Gostaria de fazer uma limpeza geral no pc .. esta bem lento e com uso do cpu em 100%
acho que esta infectado!!!
Leandro Samp...
Geek
Registrado
2.3K Mensagens
131 Curtidas
- Home
- >
- Fórum
- >
- Windows, Softwa...
- >
- Análise de log,...
- >
- pc com comportamento estr...
Power Max
Ubbergeek
Registrado
4.2K Mensagens
509 Curtidas
Olá Leandro.
Faça o download do < ZHPDiag2.exe > < 
> ( ... de Nicolas Coolman )Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
Tutorial de instalação e execução do aplicativo ZHPDiag
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
<><><><><><><><><><><><><><><><>
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Leandro Samp...
Geek
Registrado
2.3K Mensagens
131 Curtidas
Relatório concluído:
~ Relatório do ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014)
~ Iniciado por Leandro (30/04/2014 06:43:10)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17041
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome v34.0.1847.131
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.3.350
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.04
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4085 MB (5% free)
System Restore: Activé (Enable)
System drive C: has 398 GB (87%) free of 456 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LEANDRO-PC
~ User Name: Leandro
~ All Users Names: Leandro, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Leandro\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Leandro\AppData\Roaming\
~ %Desktop% : C:\Users\Leandro\Desktop\
~ %Favorites% : C:\Users\Leandro\Favorites\
~ %LocalAppData% : C:\Users\Leandro\AppData\Local\
~ %StartMenu% : C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 398 Go of 456 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 9 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyDocs: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/1178
~ Mes musiques (My Musics) : 39/518
~ Mes Videos (My Videos) : 2/34
~ Mes Favoris (My Favorites) : 1/61
~ Mes Documents (My Documents) : 1/67
~ Mon Bureau (My Desktop) : 2/38
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 05s
---\\ Processos lançados
[MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe [495616] [PID.2292]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.2360]
[MD5.3FDBC28DEF3378089C5EE301637970BA] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1716]
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.1212]
[MD5.8858F7FE986DD156F88488EDA50CC446] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.2372]
[MD5.C54C8B8DAE3CC59CBAFF15FAC00084D7] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe [1864368] [PID.1616]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7865344] [PID.1796]
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400] [PID.1224]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1436]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400] [PID.1472]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.2472]
[MD5.A8E7F3DB083EB0839DFC1C763CDD2594] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912] [PID.2276]
[MD5.0E08BDD7326E657D59DB40BAD23D8169] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.1036]
~ Processes Running: Scanned in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M0 - MFSP: prefs.js [Leandro - 0452intz.default-1397946789947] www.globo.com
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (...) -- C:\Users\Leandro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (.not file.)
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com
~ IE Browser: 22 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKUS\S-1-5-21-4277086998-2900097508-3882706938-1000\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE4E34C8-5609-4789-BEE4-C945E60119BE}: DhcpNameServer = 200.189.80.114 200.189.80.127 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{BE4E34C8-5609-4789-BEE4-C945E60119BE}: DhcpNameServer = 200.189.80.114 200.189.80.127 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{BE4E34C8-5609-4789-BEE4-C945E60119BE}: DhcpNameServer = 200.189.80.114 200.189.80.127 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.189.80.114 200.189.80.127 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
~ Scheduled Task: 2 Legitimates Filtered in 00mn 09s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys
O41 - Driver: (lmservicedrv) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\lmservicedrv.sys
O41 - Driver: ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys =>PUP.LinkiDoo
~ Drivers: 90 Legitimates Filtered in 00mn 04s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AntiToolbar]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKCU\Software\UltraDownloads.com.br]
[HKCU\Software\mgb]
[HKCU\Software\superdownloads.com.br]
[HKCU\Software\ziggi]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\CleanMyPC]
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\LM Service]
[HKLM\Software\Wow6432Node\NEOACT]
[HKLM\Software\Wow6432Node\SiteFinder] =>Adware.ShoppingReport
~ Key Software: 185 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/04/2014 - 20:33:18 - [] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 05/08/2013 - 10:34:54 - [] ----D C:\Program Files (x86)\Driver LM
O43 - CFD: 24/04/2014 - 20:32:59 - [0] ----D C:\Program Files (x86)\SiteFinder =>Adware.ShoppingReport
O43 - CFD: 24/04/2014 - 20:33:56 - [] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 16/08/2013 - 22:07:39 - [] ----D C:\ProgramData\CDB
O43 - CFD: 08/05/2013 - 12:42:01 - [] ----D C:\Users\Leandro\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 28/05/2012 - 20:31:47 - [] ----D C:\Users\Leandro\AppData\Roaming\CleanMyPC
O43 - CFD: 09/12/2012 - 18:10:01 - [] ----D C:\Users\Leandro\AppData\Roaming\RealWorld
~ Program Folder: 135 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D53A0800A3E7E720F12C1FD2854CC97B] - 18/04/2014 - 15:58:07 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [757301]
O44 - LFC:[MD5.82A94ADE110A2BD17B96959F945138E3] - 24/04/2014 - 12:32:28 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120] =>PUP.LinkiDoo
O44 - LFC:[MD5.551BDC2CE400B6824451926870C52901] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfc0404.dat [22672]
O44 - LFC:[MD5.8E340FA1B584F627A9B5F95E921C4F3F] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [26746]
O44 - LFC:[MD5.D7638AA49044C83467EDD3B1847C9062] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfc0804.dat [22260]
O44 - LFC:[MD5.8C07A87BDA845297F53A1356EBC4D241] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfc0816.dat [26310]
O44 - LFC:[MD5.49A51A1AC505FF93745D2075017482FD] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfh0404.dat [24208]
O44 - LFC:[MD5.2CB5D2316D083C2A0520873258FD1CC6] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [53502]
O44 - LFC:[MD5.D09E2881D632F08473C46C69073AB203] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfh0804.dat [23106]
O44 - LFC:[MD5.0B819AB1C4EB03C70B187CFCBE537B28] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfh0816.dat [52998]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 29/04/2014 - 20:38:17 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.5A1AB38050BFACEDEC27989489D7CAB4] - 29/04/2014 - 21:06:15 ---A- . (...) -- C:\zoek-results.log [14805]
O44 - LFC:[MD5.CB48E1F539DBF2CBC15FB9F80601A7EE] - 30/04/2014 - 06:43:26 ---A- . (...) -- C:\Windows\ntbtlog.txt [600]
~ Files: 73 Legitimates Filtered in 01mn 30s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:27/06/2013 - 18:46:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:27/06/2013 - 18:46:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:27/06/2013 - 18:46:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175]
O58 - SDL:03/09/2013 - 08:59:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys [78144]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:24/05/2013 - 11:28:52 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\lmservicedrv.sys [41008]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:23/10/2013 - 07:58:42 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [16152]
O58 - SDL:24/04/2014 - 12:32:28 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120] =>PUP.LinkiDoo
~ Drivers: 63 Legitimates Filtered in 00mn 14s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 03/09/2013 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BPROTECTEX
O64 - Services: CurCS - 24/05/2013 - C:\Windows\System32\drivers\lmservicedrv.sys (lmservicedrv) .(.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - LEGACY_LMSERVICEDRV
O64 - Services: CurCS - 24/04/2014 - C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64) .(.StdLib - StdLib.) - LEGACY_{2C976A7F-DBDC-4756-870F-F6D183FE7A7E}GW64 =>PUP.LinkiDoo
~ Legacy: 101 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [Leandro - 0452intz.default-1397946789947] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] Web - (Web) - http://br.yhs4.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.35C918348CBB0877BCD5A3CF24C13761] [WIS][25/11/2012] (.DeltaInstaller - Delta Chrome Toolbar.) -- C:\Windows\Installer\5b2523.msi [573440] =>Toolbar.DeltaSearch
~ WIS: 1 Legitimates Filtered in 00mn 05s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\MemOptimizerPro_RASAPI32 =>PUP.OptimizerPro
HKLM\SOFTWARE\Microsoft\Tracing\MemOptimizerPro_RASMANCS =>PUP.OptimizerPro
HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32 =>PUP.WebConnect
HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS =>PUP.WebConnect
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWiseEnhance_RASAPI32 =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWiseEnhance_RASMANCS =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWiseEnhance_RASAPI32 =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWiseEnhance_RASMANCS =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseEnhance_RASAPI32 =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseEnhance_RASMANCS =>PUP.WiseEnhance
~ BTK: 51 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 13/03/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Auto 28/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 19/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 13/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 15/03/2014 290520 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s
---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 6
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77] =>PUP.ClaroSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484] =>PUP.ClaroSearch
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\SiteFinder =>Adware.ShoppingReport^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Leandro\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\SiteFinder] =>Adware.ShoppingReport^
C:\Windows\Installer\5b2523.msi =>Toolbar.DeltaSearch^
~ Additionnel Scan: 307949 Items scanned in 00mn 42s
---\\ Sumário das deteções encontradas na sua estação
http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow =>PUA.StartShow
http://nicolascoolman.webs.com/apps/blog/show/42132229-pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.webs.com/apps/blog/show/28158343-adware-bdsearch =>Adware.BDSearch
http://nicolascoolman.webs.com/apps/blog/show/28274469-trojan-lozavita =>Trojan.Lozavita
http://nicolascoolman.webs.com/apps/blog/show/27422225-adware-shoppingreport =>Adware.ShoppingReport
http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.webs.com/apps/blog/show/32781187-pup-webconnect =>PUP.WebConnect
http://nicolascoolman.webs.com/apps/blog/show/41783674-pup-melondrea =>PUP.Melondrea
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
http://nicolascoolman.webs.com/apps/blog/show/27563212-pup-clarosearch =>PUP.ClaroSearch
~ MSI: 11 link(s) detected in 00mn 00s
~ 756 Legitimates filtered by white list
End of the scan (422 lines in 03mn 58s)(0)
Power Max
Ubbergeek
Registrado
4.2K Mensagens
509 Curtidas
http://www.bleepingcomputer.com/download/adwcleaner/
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
Remova adwares e toolbars maliciosas com o Adwcleaner
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
<><><><><><><><><><><><><><><><>
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Leandro Samp...
Geek
Registrado
2.3K Mensagens
131 Curtidas
# AdwCleaner v3.205 - Relatório criado 30/04/2014 às 17:12:29
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Leandro - LEANDRO-PC
# Executando de : C:\Users\Leandro\Desktop\Minhas coisas ''NÃO MECHER''\Sofwares contra pragas maliciosas\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v28.0 (pt-BR)
[ Arquivo : C:\Users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\0452intz.default-1397946789947\prefs.js ]
[ Arquivo : C:\Users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\n5ufkwn7.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R15].txt - [1011 octets] - [30/04/2014 08:09:55]
AdwCleaner[R16].txt - [1229 octets] - [30/04/2014 17:12:08]
AdwCleaner[S14].txt - [1070 octets] - [30/04/2014 08:10:16]
AdwCleaner[S15].txt - [1146 octets] - [30/04/2014 17:12:29]
########## EOF - C:\AdwCleaner\AdwCleaner[S15].txt - [1207 octets] ##########
Power Max
Ubbergeek
Registrado
4.2K Mensagens
509 Curtidas
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
<><><><><><><><><><><><><><><><>
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Leandro Samp...
Geek
Registrado
2.3K Mensagens
131 Curtidas
tá na mão !!
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Leandro at 30/04/2014 20:05:15
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (39mn 02s)
Reparação de atalhos do navegador
========== Estado dos serviços ==========
BPROTECTEX Parado
{2C976A7F-DBDC-4756-870F-F6D183FE7A7E}GW64 Parado
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: BprotectEx
ELIMINÉ Driver Key: {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: HKLM\Software\Wow6432Node\SiteFinder
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}gw64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ: C:\Windows\Installer\5b2523.msi
ELIMINÉ Temporários windows (15) (3.345.725 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
11 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Preferências do navegador
2 : Estado dos serviços
1 : Restauração Sistema
End of clean in 39mn 24s
========== Caminho do ficheiro do relatório ==========
C:\Users\Leandro\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/04/2014 20:44:18 [2061]
Power Max
Ubbergeek
Registrado
4.2K Mensagens
509 Curtidas
Abra novamente o ( ZHPDiag )|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
<><><><><><><><><><><><><><><><>
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Leandro Samp...
Geek
Registrado
2.3K Mensagens
131 Curtidas
~ Relatório do ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014)
~ Iniciado por Leandro (30/04/2014 20:55:52)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17041
MFIE: Mozilla Firefox 28.0 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.3.350
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.04
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4085 MB (59% free)
System Restore: Activé (Enable)
System drive C: has 397 GB (86%) free of 456 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LEANDRO-PC
~ User Name: Leandro
~ All Users Names: Leandro, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Leandro\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Leandro\AppData\Roaming\
~ %Desktop% : C:\Users\Leandro\Desktop\
~ %Favorites% : C:\Users\Leandro\Favorites\
~ %LocalAppData% : C:\Users\Leandro\AppData\Local\
~ %StartMenu% : C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 397 Go of 456 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 9 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyDocs: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/1178
~ Mes musiques (My Musics) : 39/518
~ Mes Videos (My Videos) : 2/34
~ Mes Favoris (My Favorites) : 1/61
~ Mes Documents (My Documents) : 1/52
~ Mon Bureau (My Desktop) : 2/39
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe [495616] [PID.1972]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.2408]
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.2860]
[MD5.3FDBC28DEF3378089C5EE301637970BA] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.2792]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7865344] [PID.2392]
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400] [PID.1244]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1664]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400] [PID.1712]
[MD5.0E08BDD7326E657D59DB40BAD23D8169] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.1932]
[MD5.A8E7F3DB083EB0839DFC1C763CDD2594] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912] [PID.480]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M0 - MFSP: prefs.js [Leandro - 0452intz.default-1397946789947] www.globo.com
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com
~ IE Browser: 22 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKUS\S-1-5-21-4277086998-2900097508-3882706938-1000\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE4E34C8-5609-4789-BEE4-C945E60119BE}: DhcpNameServer = 200.189.80.114 200.189.80.127
O17 - HKLM\System\CS1\Services\Tcpip\..\{BE4E34C8-5609-4789-BEE4-C945E60119BE}: DhcpNameServer = 200.189.80.114 200.189.80.127
O17 - HKLM\System\CS2\Services\Tcpip\..\{BE4E34C8-5609-4789-BEE4-C945E60119BE}: DhcpNameServer = 200.189.80.114 200.189.80.127
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.189.80.114 200.189.80.127
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
~ Scheduled Task: 3 Legitimates Filtered in 00mn 03s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (lmservicedrv) . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\lmservicedrv.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys
O41 - Driver: ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys =>PUP.LinkiDoo
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AntiToolbar]
[HKCU\Software\GbAs]
[HKCU\Software\UltraDownloads.com.br]
[HKCU\Software\mgb]
[HKCU\Software\superdownloads.com.br]
[HKCU\Software\ziggi]
[HKLM\Software\CleanMyPC]
[HKLM\Software\Wow6432Node\LM Service]
[HKLM\Software\Wow6432Node\NEOACT]
~ Key Software: 169 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05/08/2013 - 10:34:54 - [] ----D C:\Program Files (x86)\Driver LM
O43 - CFD: 16/08/2013 - 22:07:39 - [] ----D C:\ProgramData\CDB
O43 - CFD: 28/05/2012 - 20:31:47 - [] ----D C:\Users\Leandro\AppData\Roaming\CleanMyPC
O43 - CFD: 09/12/2012 - 18:10:01 - [] ----D C:\Users\Leandro\AppData\Roaming\RealWorld
~ Program Folder: 130 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D53A0800A3E7E720F12C1FD2854CC97B] - 18/04/2014 - 15:58:07 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [757301]
O44 - LFC:[MD5.82A94ADE110A2BD17B96959F945138E3] - 24/04/2014 - 12:32:28 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120] =>PUP.LinkiDoo
O44 - LFC:[MD5.551BDC2CE400B6824451926870C52901] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfc0404.dat [22672]
O44 - LFC:[MD5.8E340FA1B584F627A9B5F95E921C4F3F] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [26746]
O44 - LFC:[MD5.D7638AA49044C83467EDD3B1847C9062] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfc0804.dat [22260]
O44 - LFC:[MD5.8C07A87BDA845297F53A1356EBC4D241] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfc0816.dat [26310]
O44 - LFC:[MD5.49A51A1AC505FF93745D2075017482FD] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfh0404.dat [24208]
O44 - LFC:[MD5.2CB5D2316D083C2A0520873258FD1CC6] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [53502]
O44 - LFC:[MD5.D09E2881D632F08473C46C69073AB203] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfh0804.dat [23106]
O44 - LFC:[MD5.0B819AB1C4EB03C70B187CFCBE537B28] - 26/04/2014 - 18:22:55 ---A- . (...) -- C:\Windows\System32\prfh0816.dat [52998]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 29/04/2014 - 20:38:17 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.8AC5D07DFA193B58A169F584740BA64B] - 30/04/2014 - 20:55:55 ---A- . (...) -- C:\Windows\ntbtlog.txt [600]
~ Files: 73 Legitimates Filtered in 00mn 55s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:27/06/2013 - 18:46:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:27/06/2013 - 18:46:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:27/06/2013 - 18:46:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175]
O58 - SDL:03/09/2013 - 08:59:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys [78144]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:24/05/2013 - 11:28:52 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\lmservicedrv.sys [41008]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:23/10/2013 - 07:58:42 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [16152]
O58 - SDL:24/04/2014 - 12:32:28 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys [61120] =>PUP.LinkiDoo
~ Drivers: 63 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 24/05/2013 - C:\Windows\System32\drivers\lmservicedrv.sys (lmservicedrv) .(.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) - LEGACY_LMSERVICEDRV
~ Legacy: 101 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [Leandro - 0452intz.default-1397946789947] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] Web - (Web) - http://br.yhs4.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\MemOptimizerPro_RASAPI32 =>PUP.OptimizerPro
HKLM\SOFTWARE\Microsoft\Tracing\MemOptimizerPro_RASMANCS =>PUP.OptimizerPro
HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32 =>PUP.WebConnect
HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS =>PUP.WebConnect
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWiseEnhance_RASAPI32 =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateWiseEnhance_RASMANCS =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWiseEnhance_RASAPI32 =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWiseEnhance_RASMANCS =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseEnhance_RASAPI32 =>PUP.WiseEnhance
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseEnhance_RASMANCS =>PUP.WiseEnhance
~ BTK: 51 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 13/03/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Auto 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 19/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 13/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 15/03/2014 290520 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77] =>PUP.ClaroSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484] =>PUP.ClaroSearch
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow^
~ Additionnel Scan: 307395 Items scanned in 00mn 32s
---\\ Sumário das deteções encontradas na sua estação
http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow =>PUA.StartShow
http://nicolascoolman.webs.com/apps/blog/show/42132229-pup-linkidoo =>PUP.LinkiDoo
http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro
http://nicolascoolman.webs.com/apps/blog/show/32781187-pup-webconnect =>PUP.WebConnect
http://nicolascoolman.webs.com/apps/blog/show/41783674-pup-melondrea =>PUP.Melondrea
http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
http://nicolascoolman.webs.com/apps/blog/show/27563212-pup-clarosearch =>PUP.ClaroSearch
~ MSI: 8 link(s) detected in 00mn 00s
~ 724 Legitimates filtered by white list
End of the scan (382 lines in 02mn 13s)(0)
Power Max
Ubbergeek
Registrado
4.2K Mensagens
509 Curtidas
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
<><><><><><><><><><><><><><><><>
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Leandro Samp...
Geek
Registrado
2.3K Mensagens
131 Curtidas
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Leandro at 30/04/2014 21:47:24
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 08s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: BprotectEx
ELIMINÉ Driver Key: {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64
========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}gw64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
6 : Chaves do Registo
1 : Pastas
4 : Ficheiros
1 : Preferências do navegador
1 : Restauração Sistema
End of clean in 02mn 18s
========== Caminho do ficheiro do relatório ==========
C:\Users\Leandro\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/04/2014 20:44:18 [2143]
C:\Users\Leandro\AppData\Roaming\ZHP\ZHPFix[R2].txt - 30/04/2014 21:47:32 [1458]
Power Max
Ubbergeek
Registrado
4.2K Mensagens
509 Curtidas
Desative temporariamente seu antivírus para evitar conflitos.* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
http://www.hijackthis.nl/smeenk/
Para executá-lo corretamente siga as dicas deste tutorial:
Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
<><><><><><><><><><><><><><><><>
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Leandro Samp...
Geek
Registrado
2.3K Mensagens
131 Curtidas
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Leandro on 02/05/2014 at 19:06:01,06.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Leandro\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-01-231547.log 15800 bytes
==== System Restore Info ======================
02/05/2014 19:10:00 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Leandro\AppData\Roaming\Mozilla\FireFox\Profiles\0452intz.default-1397946789947\prefs.js:
user_pref("browser.startup.homepage", "www.globo.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Leandro\AppData\Roaming\Mozilla\FireFox\Profiles\0452intz.default-1397946789947\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\Leandro\AppData\Roaming\Mozilla\FireFox\Profiles\n5ufkwn7.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Leandro\AppData\Roaming\Mozilla\FireFox\Profiles\n5ufkwn7.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Leandro\AppData\Roaming\Mozilla\FireFox\Profiles\0452intz.default-1397946789947
user.js not found
---- Lines ask.com removed from prefs.js ----
user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
---- FireFox user.js and prefs.js backups ----
prefs_052014_1919_.backup
ProfilePath: C:\Users\Leandro\AppData\Roaming\Mozilla\FireFox\Profiles\n5ufkwn7.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_052014_1919_.backup
==== Firefox Extensions ======================
ProfilePath: C:\Users\Leandro\AppData\Roaming\Mozilla\FireFox\Profiles\0452intz.default-1397946789947
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Users\Leandro\AppData\Roaming\Mozilla\FireFox\Profiles\n5ufkwn7.default
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\0452intz.default-1397946789947
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
2D389D314D1928AA30778229090F9AD3 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll - Shockwave for Director / Shockwave for Director
47299371607DC2FB234444EEACB1639E - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash
Profilepath: C:\Users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\n5ufkwn7.default
2D389D314D1928AA30778229090F9AD3 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll - Shockwave for Director / Shockwave for Director
47299371607DC2FB234444EEACB1639E - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts in Users Start Menu ======================
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songr.lnk - C:\Program Files (x86)\Songr\Songr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetClean\Desinstalar JetClean.lnk - C:\Program Files (x86)\BlueSprig\JetClean\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetClean\JetClean.lnk - C:\Program Files (x86)\BlueSprig\JetClean\JetClean.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Memory Optimizer Pro.lnk - C:\Program Files (x86)\Memory Optimizer\MemOptimizerPro.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk -
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Songr.lnk - C:\Program Files (x86)\Songr\Songr.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\JetClean.lnk - C:\Program Files (x86)\BlueSprig\JetClean\JetClean.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Memory Optimizer Pro.lnk - C:\Program Files (x86)\Memory Optimizer\MemOptimizerPro.exe
C:\Users\Leandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Songr.lnk - C:\Program Files (x86)\Songr\Songr.exe
C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Leandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Leandro\AppData\Local\Mozilla\Firefox\Profiles\0452intz.default-1397946789947\Cache emptied successfully
C:\Users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\0452intz.default-1397946789947\personas\cache emptied successfully
C:\Users\Leandro\AppData\Roaming\Mozilla\Firefox\Profiles\n5ufkwn7.default\personas\cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=5 folders=0 280970 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Leandro\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\Users\Usuário Padrão\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Leandro\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 02/05/2014 at 19:29:09,93 ======================
Power Max
Ubbergeek
Registrado
4.2K Mensagens
509 Curtidas
<><><><><><><><><><><><><><><><>
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Caixa de Dicas = Sempre com novos tutoriais e atualidades em informática e tecnologia.
Super Links = Mensagens de fé e esperança ao seu coração.
Leandro Samp...
Geek
Registrado
2.3K Mensagens
131 Curtidas
Power Max disse:Como está seu PC depois destes procedimentos?
Melhorou um pouco, mas o que eu venho percebendo é que a memória do PC fica cheia do nada. Fui no mercado e voltei o windows, coisa de 15 min, tinha uma janela com uma mensagem de pouca memória.
Acho que ainda tem coisa nesse PC.
Será que ainda esta infectado???
