Vamos remover o restos do Autorun.inf
Amigo, muito obrigado desde já por sua paciência (a internet da minha cidade está péssima hoje, acho que no Brasil todo tá assim, sorte que o povo tá fazendo ENEM agora rsrs Olha, consegui instalar programas que eu não tava conseguindo instalar antes, como o Windows Live Movie Maker, que eu tava precisando pra um trabalho, mas já tá rodando legal. O resultado do rastreamento do primeiro programa foi 5 ameaças, tava mais perigo do que eu imaginava rs
Isso me dá um grande alívio, mas vamos remover essa praga já já
~ Relatório do ZHPDiag v2014.11.7.159 - Nicolas Coolman (07/11/2014)
~ Iniciado por Ricardo Gandra (08/11/2014 17:14:31)
~ Endereço do Website : <a href="http://nicolascoolman.fr" target="_blank">http://nicolascoolman.fr</a>
~ Endereço do Webforum : <a href="http://forum.nicolascoolman.fr" target="_blank">http://forum.nicolascoolman.fr</a>
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16384 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Pro, 64-bit (Build 9200)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
avast! Premier v9.0.2018
Malwarebytes Anti-Malware versão 2.0.3.1025
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3893 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 325 GB (72%) free of 451 GB
---\\ Modo de conexão ao sistema
~ Computer Name: RICARDOGANDRA
~ User Name: Ricardo Gandra
~ All Users Names: Ricardo Gandra, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Ricardo Gandra\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Ricardo Gandra\AppData\Roaming\
~ %Desktop% : C:\Users\Ricardo Gandra\Desktop\
~ %Favorites% : C:\Users\Ricardo Gandra\Favorites\
~ %LocalAppData% : C:\Users\Ricardo Gandra\AppData\Local\
~ %StartMenu% : C:\Users\Ricardo Gandra\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 325 Go of 451 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 40 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.928791755FDDEA721B053535EF84FA17] - (.Microsoft Corporation - Windows Explorer.) (.26/07/2012 - 01:49:13.) -- C:\Windows\Explorer.exe [2380440]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.3DA7E6053DB9BE3EADC70CE20B1FB92B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/07/2012 - 00:07:56.) -- C:\Windows\System32\wininet.dll [2246656]
[MD5.93AB226C07A9789B2EC7B41F73602F76] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Winlogon.exe [516608]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.9E975BDC89C83900B2C534C4E1B018F8] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\AFD.sys [561152]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.25/07/2012 - 23:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.8D6810577E9C4F56DCB8E9BACAC7287B] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.25/07/2012 - 23:27:36.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.1EEAA5A62E8C49DDF58798F06F78BFFA] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.25/07/2012 - 23:23:25.) -- C:\Windows\system32\Drivers\MRxSmb.sys [368128]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.4A7EEA9C4AD5CBFDA3C0E5B821C99CAD] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.26/07/2012 - 02:26:46.) -- C:\Windows\system32\Drivers\ntfs.sys [1934064]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.26/07/2012 - 01:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/10
~ Mes musiques (My Musics) : 19/524
~ Mes Videos (My Videos) : 1/21
~ Mes Favoris (My Favorites) : 1/115
~ Mes Documents (My Documents) : 1/7165
~ Mon Bureau (My Desktop) : 11/879
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 04s
---\\ Processos lançados
[MD5.92BC91BEB19BE1F03DB9664AD47120B2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3888648] [PID.3144]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4656]
[MD5.3EEBD8B41E5C3342B0449C13C92EB00F] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520] [PID.1352]
[MD5.B77081F8221968C7DAB794B0BA55C43E] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896] [PID.3180]
[MD5.867B09535EA132D8E5EB09444812E25A] - (.Bitdefender LLC - Bitdefender USB Immunizer.) -- C:\Users\Ricardo Gandra\AppData\Local\Temp\BDUSBImmunizer\BDUSBImmunizer.exe [845824] [PID.3828]
[MD5.F89773DFA9B8C95A3AC2AF1E7D99E483] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [7229752] [PID.624]
[MD5.DE8D08AA7323CEA0A7D8BBF8908457D4] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [368728] [PID.972]
[MD5.1249974F2A658D07E2647DD9C3592B9E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770504] [PID.3920]
[MD5.236F518655EB360A64181235531D8556] - (.Orbitdownloader.com - Orbit Downloader.) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe [2674456] [PID.3624]
[MD5.F5B51FFC3365683636A0C7E40870101D] - (.Orbitdownloader.com - P2P service of Orbit Downloader.) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe [557056] [PID.3232]
[MD5.275BC5457DE123E03B3F09365528F470] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8122368] [PID.1568]
[MD5.3308769DA6E47DB3211489475C3252BF] - (.Microsoft Corporation - Microsoft ® Console Based Script Host.) -- C:\WINDOWS\SysWOW64\cscript.exe [115712] [PID.5180]
~ Processes Running: Scanned in 00mn 01s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <a href="http://g.live.com" target="_blank">http://g.live.com</a>
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = <a href="http://istart.webssearches.com" target="_blank">http://istart.webssearches.com</a> =>Hijacker.WebsSearches
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = <a href="http://istart.webssearches.com" target="_blank">http://istart.webssearches.com</a> =>Hijacker.WebsSearches
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: btorbit.com [64Bits] - {000123B4-9B42-4900-B3F7-F4B073EFC214} . (.Orbitdownloader.com - Orbitcth.) -- C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer [64Bits] - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealDownloader - RealPlayer Video Downloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
~ BHO: 13 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Ricardo Gandra]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe <a href="http://istart.webssearches.com" target="_blank">http://istart.webssearches.com</a> =>Hijacker.WebsSearches
O4 - GS\TaskBar [Ricardo Gandra]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe <a href="http://istart.webssearches.com" target="_blank">http://istart.webssearches.com</a> =>Hijacker.WebsSearches
O4 - GS\Program [Ricardo Gandra]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe <a href="http://istart.webssearches.com" target="_blank">http://istart.webssearches.com</a> =>Hijacker.WebsSearches
~ Global Startup: 3 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\RunOnce: [Malwarebytes Anti-Malware (cleanup)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Clique para Telefonar do Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DB9B6EB-8012-49D2-8F3F-05F499357E34}: NameServer = 122.168.122.254,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{147F956B-06FD-43FC-8772-503CA357771E}: DhcpNameServer = 192.14.0.123
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DB9B6EB-8012-49D2-8F3F-05F499357E34}: NameServer = 122.168.122.254,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{147F956B-06FD-43FC-8772-503CA357771E}: DhcpNameServer = 192.14.0.123
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.14.0.123
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) . (...) - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
~ Services: 8 Legitimates Filtered in 00mn 46s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1108]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1112]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 10s
---\\ Software instalados (042)
O42 - Logiciel: AoA DVD Copy - (.AoAMedia.) [HKLM][64Bits] -- AoA DVD Copy_is1
~ Logic: 25 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AoADVDCOPY]
[HKCU\Software\Baidu Security]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Vagalume]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\SOSVirus]
~ Key Software: 187 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/10/2014 - 17:43:57 - [] ----D C:\Program Files (x86)\AoA DVD Copy
O43 - CFD: 05/10/2014 - 23:24:21 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 05/10/2014 - 23:24:21 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 06/08/2014 - 23:32:46 - [] ----D C:\ProgramData\LEYA
O43 - CFD: 31/10/2014 - 00:21:39 - [] ----D C:\Users\Ricardo Gandra\AppData\Local\InstaladorSIAE
~ Program Folder: 136 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.78BED160F172653564C488A7F19B7F79] - 08/11/2014 - 14:30:55 ---A- . (...) -- C:\Windows\DirectX.log [5114]
O44 - LFC:[MD5.73BE24F8B3A2F662501DC0E757EED400] - 08/11/2014 - 15:10:53 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [154608]
O44 - LFC:[MD5.2C9E5636FA870A98988028D34523BCB7] - 08/11/2014 - 15:10:53 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [762816]
O44 - LFC:[MD5.C245E71936BF939867D8AFCF309FDE3F] - 27/10/2014 - 18:17:25 R--A- . (...) -- C:\Sims3EP07.ico [10134]
O44 - LFC:[MD5.DE9ABABCC1B0F7CA79B8D48CFABD6C55] - 30/10/2014 - 21:43:22 ---A- . (...) -- C:\Windows\wininit.ini [71]
~ Files: 666 Legitimates Filtered in 00mn 09s
---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
~ Keys Export: 2 Legitimates Filtered in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{af24f38d-4440-11e4-be7b-70f39560a8db}\AutoRun\command. (...) -- G:\LGAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:21/06/2014 - 15:02:08 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:21/06/2014 - 15:02:08 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:21/06/2014 - 15:02:08 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 57 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - <a href="'http://www.usbfix.net'" target="_blank">www.usbfix.net</a> - <a href="'http://www.sosvirus.net'" target="_blank">www.sosvirus.net</a>.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - <a href="http://www.bing.com" target="_blank">http://www.bing.com</a>
~ Keys: Scanned in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 21/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 26/07/2012 30208 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/06/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/06/2014 109048 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 01/10/2014 1871160 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 01/10/2014 968504 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 24/07/2014 39568 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 13/10/2014 1141848 | (RealPlayer Cloud Service) . (.RealNetworks, Inc..) - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
SR - | Auto 24/07/2014 23552 | (RealPlayerUpdateSvc) . (...) - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 21s
---\\ Scâner Aditional (088)
Database Version : 13026 - (07/11/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKCU\Software\Softonic] =>Toolbar.Conduit
~ Additionnel Scan: 213778 Items scanned in 00mn 50s
---\\ Informações complémentaires do módulos
~ <a href="http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/" target="_blank">http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/</a> =>.Internet Explorer, Gestão do Proxy (R5)
~ <a href="http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/" target="_blank">http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/</a> =>.Browser Helper Objects do navegador (02)
~ <a href="http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/" target="_blank">http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/</a> =>.Aplicações iniciadas por registo & pastas (04)
~ <a href="http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/" target="_blank">http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/</a> =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
<a href="http://nicolascoolman.fr/hijacker-webssearches" target="_blank">http://nicolascoolman.fr/hijacker-webssearches</a> =>Hijacker.WebsSearches
<a href="http://nicolascoolman.fr/toolbar-conduit" target="_blank">http://nicolascoolman.fr/toolbar-conduit</a> =>Toolbar.Conduit
~ MSI: 2 link(s) detected in 00mn 00s
~ 1201 Legitimates filtered by white list
End of the scan (358 lines in 02mn 54s)(0)