\Users\Public\Desktop\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Relação de Assistências Técnicas Autorizadas.lnk -
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\Smartcam.lnk - C:\Program Files\Technology Pack\Smartcam\Smartcam.exe
C:\Users\Public\Desktop\VDownloader.lnk - C:\Program Files\VDownloader\VDownloader.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in Users Start Menu ======================
C:\Users\positivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\positivo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\positivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\positivo\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk - C:\Program Files\VDownloader\VDownloader.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word Starter 2010.lnk - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604160000"
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\positivo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\3e0e1230-1fe8-4c0d-8dec-5cd7c8b52a5b deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\52fd3755-d9c8-4358-bbb5-013986c60d13 deleted successfully
==== Empty IE Cache ======================
C:\Users\positivo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\positivo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\positivo\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=61 folders=23 17505020 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\positivo\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\positivo\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\positivo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBA8UME6\static.issuu.com" not found
==== EOF on 29/07/2014 at 16:25:35,38 ======================
Lucas Fagundes- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 29/07/2014
Re: Preciso remover Movie Mode do Chrome
por Power Max Ter 29 Jul 2014, 16:35
Faça o download do Malwarebytes em um destes links abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Ficamos no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Preciso remover Movie Mode do Chrome
por Lucas Fagundes Ter 29 Jul 2014, 16:36
~ Relatório do ZHPDiag v2014.7.29.110 - Nicolas Coolman (29/07/2014)
~ Iniciado por positivo (29/07/2014 16:00:06)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 60
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 239 GB (82%) free of 288 GB
---\\ Modo de conexão ao sistema
~ Computer Name: POSITIVO-PC
~ User Name: positivo
~ All Users Names: positivo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\positivo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\positivo\AppData\Roaming\
~ %Desktop% : C:\Users\positivo\Desktop\
~ %Favorites% : C:\Users\positivo\Favorites\
~ %LocalAppData% : C:\Users\positivo\AppData\Local\
~ %StartMenu% : C:\Users\positivo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 239 Go of 288 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/3190
~ Mes musiques (My Musics) : 155/903
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 2/426
~ Mon Bureau (My Desktop) : 1/13
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 11s
---\\ Processos lançados
[MD5.8895BE670D1D4BD478B16DD311273F4A] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800] [PID.2184]
[MD5.852F12CA7C4FC7E3D77B606492435556] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.2264]
[MD5.F2503BA77362CA6C876E08C15BBFBD5E] - (.Microsoft - AudioPower.) -- C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe [643072] [PID.2624]
[MD5.DE8C5AB7EE56A7DA0166B2E2B0E496A2] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.2664]
[MD5.2C1B1E9174D94E9F6EE3CF373ABAB7DD] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [137752] [PID.2680]
[MD5.87D78CF6365BDDACBE9D34B60FE0E23B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.2700]
[MD5.89D3DE5E2C77DCD99C56F0E46310AEA0] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [172568] [PID.2720]
[MD5.2218928CF528D7BC295B1B4C69E9846C] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.3420]
[MD5.603668084332DDB58D8C5AACE30B04FC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3428]
[MD5.59D9856CD1420E2AF778821B7E1B81D0] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.3800]
[MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.3808]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.3816]
[MD5.FC551A8B8E637B2147C003C885B6756E] - (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe [1496576] [PID.4092]
[MD5.E812316104EBCD9051FDEC9FC3F034EF] - (...) -- C:\Program Files\OEM\i-PowerXross 1.0\i-PowerXross.exe [512000] [PID.1660]
[MD5.E11E2F8CCBBC75F5D60D5CA888FCB6C8] - (.No owner - IPM.exe.) -- C:\Program Files\OEM\IPM 1.0\IPM.exe [1103360] [PID.3120]
[MD5.C9DF72070FA9628E5561D48FAACDC4D6] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.0\SunflowerOSD.exe [449024] [PID.2776]
[MD5.A569CE3DD8647BA7B5464694182943EC] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [226176] [PID.3756]
[MD5.6DC177F1626545F087892E73E7609DD0] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.4636]
[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.5132]
[MD5.AEE42E7B535276196CA0EEC4A6106764] - (.Microsoft - FileSafe.) -- C:\Arquivos de programas\Technology Pack\File Safe\FileSafe.exe [5798400] [PID.4340]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4524]
[MD5.B90D6A94CE912BCFE32E40B71073F31F] - (.No owner - PhotoScape.) -- C:\Program Files\PhotoScape\PhotoScape.exe [7306816] [PID.4356]
[MD5.9C41C4C252E978B5BABAF4C19BEC48CB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8083456] [PID.5964]
[MD5.A41F8321D64FD1CBC8DF7DC29F785A4B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe [229458] [PID.1104]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1564]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1992]
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.2044]
[MD5.68A70BAB25A5182CDFD5AAB529F05C5E] - (.Positivo Informática S.A - Serviço de Gerenciamento da Bateria.) -- C:\Program Files\BatteryManagerService\BatteryManagerService.exe [41472] [PID.380]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1496]
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.1588]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2492]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2596]
[MD5.881055862158C3278A67EBE6A654E586] - (.GenTechnologies Apps, LLC - MovieMode Service.) -- C:\ProgramData\growRRe\hAKlwv.exe [2319216] [PID.3188] =>PUP.MovieMode
[MD5.7493EA4DE41348F7D3EDBF9DB298F56A] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.3344]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.1304]
[MD5.33813E4F82AEC696762EAD9EDADC9FE3] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.4272]
[MD5.E32686B4E27D11F83E3F2844E104C66C] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [271920] [PID.4428]
[MD5.D6078E16EE5213CAB40D0B0322EA3E7B] - (.Positivo Informática S.A - Gerenciador dos recursos de energia do note.) -- C:\Program Files\Technology Pack\Battery Manager\BatteryPower.exe [383488] [PID.5080]
[MD5.E56F39F6B7FDA0AC77A79B0FD3DE1A2F] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856] [PID.3280]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.2716]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 11s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (.Vitzo Limited - Detects and downloads video content on a web page.) -- C:\Program Files\VDownloader\Addons\npVDownloader.dll
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Vitzo Limited - Detects and downloads video content on a web page.) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensões Cliente Bing.) -- C:\Program Files\Microsoft\BingBar\BingExt.dll =>Toolbar.Bing
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [positivo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\positivo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [positivo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\positivo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 03s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [AudioPower] . (.Microsoft - AudioPower.) -- C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [AdobeBridge] Chave orfã
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4291949376-2249992431-2029294269-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-4291949376-2249992431-2029294269-1000\..\Run: [AdobeBridge] Chave orfã
O4 - HKUS\S-1-5-21-4291949376-2249992431-2029294269-1000\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-4291949376-2249992431-2029294269-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{687AFADA-7C25-4222-9D8B-D8C63EB746B4}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9132D905-F51F-4FA5-9B94-D3740EFAB4BF}: DhcpNameServer = 10.2.20.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{687AFADA-7C25-4222-9D8B-D8C63EB746B4}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9132D905-F51F-4FA5-9B94-D3740EFAB4BF}: DhcpNameServer = 10.2.20.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{687AFADA-7C25-4222-9D8B-D8C63EB746B4}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9132D905-F51F-4FA5-9B94-D3740EFAB4BF}: DhcpNameServer = 10.2.20.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.2.20.14
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: hAKlwv (hAKlwv) . (.GenTechnologies Apps, LLC - MovieMode Service.) - C:\ProgramData\growRRe\hAKlwv.exe =>PUP.MovieMode
~ Services: 10 Legitimates Filtered in 00mn 15s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [Omiga Plus RunAsStdUser] (...) -- C:\Program Files\Omiga Plus\omigaplus.exe (.not file.) [0] =>Hijacker.OmigaPlus
[MD5.00000000000000000000000000000000] [APT] [UpdaterEX] (...) -- C:\Users\positivo\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.Dealply
[MD5.00000000000000000000000000000000] [APT] [{3A657157-96EB-416D-98A7-9D4E19AFBBD0}] (...) -- C:\Program Files\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6D65F3D4-6890-4E98-8C86-22A5A9ECB244}] (...) -- C:\ProgramData\MovieMode\uninstall.exe (.not file.) [0] =>PUP.MovieMode
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1056]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1060]
O39 - APT: UpdaterEX - (...) -- C:\Windows\Tasks\UpdaterEX.job [304] =>Hijacker.iHaveNet
O39 - APT: UpdaterEX - (...) -- C:\Windows\System32\Tasks\UpdaterEX [304] =>PUP.Dealply
~ Scheduled Task: 18 Legitimates Filtered in 00mn 02s
---\\ Software instalados (042)
O42 - Logiciel: Driver 1.0 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.0 - (.OEM.) [HKLM] -- {86432095-121F-4E75-A367-B282E64B1B31}
O42 - Logiciel: OSD 1.0 - (.OEM.) [HKLM] -- {4C2AF428-6E7F-443E-B147-3A8327C2053F}
O42 - Logiciel: i-PowerXross 1.0 - (.OEM.) [HKLM] -- {F1E25CFC-1243-4210-81B6-0C3D104D7083}
~ Logic: 19 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Amigo Mouse]
[HKCU\Software\Baidu Security]
[HKCU\Software\GetPrivate]
[HKCU\Software\SHUTTLE]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\SoilIO]
~ Key Software: 203 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/01/2014 - 18:29:46 - [] ----D C:\Program Files\Ares
O43 - CFD: 08/11/2013 - 12:08:54 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 19/10/2010 - 21:57:22 - [] ----D C:\Program Files\BatteryManagerService
O43 - CFD: 19/10/2010 - 22:07:05 - [] ----D C:\Program Files\Technology Pack
O43 - CFD: 19/10/2010 - 21:56:22 - [] ----D C:\ProgramData\Audio Power
O43 - CFD: 08/11/2013 - 12:09:18 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 29/12/2013 - 15:58:11 - [] ----D C:\ProgramData\e5a6d1d216aaf119
O43 - CFD: 26/07/2014 - 12:33:30 - [] ----D C:\ProgramData\growRRe
O43 - CFD: 31/12/2013 - 16:59:08 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 08/11/2013 - 12:09:38 - [] ----D C:\Users\positivo\AppData\Roaming\Baidu Security
O43 - CFD: 27/02/2013 - 16:03:41 - [] ----D C:\Users\positivo\AppData\Roaming\File Safe
O43 - CFD: 23/08/2013 - 18:35:19 - [] ----D C:\Users\positivo\AppData\Roaming\{90140011-0066-0416-0000-0000000FF1CE}
O43 - CFD: 28/12/2013 - 02:16:20 - [] ----D C:\Users\positivo\AppData\Local\Ares
O43 - CFD: 29/07/2014 - 14:38:46 - [] ----D C:\Users\positivo\AppData\Local\MovieMode =>PUP.MovieMode
~ Program Folder: 176 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.988D0B6B2F4F6AB774502CB26D593F68] - 28/07/2014 - 22:42:03 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148924]
O44 - LFC:[MD5.E280E334AD5DE66235490C015B5D360C] - 28/07/2014 - 22:42:03 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709402]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 29/07/2014 - 14:14:49 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
~ Files: 10 Legitimates Filtered in 00mn 36s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{4a710c0f-0ea8-11e3-95f2-80ee7308ecd5}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:30/04/2014 - 22:00:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:30/04/2014 - 22:00:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:30/04/2014 - 22:00:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:08/08/2013 - 00:25:30 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [64480]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:15/10/2010 - 14:31:36 ---A- . (...) -- C:\Windows\System32\Drivers\pad.sys [54544]
O58 - SDL:04/12/2009 - 15:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:04/12/2009 - 15:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:04/12/2009 - 15:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:06/11/2009 - 12:50:00 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [420864]
O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 82 Legitimates Filtered in 00mn 50s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 30/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 08/08/2013 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
~ Legacy: 93 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.49CD4C92ECA4BB4474AAD560ECEAD4A7] [SPRF][22/12/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Program Files\624-SFInstaller_ASG_aresgalaxy_9933997_.exe [1018264]
[MD5.E00093C2EB9297FD952A97764E37D339] [SPRF][22/12/2013] (...) -- C:\Program Files\ares-galaxy-2263050-32-bits.exe [623136]
[MD5.AAD2E37A5E733C140B3E02F9D793A572] [SPRF][08/11/2013] (.BitTorrent Inc. - BitTorrent.) -- C:\Program Files\bittorrent.exe [1137240] =>P2P.BitTorrent
[MD5.308A03D70B676C65896EEE4BDCDCE060] [SPRF][08/11/2013] (...) -- C:\Program Files\daemon-tools-lite-44810347-32-bits.exe [673608]
[MD5.2BE6A4DDF74B73802D84EC308E946703] [SPRF][22/12/2013] (.Dropbox, Inc. - Dropbox 2.4.10 Installer.) -- C:\Program Files\Dropbox 2.4.10.exe [36293880]
[MD5.3080647A64CBD7A6F4D1940FD622ADB7] [SPRF][24/12/2013] (...) -- C:\Program Files\FlvPlayerSetup.exe [1134904]
~ Files: 9 Legitimates Filtered in 00mn 09s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{83FE02A8-23F5-4BFA-8602-8F04631703FE}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\positivo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{FC8993A1-FB0C-4863-B61F-AA2A3E386467}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\positivo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{599405C6-1C16-4CE5-95E0-A92E13797C99}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\positivo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{19F8F15B-A0BD-4534-BA2E-EE1811290142}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\positivo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 01s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\8bf8e5.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 03s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\VAFPlayer_RASAPI32 =>PUP.VAFPlayer
HKLM\SOFTWARE\Microsoft\Tracing\VAFPlayer_RASMANCS =>PUP.VAFPlayer
~ BTK: 79 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing
~ BCK: 6860 Legitimates Filtered in 00mn 22s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Auto 28/07/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/07/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 14/09/2010 41472 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files\BatteryManagerService\BatteryManagerService.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/07/2014 2319216 | (hAKlwv) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\growRRe\hAKlwv.exe
SR - | Auto 02/10/2009 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 08/07/2014 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Demand 16/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 06/11/2009 229458 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 25s
---\\ Scâner Aditional (088)
Database Version : 13026 - (29/07/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 17
[HKLM\SYSTEM\CurrentControlSet\Services\hAKlwv] =>PUP.MovieMode^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Omiga Plus RunAsStdUser] =>Hijacker.OmigaPlus^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX] =>PUP.Dealply^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\positivo\AppData\Local\MovieMode =>PUP.MovieMode^
C:\ProgramData\growRRe\hAKlwv.exe =>PUP.MovieMode^
C:\Windows\Tasks\UpdaterEX.job =>Hijacker.iHaveNet^
C:\Windows\System32\Tasks\UpdaterEX =>PUP.Dealply^
C:\Program Files\bittorrent.exe =>P2P.BitTorrent^
C:\Windows\Installer\8bf8e5.msi =>Toolbar.Bing^
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing^
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.0 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.1 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.2 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.3 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.4 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.5 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.6 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.7 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\dp.exe =>PUP.DealPly
~ Additionnel Scan: 357139 Items scanned in 01mn 54s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Dealply
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.iHaveNet
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.VAFPlayer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetIM
~ MSI: 6 link(s) detected in 00mn 00s
~ 738 Legitimates filtered by white list
End of the scan (565 lines in 05mn 15s)(0)
~ Iniciado por positivo (29/07/2014 16:00:06)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 60
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 239 GB (82%) free of 288 GB
---\\ Modo de conexão ao sistema
~ Computer Name: POSITIVO-PC
~ User Name: positivo
~ All Users Names: positivo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\positivo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\positivo\AppData\Roaming\
~ %Desktop% : C:\Users\positivo\Desktop\
~ %Favorites% : C:\Users\positivo\Favorites\
~ %LocalAppData% : C:\Users\positivo\AppData\Local\
~ %StartMenu% : C:\Users\positivo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 239 Go of 288 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/3190
~ Mes musiques (My Musics) : 155/903
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 2/426
~ Mon Bureau (My Desktop) : 1/13
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 11s
---\\ Processos lançados
[MD5.8895BE670D1D4BD478B16DD311273F4A] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800] [PID.2184]
[MD5.852F12CA7C4FC7E3D77B606492435556] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.2264]
[MD5.F2503BA77362CA6C876E08C15BBFBD5E] - (.Microsoft - AudioPower.) -- C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe [643072] [PID.2624]
[MD5.DE8C5AB7EE56A7DA0166B2E2B0E496A2] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.2664]
[MD5.2C1B1E9174D94E9F6EE3CF373ABAB7DD] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [137752] [PID.2680]
[MD5.87D78CF6365BDDACBE9D34B60FE0E23B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.2700]
[MD5.89D3DE5E2C77DCD99C56F0E46310AEA0] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [172568] [PID.2720]
[MD5.2218928CF528D7BC295B1B4C69E9846C] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.3420]
[MD5.603668084332DDB58D8C5AACE30B04FC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3428]
[MD5.59D9856CD1420E2AF778821B7E1B81D0] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.3800]
[MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.3808]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.3816]
[MD5.FC551A8B8E637B2147C003C885B6756E] - (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe [1496576] [PID.4092]
[MD5.E812316104EBCD9051FDEC9FC3F034EF] - (...) -- C:\Program Files\OEM\i-PowerXross 1.0\i-PowerXross.exe [512000] [PID.1660]
[MD5.E11E2F8CCBBC75F5D60D5CA888FCB6C8] - (.No owner - IPM.exe.) -- C:\Program Files\OEM\IPM 1.0\IPM.exe [1103360] [PID.3120]
[MD5.C9DF72070FA9628E5561D48FAACDC4D6] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.0\SunflowerOSD.exe [449024] [PID.2776]
[MD5.A569CE3DD8647BA7B5464694182943EC] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [226176] [PID.3756]
[MD5.6DC177F1626545F087892E73E7609DD0] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.4636]
[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.5132]
[MD5.AEE42E7B535276196CA0EEC4A6106764] - (.Microsoft - FileSafe.) -- C:\Arquivos de programas\Technology Pack\File Safe\FileSafe.exe [5798400] [PID.4340]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4524]
[MD5.B90D6A94CE912BCFE32E40B71073F31F] - (.No owner - PhotoScape.) -- C:\Program Files\PhotoScape\PhotoScape.exe [7306816] [PID.4356]
[MD5.9C41C4C252E978B5BABAF4C19BEC48CB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8083456] [PID.5964]
[MD5.A41F8321D64FD1CBC8DF7DC29F785A4B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe [229458] [PID.1104]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1564]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1992]
[MD5.6B73E94F9FE82D45781B8C8A09483082] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.2044]
[MD5.68A70BAB25A5182CDFD5AAB529F05C5E] - (.Positivo Informática S.A - Serviço de Gerenciamento da Bateria.) -- C:\Program Files\BatteryManagerService\BatteryManagerService.exe [41472] [PID.380]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1496]
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.1588]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2492]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2596]
[MD5.881055862158C3278A67EBE6A654E586] - (.GenTechnologies Apps, LLC - MovieMode Service.) -- C:\ProgramData\growRRe\hAKlwv.exe [2319216] [PID.3188] =>PUP.MovieMode
[MD5.7493EA4DE41348F7D3EDBF9DB298F56A] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.3344]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.1304]
[MD5.33813E4F82AEC696762EAD9EDADC9FE3] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.4272]
[MD5.E32686B4E27D11F83E3F2844E104C66C] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [271920] [PID.4428]
[MD5.D6078E16EE5213CAB40D0B0322EA3E7B] - (.Positivo Informática S.A - Gerenciador dos recursos de energia do note.) -- C:\Program Files\Technology Pack\Battery Manager\BatteryPower.exe [383488] [PID.5080]
[MD5.E56F39F6B7FDA0AC77A79B0FD3DE1A2F] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856] [PID.3280]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.2716]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 11s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (.Vitzo Limited - Detects and downloads video content on a web page.) -- C:\Program Files\VDownloader\Addons\npVDownloader.dll
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Vitzo Limited - Detects and downloads video content on a web page.) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensões Cliente Bing.) -- C:\Program Files\Microsoft\BingBar\BingExt.dll =>Toolbar.Bing
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [positivo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\positivo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [positivo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\positivo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 03s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [AudioPower] . (.Microsoft - AudioPower.) -- C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [AdobeBridge] Chave orfã
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4291949376-2249992431-2029294269-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-4291949376-2249992431-2029294269-1000\..\Run: [AdobeBridge] Chave orfã
O4 - HKUS\S-1-5-21-4291949376-2249992431-2029294269-1000\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-4291949376-2249992431-2029294269-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{687AFADA-7C25-4222-9D8B-D8C63EB746B4}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9132D905-F51F-4FA5-9B94-D3740EFAB4BF}: DhcpNameServer = 10.2.20.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{687AFADA-7C25-4222-9D8B-D8C63EB746B4}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9132D905-F51F-4FA5-9B94-D3740EFAB4BF}: DhcpNameServer = 10.2.20.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{687AFADA-7C25-4222-9D8B-D8C63EB746B4}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{9132D905-F51F-4FA5-9B94-D3740EFAB4BF}: DhcpNameServer = 10.2.20.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.2.20.14
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: hAKlwv (hAKlwv) . (.GenTechnologies Apps, LLC - MovieMode Service.) - C:\ProgramData\growRRe\hAKlwv.exe =>PUP.MovieMode
~ Services: 10 Legitimates Filtered in 00mn 15s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [Omiga Plus RunAsStdUser] (...) -- C:\Program Files\Omiga Plus\omigaplus.exe (.not file.) [0] =>Hijacker.OmigaPlus
[MD5.00000000000000000000000000000000] [APT] [UpdaterEX] (...) -- C:\Users\positivo\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.Dealply
[MD5.00000000000000000000000000000000] [APT] [{3A657157-96EB-416D-98A7-9D4E19AFBBD0}] (...) -- C:\Program Files\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6D65F3D4-6890-4E98-8C86-22A5A9ECB244}] (...) -- C:\ProgramData\MovieMode\uninstall.exe (.not file.) [0] =>PUP.MovieMode
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1056]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1060]
O39 - APT: UpdaterEX - (...) -- C:\Windows\Tasks\UpdaterEX.job [304] =>Hijacker.iHaveNet
O39 - APT: UpdaterEX - (...) -- C:\Windows\System32\Tasks\UpdaterEX [304] =>PUP.Dealply
~ Scheduled Task: 18 Legitimates Filtered in 00mn 02s
---\\ Software instalados (042)
O42 - Logiciel: Driver 1.0 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.0 - (.OEM.) [HKLM] -- {86432095-121F-4E75-A367-B282E64B1B31}
O42 - Logiciel: OSD 1.0 - (.OEM.) [HKLM] -- {4C2AF428-6E7F-443E-B147-3A8327C2053F}
O42 - Logiciel: i-PowerXross 1.0 - (.OEM.) [HKLM] -- {F1E25CFC-1243-4210-81B6-0C3D104D7083}
~ Logic: 19 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Amigo Mouse]
[HKCU\Software\Baidu Security]
[HKCU\Software\GetPrivate]
[HKCU\Software\SHUTTLE]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\SoilIO]
~ Key Software: 203 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/01/2014 - 18:29:46 - [] ----D C:\Program Files\Ares
O43 - CFD: 08/11/2013 - 12:08:54 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 19/10/2010 - 21:57:22 - [] ----D C:\Program Files\BatteryManagerService
O43 - CFD: 19/10/2010 - 22:07:05 - [] ----D C:\Program Files\Technology Pack
O43 - CFD: 19/10/2010 - 21:56:22 - [] ----D C:\ProgramData\Audio Power
O43 - CFD: 08/11/2013 - 12:09:18 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 29/12/2013 - 15:58:11 - [] ----D C:\ProgramData\e5a6d1d216aaf119
O43 - CFD: 26/07/2014 - 12:33:30 - [] ----D C:\ProgramData\growRRe
O43 - CFD: 31/12/2013 - 16:59:08 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 08/11/2013 - 12:09:38 - [] ----D C:\Users\positivo\AppData\Roaming\Baidu Security
O43 - CFD: 27/02/2013 - 16:03:41 - [] ----D C:\Users\positivo\AppData\Roaming\File Safe
O43 - CFD: 23/08/2013 - 18:35:19 - [] ----D C:\Users\positivo\AppData\Roaming\{90140011-0066-0416-0000-0000000FF1CE}
O43 - CFD: 28/12/2013 - 02:16:20 - [] ----D C:\Users\positivo\AppData\Local\Ares
O43 - CFD: 29/07/2014 - 14:38:46 - [] ----D C:\Users\positivo\AppData\Local\MovieMode =>PUP.MovieMode
~ Program Folder: 176 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.988D0B6B2F4F6AB774502CB26D593F68] - 28/07/2014 - 22:42:03 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148924]
O44 - LFC:[MD5.E280E334AD5DE66235490C015B5D360C] - 28/07/2014 - 22:42:03 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709402]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 29/07/2014 - 14:14:49 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
~ Files: 10 Legitimates Filtered in 00mn 36s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{4a710c0f-0ea8-11e3-95f2-80ee7308ecd5}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:30/04/2014 - 22:00:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:30/04/2014 - 22:00:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:30/04/2014 - 22:00:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:08/08/2013 - 00:25:30 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [64480]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:15/10/2010 - 14:31:36 ---A- . (...) -- C:\Windows\System32\Drivers\pad.sys [54544]
O58 - SDL:04/12/2009 - 15:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:04/12/2009 - 15:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:04/12/2009 - 15:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:06/11/2009 - 12:50:00 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [420864]
O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 82 Legitimates Filtered in 00mn 50s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 30/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 08/08/2013 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
~ Legacy: 93 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.49CD4C92ECA4BB4474AAD560ECEAD4A7] [SPRF][22/12/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Program Files\624-SFInstaller_ASG_aresgalaxy_9933997_.exe [1018264]
[MD5.E00093C2EB9297FD952A97764E37D339] [SPRF][22/12/2013] (...) -- C:\Program Files\ares-galaxy-2263050-32-bits.exe [623136]
[MD5.AAD2E37A5E733C140B3E02F9D793A572] [SPRF][08/11/2013] (.BitTorrent Inc. - BitTorrent.) -- C:\Program Files\bittorrent.exe [1137240] =>P2P.BitTorrent
[MD5.308A03D70B676C65896EEE4BDCDCE060] [SPRF][08/11/2013] (...) -- C:\Program Files\daemon-tools-lite-44810347-32-bits.exe [673608]
[MD5.2BE6A4DDF74B73802D84EC308E946703] [SPRF][22/12/2013] (.Dropbox, Inc. - Dropbox 2.4.10 Installer.) -- C:\Program Files\Dropbox 2.4.10.exe [36293880]
[MD5.3080647A64CBD7A6F4D1940FD622ADB7] [SPRF][24/12/2013] (...) -- C:\Program Files\FlvPlayerSetup.exe [1134904]
~ Files: 9 Legitimates Filtered in 00mn 09s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{83FE02A8-23F5-4BFA-8602-8F04631703FE}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\positivo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{FC8993A1-FB0C-4863-B61F-AA2A3E386467}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\positivo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{599405C6-1C16-4CE5-95E0-A92E13797C99}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\positivo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{19F8F15B-A0BD-4534-BA2E-EE1811290142}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\positivo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 01s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\8bf8e5.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 03s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\VAFPlayer_RASAPI32 =>PUP.VAFPlayer
HKLM\SOFTWARE\Microsoft\Tracing\VAFPlayer_RASMANCS =>PUP.VAFPlayer
~ BTK: 79 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing
~ BCK: 6860 Legitimates Filtered in 00mn 22s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Auto 28/07/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/07/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/06/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 14/09/2010 41472 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files\BatteryManagerService\BatteryManagerService.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 26/07/2014 2319216 | (hAKlwv) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\growRRe\hAKlwv.exe
SR - | Auto 02/10/2009 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 08/07/2014 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Demand 16/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 06/11/2009 229458 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 25s
---\\ Scâner Aditional (088)
Database Version : 13026 - (29/07/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 17
[HKLM\SYSTEM\CurrentControlSet\Services\hAKlwv] =>PUP.MovieMode^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Omiga Plus RunAsStdUser] =>Hijacker.OmigaPlus^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX] =>PUP.Dealply^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\positivo\AppData\Local\MovieMode =>PUP.MovieMode^
C:\ProgramData\growRRe\hAKlwv.exe =>PUP.MovieMode^
C:\Windows\Tasks\UpdaterEX.job =>Hijacker.iHaveNet^
C:\Windows\System32\Tasks\UpdaterEX =>PUP.Dealply^
C:\Program Files\bittorrent.exe =>P2P.BitTorrent^
C:\Windows\Installer\8bf8e5.msi =>Toolbar.Bing^
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing^
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.0 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.1 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.2 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.3 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.4 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.5 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.6 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\bundlesweetimsetup.exe.7 =>PUP.SweetIM
C:\Users\positivo\AppData\Local\Temp\dp.exe =>PUP.DealPly
~ Additionnel Scan: 357139 Items scanned in 01mn 54s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Dealply
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.iHaveNet
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.VAFPlayer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetIM
~ MSI: 6 link(s) detected in 00mn 00s
~ 738 Legitimates filtered by white list
End of the scan (565 lines in 05mn 15s)(0)
Lucas Fagundes- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 29/07/2014
Re: Preciso remover Movie Mode do Chrome
por Power Max Ter 29 Jul 2014, 16:38
Você postou o relatório do ZHP, mas no momento precisamos é do relatório do Malwarebytes. Fico na espera dele.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Preciso remover Movie Mode do Chrome
por Lucas Fagundes Ter 29 Jul 2014, 18:31
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data de Verificação: 29/07/2014
Hora da Verificação: 16:44:41
Logfile: log.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.07.29.05
Rootkit Database: v2014.07.17.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado
OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: positivo
Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 422240
Tempo Decorrido: 1 hr, 15 min, 24 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 1
Adware.MovieMode, C:\ProgramData\growRRe\hAKlwv.exe, 3808, Delete-on-Reboot, [1d2c0c990e6d241282623437b24f50b0]
Módulos: 0
(No malicious items detected)
Chaves de Registro: 2
Adware.MovieMode, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hAKlwv, Quarantined, [1d2c0c990e6d241282623437b24f50b0],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [45041e87d7a4e3535dc3154d41c18878],
Valores de Registro: 0
(No malicious items detected)
Dados do Registro: 0
(No malicious items detected)
Pastas: 1
PUP.Optional.MovieMode.A, C:\Users\positivo\AppData\Local\MovieMode, Quarantined, [25245253f18aa690a55c80690002db25],
Arquivos: 15
Adware.MovieMode, C:\ProgramData\growRRe\hAKlwv.exe, Delete-on-Reboot, [1d2c0c990e6d241282623437b24f50b0],
PUP.Optional.IePluginService.A, C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir, Quarantined, [67e2ddc83447fa3c640d7ae507fa0000],
PUP.Optional.OpenCandy.A, C:\AdwCleaner\Quarantine\C\Users\positivo\AppData\Roaming\OpenCandy\68924445690B438392E164E9307FC96C\LatestDLMgr.exe.vir, Quarantined, [054435703b406dc9167155c05aa725db],
PUP.Optional.OpenCandy, C:\Program Files\165-DTLite4481-0347.exe, Quarantined, [b198faab14679e989f2234a9fe06b44c],
PUP.Optional.Spigot.A, C:\Program Files\624-SFInstaller_ASG_aresgalaxy_9933997_.exe, Quarantined, [aa9f871ee893ac8a9f3b1e0fdf22837d],
PUP.Optional.InstallCore.A, C:\Program Files\ares-galaxy-2263050-32-bits.exe, Quarantined, [48017c29dba07abc6b1848f56a9a8c74],
PUP.Optional.InstallCore.A, C:\Program Files\FlvPlayerSetup.exe, Quarantined, [39103570fa81d660d6ca75baff018b75],
PUP.Optional.InstallCore, C:\Program Files\daemon-tools-lite-44810347-32-bits.exe, Quarantined, [44057c29572486b0038a72056f958977],
PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe Photoshop CS6\amtlib.dll, Quarantined, [96b3f6af354651e5f11fd33e21e17c84],
Adware.MovieMode, C:\ProgramData\growRRe\dat\iamIod.exe, Delete-on-Reboot, [f7520b9a304b95a117cdadbe748d9a66],
PUP.Optional.4Shared, C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000, Quarantined, [68e15055cfacfb3bf2119efd936e04fc],
PUP.Optional.Somoto.A, C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000, Quarantined, [52f74065710a9c9a3284b6dd1ce543bd],
PUP.Optional.Superfish.A, C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [4306822389f235015b5b528cdc2601ff],
PUP.Optional.Superfish.A, C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Delete-on-Reboot, [61e8e6bf82f91026754120be986ae11f],
PUP.Optional.MovieMode.A, C:\Users\positivo\AppData\Local\MovieMode\data2.dat, Quarantined, [25245253f18aa690a55c80690002db25],
Physical Sectors: 0
(No malicious items detected)
(end)
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data de Verificação: 29/07/2014
Hora da Verificação: 16:44:41
Logfile: log.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.07.29.05
Rootkit Database: v2014.07.17.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado
OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: positivo
Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 422240
Tempo Decorrido: 1 hr, 15 min, 24 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 1
Adware.MovieMode, C:\ProgramData\growRRe\hAKlwv.exe, 3808, Delete-on-Reboot, [1d2c0c990e6d241282623437b24f50b0]
Módulos: 0
(No malicious items detected)
Chaves de Registro: 2
Adware.MovieMode, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hAKlwv, Quarantined, [1d2c0c990e6d241282623437b24f50b0],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [45041e87d7a4e3535dc3154d41c18878],
Valores de Registro: 0
(No malicious items detected)
Dados do Registro: 0
(No malicious items detected)
Pastas: 1
PUP.Optional.MovieMode.A, C:\Users\positivo\AppData\Local\MovieMode, Quarantined, [25245253f18aa690a55c80690002db25],
Arquivos: 15
Adware.MovieMode, C:\ProgramData\growRRe\hAKlwv.exe, Delete-on-Reboot, [1d2c0c990e6d241282623437b24f50b0],
PUP.Optional.IePluginService.A, C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir, Quarantined, [67e2ddc83447fa3c640d7ae507fa0000],
PUP.Optional.OpenCandy.A, C:\AdwCleaner\Quarantine\C\Users\positivo\AppData\Roaming\OpenCandy\68924445690B438392E164E9307FC96C\LatestDLMgr.exe.vir, Quarantined, [054435703b406dc9167155c05aa725db],
PUP.Optional.OpenCandy, C:\Program Files\165-DTLite4481-0347.exe, Quarantined, [b198faab14679e989f2234a9fe06b44c],
PUP.Optional.Spigot.A, C:\Program Files\624-SFInstaller_ASG_aresgalaxy_9933997_.exe, Quarantined, [aa9f871ee893ac8a9f3b1e0fdf22837d],
PUP.Optional.InstallCore.A, C:\Program Files\ares-galaxy-2263050-32-bits.exe, Quarantined, [48017c29dba07abc6b1848f56a9a8c74],
PUP.Optional.InstallCore.A, C:\Program Files\FlvPlayerSetup.exe, Quarantined, [39103570fa81d660d6ca75baff018b75],
PUP.Optional.InstallCore, C:\Program Files\daemon-tools-lite-44810347-32-bits.exe, Quarantined, [44057c29572486b0038a72056f958977],
PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe Photoshop CS6\amtlib.dll, Quarantined, [96b3f6af354651e5f11fd33e21e17c84],
Adware.MovieMode, C:\ProgramData\growRRe\dat\iamIod.exe, Delete-on-Reboot, [f7520b9a304b95a117cdadbe748d9a66],
PUP.Optional.4Shared, C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000, Quarantined, [68e15055cfacfb3bf2119efd936e04fc],
PUP.Optional.Somoto.A, C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000, Quarantined, [52f74065710a9c9a3284b6dd1ce543bd],
PUP.Optional.Superfish.A, C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [4306822389f235015b5b528cdc2601ff],
PUP.Optional.Superfish.A, C:\Users\positivo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Delete-on-Reboot, [61e8e6bf82f91026754120be986ae11f],
PUP.Optional.MovieMode.A, C:\Users\positivo\AppData\Local\MovieMode\data2.dat, Quarantined, [25245253f18aa690a55c80690002db25],
Physical Sectors: 0
(No malicious items detected)
(end)
Lucas Fagundes- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 29/07/2014
Re: Preciso remover Movie Mode do Chrome
por Power Max Ter 29 Jul 2014, 18:48
Desative temporariamente seu antivirus para evitar conflitos.
Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Execute-o da forma indicada nesta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Shortcut_Module_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).
Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Execute-o da forma indicada nesta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Shortcut_Module_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Preciso remover Movie Mode do Chrome
por Lucas Fagundes Ter 29 Jul 2014, 20:02
Fiz download do Shortcut e inicie o processo, quando o processo estava em 94%, deu erro, abriu um caixa de diálogo de Erro, cliquei no único botão (Ok), então o Shortcut saiu, o computador travou e não funcionou, cliquei, teclei Enter e nada, daí eu forcei o desligamento (direto no botão) e agora o computador iniciou normalmente, porém pelo que eu percebi fez alterações no meu Disco Local (C:).
O meu problema havia sido resolvido com o processo anterior (Malwarebytes), porém segui as instruções e segui com o Shortcut, pois imaginei que fazia parte de um processo.
O meu problema havia sido resolvido com o processo anterior (Malwarebytes), porém segui as instruções e segui com o Shortcut, pois imaginei que fazia parte de um processo.
Lucas Fagundes- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 29/07/2014
Re: Preciso remover Movie Mode do Chrome
por Power Max Ter 29 Jul 2014, 20:10
Tem vezes que ele trava mesmo. Mas você pode iniciar o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede (ou Modo seguro). Quando o PC estiver em modo seguro com rede você executa o programa como lhe passei.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Preciso remover Movie Mode do Chrome
por Lucas Fagundes Ter 29 Jul 2014, 20:15
Mas é mesmo necessário? Porque o problema foi resolvido.
E agora eu fiquei preocupado, como eu disse fez alterações no meu Disco Local, acrescentou novas pastas, alterou nome de pastas antigas, fez uma bagunça.
E agora eu fiquei preocupado, como eu disse fez alterações no meu Disco Local, acrescentou novas pastas, alterou nome de pastas antigas, fez uma bagunça.
Lucas Fagundes- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 29/07/2014
Re: Preciso remover Movie Mode do Chrome
por Power Max Ter 29 Jul 2014, 20:18
Ele não cria novas pastas, ele faz é mostrar os itens que estavam ocultos e remover itens que são malwares
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Preciso remover Movie Mode do Chrome
por Lucas Fagundes Ter 29 Jul 2014, 21:33
Agradeço por me ajudar com a retirada do Movie Mode, as dicas foram muito boas, mas pelo que eu vi o Shortcut não vai dar certo mesmo, refiz o processo em Modo de Segurança com Rede e novamente aconteceu Erro.
Lucas Fagundes- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 29/07/2014
Re: Preciso remover Movie Mode do Chrome
por Power Max Sex 22 Ago 2014, 09:16
Pode então cancelar o procedimento com este programa.
______________________________________________
Fico feliz que o problema tenha sido resolvido.
Só para finalizar siga estes tutoriais abaixo, por gentileza:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
______________________________________________
Fico feliz que o problema tenha sido resolvido. Só para finalizar siga estes tutoriais abaixo, por gentileza:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]._______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Preciso remover Movie Mode do Chrome
por Power Max Sex 22 Ago 2014, 09:17
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Tópicos semelhantes» Preciso de ajuda para remover de vez o Movie Mode!!!
» Não consigo remover movie mode
» Movie Mode
» movie mode
» Movie Mode ou mais algum programa
» Não consigo remover movie mode
» Movie Mode
» movie mode
» Movie Mode ou mais algum programa
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos