Logo Hardware.com.br
dioguera
dioguera Membro Junior Registrado
99 Mensagens 2 Curtidas

Janelas abrindo toda hora navegador e problema para gerar LOG

#1 Por dioguera 19/03/2014 - 11:44
Prezados, estou com janelas no meu navegador abrindo toda hora, tipo adcash. Acho que um malware me infectou.

Além disso, quando rodo o Hijack aparece um problema!

Acesso negado às Hostsfile, dizendo que preciso editar o arquivo eu mesmo

notepad C:\\WINDOWS\System32\drivers\etc\hosts
Diz para achar as linhas dos relatórios HijackThis e deletá-los.

Como diabo faço isso?

De qualquer modo, o log é produzido, mas não sei se devo corrigir esse erro antes ou se é um erro do Windows 8.1

Segue o Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:43:46, on 19/03/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Digiarty\Air_Playit\airplayit.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files\Digiarty\Air_Playit\AirPS.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\diogo mesti\AppData\Local\VNT\vntldr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\program files (x86)\avira\antivir desktop\ipmGui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\diogo mesti\Downloads\HijackThis.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\syswow64\wwahost.exe
C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=94A0083E8ECB0386&affID=121225&tsp=5004
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13828
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Intel AT Service signup] c:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe -launchonboot
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [VNT] C:\Program Files (x86)\VNT\vntldr.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\diogo mesti\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Digiarty_Software_AirPlayit] "C:\Program Files\Digiarty\Air_Playit\airplayit.exe" -min
O4 - HKCU\..\Run: [Google Update] "C:\Users\diogo mesti\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7459FFF-AAFD-4DFA-931D-BE93B778B6BE}: NameServer = 192.168.0.254,8.8.8.8
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Technologie de stockage Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NetworkSupport - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Unknown owner - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: View Password (ViewPassword) - Unknown owner - C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 17117 bytes
problema navegador prezados abrindo janelas gerar acho hora adcash
Responder
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#2 Por Power Max
19/03/2014 - 12:30
bom_trabalho.gif Olá Dioguera.

veja.png Siga, por gentileza, as dicas do tutorial abaixo:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
dioguera
dioguera Membro Junior Registrado
99 Mensagens 2 Curtidas
#3 Por dioguera
19/03/2014 - 14:48
# AdwCleaner v3.022 - Rapport créé le 19/03/2014 à 14:45:20 # Mis à jour le 13/03/2014 par Xplode # Système d'exploitation : Windows 8.1 (64 bits) # Nom d'utilisateur : diogo mesti - DIOGUERA # Exécuté depuis : C:\Users\diogo mesti\Downloads\AdwCleaner.exe # Option : Nettoyer ***** [ Services ] ***** ***** [ Fichiers / Dossiers ] ***** Dossier Supprimé : C:\ProgramData\Babylon Dossier Supprimé : C:\ProgramData\boost_interprocess Dossier Supprimé : C:\ProgramData\DSearchLink Dossier Supprimé : C:\Program Files (x86)\Minibar Dossier Supprimé : C:\Users\diogo mesti\AppData\Local\Bundled software uninstaller Dossier Supprimé : C:\Users\diogo mesti\AppData\Local\Minibar Dossier Supprimé : C:\Users\diogo mesti\AppData\Roaming\Babylon Fichier Supprimé : C:\END Fichier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk Fichier Supprimé : C:\Users\diogo mesti\AppData\Roaming\Mozilla\Firefox\Profiles\isqgalun.default\invalidprefs.js Fichier Supprimé : C:\Users\diogo mesti\AppData\Roaming\Mozilla\Firefox\Profiles\isqgalun.default\user.js Fichier Supprimé : C:\Users\diogo mesti\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage Fichier Supprimé : C:\Users\diogo mesti\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage-journal ***** [ Raccourcis ] ***** ***** [ Registre ] ***** Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Clé Supprimée : HKCU\Software\BabSolution Clé Supprimée : HKCU\Software\BI Clé Supprimée : HKCU\Software\Conduit Clé Supprimée : HKCU\Software\Delta Clé Supprimée : HKCU\Software\InstallCore Clé Supprimée : HKCU\Software\Minibar Clé Supprimée : HKCU\Software\Softonic Clé Supprimée : HKLM\Software\Conduit Clé Supprimée : HKLM\Software\Delta Clé Supprimée : HKLM\Software\Minibar Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller Clé Supprimée : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar ***** [ Navigateurs ] ***** -\\ Internet Explorer v11.0.9600.16518 Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] -\\ Mozilla Firefox v27.0.1 (fr) [ Fichier : C:\Users\diogo mesti\AppData\Roaming\Mozilla\Firefox\Profiles\isqgalun.default\prefs.js ] Ligne Supprimée : user_pref("extensions.delta.admin", false); Ligne Supprimée : user_pref("extensions.delta.aflt", "babsst"); Ligne Supprimée : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Ligne Supprimée : user_pref("extensions.delta.autoRvrt", "false"); Ligne Supprimée : user_pref("extensions.delta.dfltLng", "pt"); Ligne Supprimée : user_pref("extensions.delta.excTlbr", false); Ligne Supprimée : user_pref("extensions.delta.ffxUnstlRst", true); Ligne Supprimée : user_pref("extensions.delta.id", "94a0590d000000000000083e8ecb0386"); Ligne Supprimée : user_pref("extensions.delta.instlDay", "15961"); Ligne Supprimée : user_pref("extensions.delta.instlRef", "sst"); Ligne Supprimée : user_pref("extensions.delta.newTab", false); Ligne Supprimée : user_pref("extensions.delta.prdct", "delta"); Ligne Supprimée : user_pref("extensions.delta.prtnrId", "delta"); Ligne Supprimée : user_pref("extensions.delta.rvrt", "false"); Ligne Supprimée : user_pref("extensions.delta.smplGrp", "none"); Ligne Supprimée : user_pref("extensions.delta.tlbrId", "base"); Ligne Supprimée : user_pref("extensions.delta.tlbrSrchUrl", ""); Ligne Supprimée : user_pref("extensions.delta.vrsn", "1.8.24.6"); Ligne Supprimée : user_pref("extensions.delta.vrsnTs", "1.8.24.610:52:26"); Ligne Supprimée : user_pref("extensions.delta.vrsni", "1.8.24.6"); Ligne Supprimée : user_pref("extensions.delta_i.babExt", ""); Ligne Supprimée : user_pref("extensions.delta_i.babTrack", "affID=121225&tsp=5004"); Ligne Supprimée : user_pref("extensions.delta_i.srcExt", "ss"); -\\ Google Chrome v33.0.1750.154 [ Fichier : C:\Users\diogo mesti\AppData\Local\Google\Chrome\User Data\Default\preferences ] Supprimée : homepage ************************* AdwCleaner[R0].txt - [5076 octets] - [19/03/2014 14:42:27] AdwCleaner[S0].txt - [4485 octets] - [19/03/2014 14:45:20] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4545 octets] ##########
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#4 Por Power Max
19/03/2014 - 14:53
veja.png Siga, por gentileza, as dicas deste artigo para fazer uma limpeza de seu PC com o Malwarebytes:

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste este log do Malwarebytes.

Ficamos no aguardo.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
dioguera
dioguera Membro Junior Registrado
99 Mensagens 2 Curtidas
#5 Por dioguera
19/03/2014 - 16:44
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versão da Base de Dados: v2014.03.19.07

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
diogo mesti :: DIOGUERA [administrador]

19/03/2014 15:04:36
MBAM-log-2014-03-19 (16-44-15).txt

Tipo de Verificação: Verificação Completa (C:\|E:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 537998
Tempo decorrido: 1 hora(s), 38 minuto(s), 57 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Nenhuma ação foi feita.

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 3
C:\Users\diogo mesti\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Nenhuma ação foi feita.
C:\Users\diogo mesti\AppData\Local\Temp\ct3297267 (PUP.Optional.Conduit.A) -> Nenhuma ação foi feita.
C:\Users\diogo mesti\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Nenhuma ação foi feita.

Arquivos Detectados: 19
C:\$Recycle.Bin\S-1-5-21-3472444042-202263751-3116591014-1001\$R6T37IM.exe (PUP.Optional.Solimba) -> Nenhuma ação foi feita.
C:\$Recycle.Bin\S-1-5-21-3472444042-202263751-3116591014-1001\$R772KPA.exe (PUP.Optional.PCMega.A) -> Nenhuma ação foi feita.
C:\$Recycle.Bin\S-1-5-21-3472444042-202263751-3116591014-1001\$R7GJA6S.exe (PUP.Optional.PCMega.A) -> Nenhuma ação foi feita.
C:\$Recycle.Bin\S-1-5-21-3472444042-202263751-3116591014-1001\$RG0KBM8.exe (PUP.Optional.PCMega.A) -> Nenhuma ação foi feita.
C:\$Recycle.Bin\S-1-5-21-3472444042-202263751-3116591014-1001\$RLSC541.exe (PUP.Optional.Bundlore) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Minibar\Minibar.dll.vir (PUP.Optional.MiniBar.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir (PUP.Optional.Delta.A) -> Nenhuma ação foi feita.
C:\AdwCleaner\Quarantine\C\Users\diogo mesti\AppData\Local\Bundled software uninstaller\bi_client.exe.vir (PUP.Optional.Somoto.A) -> Nenhuma ação foi feita.
C:\Users\diogo mesti\AppData\Local\Microsoft\Windows\INetCache\IE\7MX69IW0\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Nenhuma ação foi feita.
C:\Users\diogo mesti\AppData\Local\Microsoft\Windows\INetCache\IE\7MX69IW0\mism[1].exe (PUP.Optional.Conduit.A) -> Nenhuma ação foi feita.
C:\Users\diogo mesti\AppData\Local\Temp\is701137889\2240379_stp.EXE (PUP.BundleInstaller.RKN) -> Nenhuma ação foi feita.
C:\Users\diogo mesti\AppData\Local\Temp\n2458\ins2458.exe (PUP.Optional.Solimba) -> Nenhuma ação foi feita.
C:\Users\diogo mesti\AppData\Local\Temp\n3503\s3503.exe (PUP.Optional.Rapiddown) -> Nenhuma ação foi feita.
C:\Users\diogo mesti\Downloads\CutePDF Writer.exe (PUP.Optional.BundleInstaller) -> Nenhuma ação foi feita.
C:\Users\diogo mesti\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Nenhuma ação foi feita.
C:\Users\diogo mesti\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Nenhuma ação foi feita.
C:\Users\diogo mesti\AppData\Local\Temp\ct3297267\ism.exe (PUP.Optional.Conduit.A) -> Nenhuma ação foi feita.
C:\Users\diogo mesti\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Nenhuma ação foi feita.
C:\Users\diogo mesti\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Nenhuma ação foi feita.

(fim)
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#6 Por Power Max
19/03/2014 - 20:01
O Malwarebytes encontrou vários problemas, mas está constando que nenhuma ação foi feita. Faça uma nova verificação completa com ele, remova todos os problemas que ele encontrar, e depois disso poste o novo relatório que ele irá criar.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
dioguera
dioguera Membro Junior Registrado
99 Mensagens 2 Curtidas
#7 Por dioguera
20/03/2014 - 15:59
Passei duas vezes. Depois passei de novo e detectou somente um. Mas o problema continua. No texto comum de qualquer site, como no da Globo por exemplo, palavras aparecem como links verdes para outros sites, além de continuar abrindo janelas quando clico em qualquer coisa.
Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Versão da Base de Dados: v2014.03.19.07 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16521 diogo mesti :: DIOGUERA [administrador] 19/03/2014 15:04:36 mbam-log-2014-03-19 (15-04-36).txt Tipo de Verificação: Verificação Completa (C:\|E:\|) Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 537998 Tempo decorrido: 1 hora(s), 38 minuto(s), 57 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Enviado para a Quarentena e deletado com sucesso. Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 3 C:\Users\diogo mesti\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Enviado para a Quarentena e deletado com sucesso. C:\Users\diogo mesti\AppData\Local\Temp\ct3297267 (PUP.Optional.Conduit.A) -> Enviado para a Quarentena e deletado com sucesso. C:\Users\diogo mesti\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Enviado para a Quarentena e deletado com sucesso. Arquivos Detectados: 19 C:\$Recycle.Bin\S-1-5-21-3472444042-202263751-3116591014-1001\$R6T37IM.exe (PUP.Optional.Solimba) -> Enviado para a Quarentena e deletado com sucesso. C:\$Recycle.Bin\S-1-5-21-3472444042-202263751-3116591014-1001\$R772KPA.exe (PUP.Optional.PCMega.A) -> Enviado para a Quarentena e deletado com sucesso. C:\$Recycle.Bin\S-1-5-21-3472444042-202263751-3116591014-1001\$R7GJA6S.exe (PUP.Optional.PCMega.A) -> Enviado para a Quarentena e deletado com sucesso. C:\$Recycle.Bin\S-1-5-21-3472444042-202263751-3116591014-1001\$RG0KBM8.exe (PUP.Optional.PCMega.A) -> Enviado para a Quarentena e deletado com sucesso. C:\$Recycle.Bin\S-1-5-21-3472444042-202263751-3116591014-1001\$RLSC541.exe (PUP.Optional.Bundlore) -> Enviado para a Quarentena e deletado com sucesso. C:\AdwCleaner\Quarantine\C\Program Files (x86)\Minibar\Minibar.dll.vir (PUP.Optional.MiniBar.A) -> Enviado para a Quarentena e deletado com sucesso. C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir (PUP.Optional.Delta.A) -> Enviado para a Quarentena e deletado com sucesso. C:\AdwCleaner\Quarantine\C\Users\diogo mesti\AppData\Local\Bundled software uninstaller\bi_client.exe.vir (PUP.Optional.Somoto.A) -> Enviado para a Quarentena e deletado com sucesso. C:\Users\diogo mesti\AppData\Local\Microsoft\Windows\INetCache\IE\7MX69IW0\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Enviado para a Quarentena e deletado com sucesso. C:\Users\diogo mesti\AppData\Local\Microsoft\Windows\INetCache\IE\7MX69IW0\mism[1].exe (PUP.Optional.Conduit.A) -> Enviado para a Quarentena e deletado com sucesso. C:\Users\diogo mesti\AppData\Local\Temp\is701137889\2240379_stp.EXE (PUP.BundleInstaller.RKN) -> Enviado para a Quarentena e deletado com sucesso. C:\Users\diogo mesti\AppData\Local\Temp\n2458\ins2458.exe (PUP.Optional.Solimba) -> Enviado para a Quarentena e deletado com sucesso. C:\Users\diogo mesti\AppData\Local\Temp\n3503\s3503.exe (PUP.Optional.Rapiddown) -> Enviado para a Quarentena e deletado com sucesso. C:\Users\diogo mesti\Downloads\CutePDF Writer.exe (PUP.Optional.BundleInstaller) -> Enviado para a Quarentena e deletado com sucesso. C:\Users\diogo mesti\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Enviado para a Quarentena e deletado com sucesso. C:\Users\diogo mesti\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Enviado para a Quarentena e deletado com sucesso. C:\Users\diogo mesti\AppData\Local\Temp\ct3297267\ism.exe (PUP.Optional.Conduit.A) -> Enviado para a Quarentena e deletado com sucesso. C:\Users\diogo mesti\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Enviado para a Quarentena e deletado com sucesso. C:\Users\diogo mesti\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Enviado para a Quarentena e deletado com sucesso. (fim)
Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Versão da Base de Dados: v2014.03.19.07 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16521 diogo mesti :: DIOGUERA [administrador] 20/03/2014 07:56:16 mbam-log-2014-03-20 (07-56-16).txt Tipo de Verificação: Verificação Completa (C:\|E:\|) Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 538563 Tempo decorrido: 1 hora(s), 54 minuto(s), 56 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:13828 -> Enviado para a Quarentena e deletado com sucesso. Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 0 (Não foram detectados ítens maliciosos) (fim)
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#8 Por Power Max
20/03/2014 - 16:01
veja.png Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
http://www.hijackthis.nl/smeenk/

*Clique com o botão direito do mouse no Zoek.exe e selecione 74f6572c00b779edf6f194710ceb6ce9

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

createsrpoint;
autoclean;
emptyalltemp;
iedefaults;
resetieproxy;
resethosts;
shortcutfix;
ffdefaults;
firefoxlook;
reset chrome;
chrdefaults;
chromelook;

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

7b39b88d7dc13608b71e97baa6485a34

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
dioguera
dioguera Membro Junior Registrado
99 Mensagens 2 Curtidas
#9 Por dioguera
20/03/2014 - 16:31
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by diogo mesti on 20/03/2014 at 16:15:38,94.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\diogo mesti\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

20/03/2014 16:17:13 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\DIOGOM~1\AppData\Roaming\diogenes\Diogenes-Browser\Profiles\5pb80j9c.default\prefs.js:

Added to C:\Users\DIOGOM~1\AppData\Roaming\diogenes\Diogenes-Browser\Profiles\5pb80j9c.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\DIOGOM~1\AppData\Roaming\Mozilla\Firefox\Profiles\isqgalun.default\prefs.js:

Added to C:\Users\DIOGOM~1\AppData\Roaming\Mozilla\Firefox\Profiles\isqgalun.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~3\AskPartnerNetwork deleted
C:\PROGRA~3\APN deleted
C:\Users\Public\sdelevURL.tmp deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\Users\diogo mesti\AppData\Roaming\unins000.exe deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted
"C:\PROGRA~2\AskPartnerNetwork" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [05/09/2013 07:44]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{dfe9a019-6233-471f-b90c-756ac2c13a22}"="C:\Program Files (x86)\View-Password-soft\157.xpi" [16/03/2014 19:14]

==== Firefox Extensions ======================

ProfilePath: C:\Users\DIOGOM~1\AppData\Roaming\Mozilla\Firefox\Profiles\isqgalun.default
- Guardiao Itau Unibanco - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\diogo mesti\AppData\Roaming\Mozilla\Firefox\Profiles\isqgalun.default
7EFF79934842F1C28992638AF19BF9CD - C:\Users\diogo mesti\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
F87D7EB5573C0A84D8D460C54CBC5585 - C:\Users\diogo mesti\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
95812430959AE88CDD0301AB3A71913B - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
A9C86900D2A61728C8326FE7147617C5 - C:\Users\diogo mesti\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
630B1C896D9DC03447A6951102EBEBFD - C:\Users\diogo mesti\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\diogo mesti\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
58B690C992C321664AB6145A350B5DCD - C:\Users\diogo mesti\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaajpjcfehonfdgjjnbcbenifanaofn - C:\ProgramData\AskPartnerNetwork\Toolbar\ARS3-V7\CRX\ToolbarCR.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\diogo mesti\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[08/01/2014 07:50]

Google Drive - diogo mesti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - diogo mesti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - diogo mesti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - diogo mesti\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - diogo mesti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - diogo mesti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - diogo mesti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{967E35C8-F3C6-4EAC-8136-C76FDA490FCF} eBay Url="http://rover.ebay.com/rover/1/709-42536-16445-33/4?mpre=http://shop.ebay.fr/?oemInLn=ieSrch-Q312&_nkw={searchTerms}"
{F03D1B14-7DA7-45CE-92F6-5DA093F62C72} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS"

==== Reset Google Chrome ======================

C:\Users\diogo mesti\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\diogo mesti\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\diogo mesti\Desktop\Air Playit.lnk - C:\Program Files (x86)\Digiarty\Air_Playit\airplayit.exe
C:\Users\diogo mesti\Desktop\Diogenes.lnk - C:\Program Files (x86)\Diogenes\diogenes.exe
C:\Users\diogo mesti\Desktop\DjView.lnk - C:\Program Files (x86)\DjVuZone\DjVuLibre\djview.exe
C:\Users\diogo mesti\Desktop\Google Drive.lnk - C:\Users\diogo mesti\Google Drive
C:\Users\diogo mesti\Desktop\IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\diogo mesti\Desktop\Kalós.lnk -
C:\Users\diogo mesti\Desktop\µTorrent.lnk -
C:\Users\diogo mesti\Desktop\geral\Startup\A bibliografia da tese - Atalho.lnk - C:\Users\diogo mesti\Documents\Doutorado\capítulos\A bibliografia da tese.doc
C:\Users\diogo mesti\Desktop\geral\Startup\A.Greek-English.Lexicon.Liddell.Scott.Clarendon.Oxford.9th.ed.1996 - Atalho.lnk - C:\Users\diogo mesti\Desktop\grego\A.Greek-English.Lexicon.Liddell.Scott.Clarendon.Oxford.9th.ed.1996.pdf
C:\Users\diogo mesti\Desktop\geral\Startup\Bailly - Abrégé du Dictionnaire Grec-Francais - Atalho.lnk -
C:\Users\diogo mesti\Desktop\geral\Startup\Burnet republic - Atalho.lnk - C:\Users\diogo mesti\Desktop\grego\Burnet republic.pdf
C:\Users\diogo mesti\Desktop\geral\Startup\Chantraine - Dictionnaire Ethymologique de la Langue Grecque - Atalho.lnk - C:\Users\diogo mesti\Desktop\grego\Chantraine - Dictionnaire Ethymologique de la Langue Grecque.pdf
C:\Users\diogo mesti\Desktop\geral\Startup\Diogenes (2).lnk - C:\Program Files (x86)\Diogenes\diogenes.exe
C:\Users\diogo mesti\Desktop\geral\Startup\mozila.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\diogo mesti\Desktop\geral\Startup\Plato Paul Shorey ed. The Republic, Vol. I Books 1-5 Loeb Classical Library No. 237 1937 - Atalho.lnk - C:\Users\diogo mesti\Desktop\grego\Traduçoes\Plato Paul Shorey ed. The Republic, Vol. I Books 1-5 Loeb Classical Library No. 237 1937.pdf
C:\Users\diogo mesti\Desktop\geral\Startup\Plato Republic Adam vol. I - Atalho.lnk - C:\Users\diogo mesti\Desktop\grego\Plato Republic Adam vol. I.pdf
C:\Users\diogo mesti\Desktop\geral\Startup\Reeve traduction Republic - Atalho.lnk - C:\Users\diogo mesti\Desktop\grego\Traduçoes\Reeve traduction Republic.pdf
C:\Users\diogo mesti\Desktop\grego\Plato Republic Adam vol. II - Atalho.lnk - C:\Users\diogo mesti\Desktop\grego\Plato Republic Adam vol. II.pdf
C:\Users\diogo mesti\Desktop\TESE\GREGO\Greek Lexicon.lnk - C:\Users\diogo mesti\Documents\Biblioteca\Assuntos\GREGO\Hendrickson Publishers - Wesley J. Perschbacher - The New Analytical Greek Lexicon.pdf

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Aulete digital.lnk - C:\Program Files (x86)\Aulete digital\Aulete.exe
C:\Users\Public\Desktop\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\DivX Player.lnk - C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\PDF.lnk - C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe
C:\Users\Public\Desktop\Raquel.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== shortcuts in Users Start Menu ======================

C:\Users\diogo mesti\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3 Player\AC3 Player.lnk - C:\Program Files (x86)\AC3 Player\AC3Player.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3 Player\Uninstall AC3 Player.lnk - C:\Program Files (x86)\AC3 Player\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\AC3Filter Config.lnk - C:\Program Files (x86)\AC3Filter\ac3config.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Clear filter cache.lnk - C:\Program Files (x86)\AC3Filter\Clear filter cache.reg
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\License.lnk - C:\Program Files (x86)\AC3Filter\GPL.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Readme.lnk - C:\Program Files (x86)\AC3Filter\Readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Reset to defaults.lnk - C:\Program Files (x86)\AC3Filter\Reset to defaults.reg
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Restore default presets.lnk - C:\Program Files (x86)\AC3Filter\Presets.reg
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\SPDIF test (32bit).lnk - C:\Program Files (x86)\AC3Filter\spdif_test.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\SPDIF test (64bit).lnk - C:\Program Files (x86)\AC3Filter\x64\spdif_test.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter\Uninstall AC3Filter.lnk - C:\Program Files (x86)\AC3Filter\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF\Try Free CutePDF Editor.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF\PDF Writer\Readme.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Configurações de Codec.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Converter.lnk - C:\Program Files (x86)\DivX\DivX Converter\DivXConverterLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Player.lnk - C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Registrar.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=registration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Verificar atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva\Recuva.lnk - C:\Program Files\Recuva\recuva64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva\Uninstall Recuva.lnk - C:\Program Files\Recuva\uninst.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\diogo mesti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Air Playit.lnk - C:\Program Files\Digiarty\Air_Playit\airplayit.exe
C:\Users\diogo mesti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gephi.lnk - C:\Program Files (x86)\Gephi-0.8.2\bin\gephi.exe
C:\Users\diogo mesti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\diogo mesti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\diogo mesti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\diogo mesti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\diogo mesti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\DivX Player.lnk - C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe
C:\Users\diogo mesti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\diogo mesti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\diogo mesti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-1000-0000000FF1CE}\wordicon.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:13828"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaajpjcfehonfdgjjnbcbenifanaofn deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\"Hao123.com" deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\diogo mesti\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\diogo mesti\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\diogo mesti\AppData\Local\Mozilla\Firefox\Profiles\isqgalun.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\diogo mesti\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=47 folders=34 10804171 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\diogo mesti\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Reset Hosts File ======================

Hosts File Reset Successfully

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\DIOGOM~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 20/03/2014 at 16:29:42,69 ======================
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#10 Por Power Max
20/03/2014 - 16:33
veja.png Siga, por gentileza, as dicas do tutorial abaixo:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
dioguera
dioguera Membro Junior Registrado
99 Mensagens 2 Curtidas
#11 Por dioguera
20/03/2014 - 16:51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by diogo mesti on 20/03/2014 at 16:44:50,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\diogo mesti\AppData\Roaming\mozilla\firefox\profiles\isqgalun.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/03/2014 at 16:50:34,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

O problema continua. O que faço agora?
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#12 Por Power Max
20/03/2014 - 23:48
veja.png Faça o download do < ZHPDiag2.exe > < Imagem> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag )

Imagem

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

Imagem

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

Imagem
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
dioguera
dioguera Membro Junior Registrado
99 Mensagens 2 Curtidas
#13 Por dioguera
21/03/2014 - 08:42
~ Rapport de ZHPDiag v2014.3.21.20 - Nicolas Coolman (21/03/2014)
~ Lancé par diogo mesti (21/03/2014 08:40:30)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 27.0.1
GCIE: Google Chrome v33.0.1750.154 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W8

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3975 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 81 GB (18%) free of 435 GB

---\\ Mode de connexion au système
~ Computer Name: DIOGUERA
~ User Name: diogo mesti
~ All Users Names: HomeGroupUser$, diogo mesti, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\diogo mesti\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\diogo mesti\AppData\Roaming\
~ %Desktop% : C:\Users\diogo mesti\Desktop\
~ %Favorites% : C:\Users\diogo mesti\Favorites\
~ %LocalAppData% : C:\Users\diogo mesti\AppData\Local\
~ %StartMenu% : C:\Users\diogo mesti\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 81 Go of 435 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Windows Explorer.) (.22/10/2013 - 04:55:27.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/08/2013 - 06:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/12/2013 - 05:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 08:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 08:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 09:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.23/11/2013 - 04:08:19.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.22/08/2013 - 10:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.30/09/2013 - 00:59:53.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.C85C075DE5B6D0FE116043054DE8EE02] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.31/01/2014 - 13:15:23.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/9023
~ Mes musiques (My Musics) : 1/4162
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/10858
~ Mon Bureau (My Desktop) : 22/4158
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 20s



---\\ Processus lancés
[MD5.672E1B3140D78F01E5563C32A72E3ED3] - (.Pas de propriétaire - VaioCare Window Listener Application.) -- C:\Program Files\Sony\VAIO Care\listener.exe [62464] [PID.4464]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.4576]
[MD5.6BF7676296D5359AFC135A5397000053] - (.Acresso Corporation - Acresso Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496] [PID.4804]
[MD5.A4C98FD0EB19815374011C929B7D728A] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128] [PID.5316]
[MD5.CC5818DE66F67EFF74D7BFF62CD6527B] - (...) -- C:\Program Files\Digiarty\Air_Playit\airplayit.exe [10468672] [PID.5412]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Users\diogo mesti\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [PID.5484]
[MD5.63A2D767B9261B4F33F97BF88F2FB197] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [276328] [PID.5660]
[MD5.2E2F360FF158A67F8128EFAAF974189C] - (.Sony Corporation - ISB Utility.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776] [PID.5728]
[MD5.717CECF8A6F55295A2A8B9ED4C64D800] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576] [PID.5800]
[MD5.058C775867471138E65DD01BA5FBEDDC] - (.Digiarty, Inc. - AirPS.exe.) -- C:\Program Files\Digiarty\Air_Playit\AirPS.exe [1607488] [PID.6128]
[MD5.D5AA702664BA73DF84AC5C7FCA0C1C18] - (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [152896] [PID.5352]
[MD5.2D75851551D18878FADC21E166DEA3FA] - (.ASUSTek Computer Inc. - AiChargerAP MFC Application.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984] [PID.6024]
[MD5.2FB757B35C94B1C1C65BA35E4E7EC0F2] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [174952] [PID.6152]
[MD5.F9DFC08677FC9AC81DD5ACA5EE879E47] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [565096] [PID.6228]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.6568]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.6768]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.6856]
[MD5.C7F05A3FD4A8DC4EE7A7866876E1534C] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968] [PID.6916]
[MD5.95F3F024B8EE19D1B8FD32E9536C5268] - (.APN LLC. - Virtual New Tab Loader.) -- C:\Users\diogo mesti\AppData\Local\VNT\vntldr.exe [195536] [PID.7184] =>Toolbar.Ask
[MD5.B2F0B501A7C017F21C4B4417623895BD] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [367976] [PID.7272]
[MD5.8EDC8091A87B0CCB5A580E38100BC99F] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504] [PID.8480]
[MD5.41D2D33B604B97B3F0331FA693136053] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8356864] [PID.8660]
[MD5.B9562F200149C64CC53D47F969CEA6C3] - (.Microsoft Corporation - Host WWA Microsoft.) -- C:\WINDOWS\syswow64\wwahost.exe [518656] [PID.1448]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\diogo mesti\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 - GCE: Preference [User Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] Kaspersky URL Advisor v.13.0.2.558 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hakdifolhalapjijoafobooafbilfakh] Safe Money v.13.0.2.558 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Content Blocker v.13.0.2.614 (Désactivé)
G2 - GCE: Preference [User Data\Default] [jagncdcchgajhfhijbbhecadmaiegcmh] Virtual Keyboard v.13.0.2.614 (Désactivé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pjldcfjmnllhmgjclecdnfampinooman] Anti-Banner v.13.0.2.558 (Désactivé)
~ Google Browser: 22 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\diogo mesti\AppData\Roaming\Mozilla\Firefox\Profiles\isqgalun.default\prefs.js
M2 - MFEP: prefs.js [diogo mesti - isqgalun.default\{87F8774F-B485-47E2-A755-A40A8A5E8873}] [] Guardiao Itau Unibanco v2.12.3.8.210 (..)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\diogo mesti\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 29 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13828 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Aulete digital.lnk . (.LEXI - Pas de description.) -- C:\Program Files (x86)\Aulete digital\Aulete.exe
O4 - GS\Desktop [Public]: DivX Player.lnk . (...) -- C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe
O4 - GS\Desktop [Public]: PDF.lnk . (.Nuance Communications, Inc. - Nuance PDF Reader.) -- C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe
O4 - GS\Desktop [Public]: Raquel.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Diogenes.lnk . (.Peter Heslin - Classics Database Browser.) -- C:\Program Files (x86)\Diogenes\diogenes.exe
O4 - GS\Program [Public]: Intel® AT Service signup.lnk . (.Intel Corporation - Intel(R) AT Service signup.) -- C:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Registro OCR I.R.I.S..lnk . (.I.R.I.S. Image Recognition Integarted Syste - Registration Wizard.) -- C:\Program Files (x86)\HP\Digital Imaging\DocProc\regipe.exe
O4 - GS\Program [Public]: Xperia Link.lnk . (.Sony Corporation - Xperia Link.) -- C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe
O4 - GS\QuickLaunch [diogo mesti]: Air Playit.lnk . (...) -- C:\Program Files\Digiarty\Air_Playit\airplayit.exe
O4 - GS\QuickLaunch [diogo mesti]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [diogo mesti]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\diogo mesti\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [diogo mesti]: DivX Player.lnk . (...) -- C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe
O4 - GS\TaskBar [diogo mesti]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [diogo mesti]: diogo mesti.lnk - Clé orpheline
O4 - GS\Program [diogo mesti]: Doutorado (2).lnk . (...) -- C:\Users\diogo mesti\Documents\Doutorado
O4 - GS\Program [diogo mesti]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [diogo mesti]: Air Playit.lnk . (...) -- C:\Program Files (x86)\Digiarty\Air_Playit\airplayit.exe (.not file.)
O4 - GS\Desktop [diogo mesti]: Diogenes.lnk . (.Peter Heslin - Classics Database Browser.) -- C:\Program Files (x86)\Diogenes\diogenes.exe
O4 - GS\Desktop [diogo mesti]: DjView.lnk . (...) -- C:\Program Files (x86)\DjVuZone\DjVuLibre\djview.exe
O4 - GS\Desktop [diogo mesti]: Google Drive.lnk . (...) -- C:\Users\diogo mesti\Google Drive
O4 - GS\Desktop [diogo mesti]: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2012\IRPF2012.exe
O4 - GS\Desktop [diogo mesti]: Kalós.lnk . (.http://launch4j.sourceforge.net - Created with launch4j 1.1.2 -- http://launc.) -- C:\Program Files (x86)\Kalos\kalos.exe
O4 - GS\Desktop [diogo mesti]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\diogo mesti\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 69 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BtTray] . (.Qualcomm Atheros - BtTray.) -- C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
O4 - HKLM\..\Run: [BtvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [LogMeIn GUI] . (.LogMeIn, Inc. - LogMeIn Desktop Application.) -- C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [ISUSPM] . (.Acresso Corporation - Acresso Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\diogo mesti\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Digiarty_Software_AirPlayit] . (...) -- C:\Program Files\Digiarty\Air_Playit\airplayit.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\diogo mesti\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [ISBMgr.exe] . (.Sony Corporation - ISB Utility.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Wow6432Node\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Wow6432Node\Run: [Intel AT Service signup] . (.Intel Corporation - Intel(R) AT Service signup.) -- c:\Program Files (x86)\Intel Corporation\Intel AT Service signup\IntelATServiceSignup.exe
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Nuance PDF Reader-reminder] . (.Nuance Communications, Inc. - Ereg (Unicode version).) -- C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe
O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [ASUS Ai Charger] . (.ASUSTek Computer Inc. - AiChargerAP MFC Application.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files (x86)\real\realplayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [VNT] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Program Files (x86)\VNT\vntldr.exe =>Toolbar.Ask
O4 - HKUS\S-1-5-21-3472444042-202263751-3116591014-1001\..\Run: [ISUSPM] . (.Acresso Corporation - Acresso Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
O4 - HKUS\S-1-5-21-3472444042-202263751-3116591014-1001\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-3472444042-202263751-3116591014-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\diogo mesti\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3472444042-202263751-3116591014-1001\..\Run: [Digiarty_Software_AirPlayit] . (...) -- C:\Program Files\Digiarty\Air_Playit\airplayit.exe
O4 - HKUS\S-1-5-21-3472444042-202263751-3116591014-1001\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\diogo mesti\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3472444042-202263751-3116591014-1001\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7459FFF-AAFD-4DFA-931D-BE93B778B6BE}: NameServer = 192.168.0.254,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{1611A53A-1620-4A7E-8377-B56814F558C7}: DhcpNameServer = 201.17.128.103 201.17.128.109 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{32F24FCC-9C47-4258-B6AD-835EA41E61F9}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F7459FFF-AAFD-4DFA-931D-BE93B778B6BE}: NameServer = 192.168.0.254,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{1611A53A-1620-4A7E-8377-B56814F558C7}: DhcpNameServer = 201.17.128.103 201.17.128.109 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{32F24FCC-9C47-4258-B6AD-835EA41E61F9}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.128.103 201.17.128.109 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
O23 - Service: View Password (ViewPassword) . (...) - C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe =>PUP.ViewPassword
~ Services: 21 Legitimates Filtered in 00mn 03s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\View Password Update.job [438] =>PUP.ViewPassword
[MD5.00000000000000000000000000000000] [APT] [View Password Update] (...) -- C:\Program Files (x86)\View-Password-soft\View-.exe (.not file.) [0] =>PUP.ViewPassword
~ Scheduled Task: 26 Legitimates Filtered in 00mn 04s



---\\ Logiciels installés (O42)
O42 - Logiciel: AC3 Player version 1.0 - (.ac3directshowfilter.com.) [HKLM][64Bits] -- {88246387-F3C7-43D3-B1C8-A5FEB11D6C61}_is1
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {41525333-2D56-3700-76A7-A758B70C0A04} =>Toolbar.Ask
O42 - Logiciel: Aulete digital - (.Lexikon Editora Digital.) [HKLM][64Bits] -- Aulete digital_is1
O42 - Logiciel: Diogenes version 3 - (...) [HKLM][64Bits] -- Diogenes_is1
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2012
O42 - Logiciel: KALÓS 4.14 - (.Mariana Esplugas and Gonzalo Díaz.) [HKLM][64Bits] -- Kalós_is1
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
~ Logic: 40 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKCU\Software\VNT]
[HKCU\Software\Windows8Downloads]
[HKCU\Software\mgb]
[HKLM\Software\Wow6432Node\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
~ Key Software: 365 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/09/2013 - 10:55:33 - [0,063] ----D C:\Program Files (x86)\"Hao123.com"
O43 - CFD: 22/02/2014 - 19:28:00 - [18,260] ----D C:\Program Files (x86)\AC3 Player
O43 - CFD: 20/11/2012 - 07:12:14 - [74,143] ----D C:\Program Files (x86)\Aulete digital
O43 - CFD: 13/09/2013 - 10:51:51 - [0] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 21/11/2012 - 05:41:19 - [1323,925] ----D C:\Program Files (x86)\Diogenes
O43 - CFD: 21/11/2012 - 08:15:56 - [156,203] ----D C:\Program Files (x86)\Kalos
O43 - CFD: 20/03/2014 - 23:15:21 - [0,193] ----D C:\Program Files (x86)\View-Password-soft =>PUP.ViewPassword
O43 - CFD: 16/03/2014 - 19:16:23 - [0,326] ----D C:\Program Files (x86)\VNT
O43 - CFD: 20/11/2012 - 07:12:14 - [1,301] ----D C:\Program Files (x86)\Common Files\MGB
O43 - CFD: 13/09/2013 - 10:53:30 - [0,002] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 16/10/2012 - 04:34:45 - [0] ----D C:\ProgramData\Internet Content Filter
O43 - CFD: 07/07/2013 - 15:42:36 - [21,700] ----D C:\Users\diogo mesti\AppData\Roaming\.gephi
O43 - CFD: 13/09/2013 - 10:51:51 - [2,773] ----D C:\Users\diogo mesti\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 20/11/2012 - 07:26:36 - [0,333] ----D C:\Users\diogo mesti\AppData\Roaming\diogenes
O43 - CFD: 20/11/2012 - 07:26:36 - [28,618] ----D C:\Users\diogo mesti\AppData\Local\diogenes
O43 - CFD: 16/03/2014 - 19:16:27 - [0,275] ----D C:\Users\diogo mesti\AppData\Local\VNT
O43 - CFD: 10/11/2013 - 09:42:43 - [0,004] ----D C:\Users\diogo mesti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
~ Program Folder: 204 Legitimates Filtered in 00mn 15s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 12/03/2014 - 14:54:28 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722]
O44 - LFC:[MD5.B1202AEAD557FCAB4B326D11A47D0A60] - 16/03/2014 - 19:15:07 ---A- . (...) -- C:\Windows\System32\cpwmon64.dll [87600]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 20/03/2014 - 16:13:16 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.45C18A2863A644B50F0F7000C652ED75] - 20/03/2014 - 16:29:42 ---A- . (...) -- C:\zoek-results.log [20453]
O44 - LFC:[MD5.A4F2FFA6A90316115AB47834EC26DE75] - 20/03/2014 - 22:44:40 ---A- . (...) -- C:\Windows\System32\.crusader [430]
O44 - LFC:[MD5.C9AF792AB023B20D01E95B9DFF443CF4] - 21/03/2014 - 08:30:00 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [195574]
O44 - LFC:[MD5.E47A2CC429F388F1374A0118B804D565] - 21/03/2014 - 08:30:00 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [924768]
~ Files: 79 Legitimates Filtered in 00mn 04s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
~ CSB: 19 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.ac3filter"="ac3filter64.acm" . (.Pas de propriétaire - ac3filter.) -- C:\Windows\System32\ac3filter64.acm
~ TDSD: 3 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.27069CFFF29B7F04F4B1BB10154BE52B] - 25/09/2012 - 04:52:04 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:[MD5.0BD906A79F9CE3013F7D9D0AC45F9F9D] - 25/09/2012 - 04:52:04 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:[MD5.46571ED73AE84469DCA53081D33CF3C8] - 13/09/2013 - 10:55:08 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 09:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 21/03/2014 - 08:25:49 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 20 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {967E35C8-F3C6-4EAC-8136-C76FDA490FCF} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
O69 - SBI: SearchScopes [HKCU] {F03D1B14-7DA7-45CE-92F6-5DA093F62C72} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.274209E6F54D0914555C229D58228583] [SPRF][20/03/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.AB5169471A0D317FE56508BF5C81469C] [SPRF][29/07/2013] (...) -- C:\Users\diogo mesti\AppData\Roaming\unins000.dat [13038]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "3335251465D20073677A7A857BC0A040" . (.Ask Toolbar.) -- C:\WINDOWS\Installer\{41525333-2D56-3700-76A7-A758B70C0A04}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 111 Legitimates Filtered in 00mn 00s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
O92 - MNS: Fotos do iCloud - {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 7 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.DC8532542F6CC34419F1A0A6C6563DA9] [WIS][25/02/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\14c44f0d.msi [463872] =>Toolbar.Ask
[MD5.085637CCB5EFD06B323BF7C3D9024C6C] [WIS][31/01/2014] (.Google, Inc. - Google Drive.) -- C:\Windows\Installer\2c7eb6f.msi [34143232]
[MD5.C133F19570415BEC44B8403A15BD4E9A] [WIS][29/04/2011] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\40c63d7.msi [523776]
~ WIS: 116 Legitimates Filtered in 00mn 16s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (21/03/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 4

[HKLM\SYSTEM\CurrentControlSet\Services\ViewPassword] =>PUP.ViewPassword^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{41525333-2D56-3700-76A7-A758B70C0A04}] =>Toolbar.Ask^
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:VNT =>Toolbar.Ask^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\View-Password-soft =>PUP.ViewPassword^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\diogo mesti\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\diogo mesti\AppData\Local\VNT\vntldr.exe =>Toolbar.Ask^
C:\Windows\Tasks\View Password Update.job =>PUP.ViewPassword^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
C:\Windows\Installer\14c44f0d.msi =>Toolbar.Ask^
~ Additionnel Scan: 361052 Items scanned in 00mn 16s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/35740148-pup-viewpassword =>PUP.ViewPassword
~ http://nicolascoolman.webs.com/apps/blog/show/28158343-adware-bdsearch =>Adware.BDSearch
~ MSI: 4 link(s) detected in 00mn 16s



~ 1214 Legitimates filtered by white list
End of the scan (508 lines in 01mn 38s)(0)
Power Max
Power Max Ubbergeek Registrado
4.2K Mensagens 509 Curtidas
#15 Por Power Max
22/03/2014 - 11:20
veja.png Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
____________________________________________________________________________________________________________________

veja.png Acesse o site https://www.virustotal.com e envie estes dois arquivos destacados em negrito abaixo para serem analisados (um de cada vez):
C:\Program Files (x86)\Diogenes\diogenes.exe
C:\Program Files (x86)\Kalos\kalos.exe

E assim que a análise de cada um destes arquivos acima terminar, copie o link que aparecerá na barra de endereços de seu navegador e poste estes links com os resultados em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo.
____________________________________________________________

veja.png Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
[MD5.95F3F024B8EE19D1B8FD32E9536C5268] - (.APN LLC. - Virtual New Tab Loader.) -- C:\Users\diogo mesti\AppData\Local\VNT\vntldr.exe [195536] [PID.7184] =>Toolbar.Ask
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [diogo mesti]: diogo mesti.lnk - Clé orpheline
O4 - GS\Desktop [diogo mesti]: Air Playit.lnk . (...) -- C:\Program Files (x86)\Digiarty\Air_Playit\airplayit.exe (.not file.)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\diogo mesti\AppData\Local\Facebook\Update\FacebookUpdate .exe
O4 - HKLM\..\Wow6432Node\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier .exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [VNT] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Program Files (x86)\VNT\vntldr.exe =>Toolbar.Ask
O4 - HKUS\S-1-5-21-3472444042-202263751-3116591014-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\diogo mesti\AppData\Local\Facebook\Update\FacebookUpdate .exe
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O23 - Service: View Password (ViewPassword) . (...) - C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe =>PUP.ViewPassword
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\View Password Update.job [438] =>PUP.ViewPassword
[MD5.00000000000000000000000000000000] [APT] [View Password Update] (...) -- C:\Program Files (x86)\View-Password-soft\View-.exe (.not file.) [0] =>PUP.ViewPassword
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {41525333-2D56-3700-76A7-A758B70C0A04} =>Toolbar.Ask
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\VNT]
[HKLM\Software\Wow6432Node\AskPartnerNetwork]
O43 - CFD: 13/09/2013 - 10:55:33 - [0,063] ----D C:\Program Files (x86)\"Hao123.com"
O43 - CFD: 13/09/2013 - 10:51:51 - [0] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 20/03/2014 - 23:15:21 - [0,193] ----D C:\Program Files (x86)\View-Password-soft =>PUP.ViewPassword
O43 - CFD: 16/03/2014 - 19:16:23 - [0,326] ----D C:\Program Files (x86)\VNT
O43 - CFD: 13/09/2013 - 10:53:30 - [0,002] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 13/09/2013 - 10:51:51 - [2,773] ----D C:\Users\diogo mesti\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 16/03/2014 - 19:16:27 - [0,275] ----D C:\Users\diogo mesti\AppData\Local\VNT
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro37.sys (.not file.)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
O69 - SBI: SearchScopes [HKCU] {967E35C8-F3C6-4EAC-8136-C76FDA490FCF} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
O90 - PUC: "3335251465D20073677A7A857BC0A040" . (.Ask Toolbar.) -- C:\WINDOWS\Installer\{41525333-2D56-3700-76A7-A758B70C0A04}\ToolbarIcon.exe =>Toolbar.Ask
[MD5.DC8532542F6CC34419F1A0A6C6563DA9] [WIS][25/02/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\14c44f0d.msi [463872] =>Toolbar.Ask
[HKLM\SYSTEM\CurrentControlSet\Services\ViewPasswor d] =>PUP.ViewPassword^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uni nstall\{41525333-2D56-3700-76A7-A758B70C0A04}] =>Toolbar.Ask^
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:VNT =>Toolbar.Ask^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\View-Password-soft =>PUP.ViewPassword^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\diogo mesti\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\diogo mesti\AppData\Local\VNT\vntldr.exe =>Toolbar.Ask^
C:\Windows\Tasks\View Password Update.job =>PUP.ViewPassword^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
C:\Windows\Installer\14c44f0d.msi =>Toolbar.Ask^
ShortcutFix
ProxyFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

veja.png Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com os links das análises dos arquivos no site Virus Total.
<><><><><><><><><><><><><><><><>

Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal