Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

LFABER

[Arquivado] Computador Muuuuuito Lento!

Recommended Posts

Olá caro amigo,

Aqui vai o Log do Hijack This!!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:27:53, on 15/06/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Users\Leila\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?affID=119352&tt=gc_&babsrc=HP_ss&mntrId=2058001E64757680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\IPS\IPSBHO.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Leila\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Leila\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: NameServer = 200.225.197.37,200.225.197.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{D152D76F-2308-440B-B198-4E8DD73FE0AE}: NameServer = 200.225.197.37
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10704 bytes

Att,

LeilaFaber

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom Dia! LFABER


|- Baixe: < adwcleaner_logo.jpg > ( ... par Xplode )


|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >


|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg

|- Ps: Dê início ao scan,clicando em "Remover". < abpXmu2U.jpg >


acuDr4Nb.jpg


|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt


-/-


|- Baixe: | ZHPDiag2 | *ºº* < NicolasCoolman.jpg > *ºº* ( ... de Nicolas Coolman )


|- Salve-o no desktop!


ZHPDiag2.jpg


|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.


ZHPDiag_Installation.jpg


|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".


ZHPDiag_MBRCheck.jpg


|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:


|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix


ZHPDiag_cones.jpg


|- Clique no ícone do pergaminho. ( ZHPScript )


ZHPDiag_Update.jpg


|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".


ZHPDiag_All.jpg


|- Clique em All.

|- Desmarque,à seguir,as de n° O45,O61.


|- ZHPDiag_30days.jpg


|- Clique em "Calendar" e escolha 30 dias!


ZHPDiag_Lupa.jpg


|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Ps: Salve-o em um local conveniente!

|- Ps: Não poste,diretamente,esse arquivo texto.


|- Envie-o à Pjjoint.malekal,clicando na seta azul! < ZHPDiag_Pjjoint-1.jpg >


|- Ou acesse: < Cjoint_Logo.jpg >


|- Maiores informações: < |Link| >


A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi DigRam, ontem passei o dia inteiro tentando fazer o que estava sendo pedido por um moderador: "Wing". Fazer o download do Zoeg, abrir como administrador, colar as seguintes palavras em marrom: starupall; autoclean; filescm; emptyalltemp. E depis Executar o script. Fazer o Reboot. Colocar o Zoek-results.txt em um site francês. Como o computador está muito lento mesmo. Não consegui colocar puxar o arquivo para este site francês. Mas hoje fui tentar novamente, dei outro reboot. E tudo o que Wing pediu já não se encontra por aqui.

Me diz agora o que que eu faço? Sigo as suas intruções? Ok Ativo e operante.

LFABER

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi DigRam, ontem passei o dia inteiro tentando fazer o que estava sendo pedido por um moderador: "Wing". Fazer o download do Zoeg, abrir como administrador, colar as seguintes palavras em marrom: starupall; autoclean; filescm; emptyalltemp. E depis Executar o script. Fazer o Reboot. Colocar o Zoek-results.txt em um site francês. Como o computador está muito lento mesmo. Não consegui colocar puxar o arquivo para este site francês. Mas hoje fui tentar novamente, dei outro reboot. E tudo o que Wing pediu já não se encontra por aqui.

Me diz agora o que que eu faço? Sigo as suas intruções? Ok Ativo e operante.

LFABER

Ok! LFABER

 

|- Siga minhas instruções,já que wings removeu sua mensagem e não seguirá com este caso.

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v2.303 - Logfile created 06/20/2013 at 12:11:59
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Leila - LEILA-PC
# Boot Mode : Normal
# Running from : C:\Users\Leila\Desktop\adwcleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma

***** [Registry] *****

Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\596dbd1e53aea44
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.23] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Deleted [l.26] : keyword = "delta-search.com",
Deleted [l.30] : search_url = "hxxp://www2.delta-search.com/?q={searchTerms}&affID=119352&tt=gc_&babsrc=SP_ss&[...]
Deleted [l.2232] : homepage = "hxxp://www2.delta-search.com/?affID=119352&tt=gc_&babsrc=HP_ss&mntrId=2058001E647576[...]
Deleted [l.2586] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=119352&tt=gc_&babsrc=HP_s[...]

*************************

AdwCleaner[s1].txt - [2673 octets] - [20/06/2013 12:11:59]

########## EOF - C:\AdwCleaner[s1].txt - [2733 octets] ##########

Aqui está o relatório do Adwcleaner!!

A+

LFABER

Compartilhar este post


Link para o post
Compartilhar em outros sites
Rapport de ZHPDiag v2013.6.19.29 par Nicolas Coolman, Update du 18/06/2013Run by Leila at 20/06/2013 15:03:38WebSite: http://nicolascoolman.webs.comState : Your version is update.WhiteList : EnableHigh Elevated Privileges : OKUAC : Activate by user---\\ Web BrowserMSIE: Internet Explorer v10.0.9200.16618MFIE: Mozilla Firefox 21.0 (Defaut)GCIE: Google Chrome v27.0.1453.110---\\ Windows Product Information~ Langage: AnglaisWindows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)Windows Server License Manager Script : OK~ Windows® 7, OEM_COA_SLP channelSoftware Protection Service (Protection logicielle) : OKWindows Automatic Updates : OKWindows Activation Technologies : OK---\\ System ProtectionWindows Defender W7---\\ System Optimizer---\\ Peer To Peer (P2P)---\\ Software UpdateAdobe Flash Player 11 PluginAdobe Reader XIJava 7 Update 21---\\ System Information~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel~ Operating System: 64 BitsBoot mode: Normal (Normal boot)Total RAM: 3999 MB (71% free)System Restore: Activé (Enable)System drive C: has 190 GB (84%) free of 226 GB---\\ Logged in mode~ Computer Name: LEILA-PC~ User Name: Leila~ All Users Names: Leila, HomeGroupUser$, Guest, Administrator, ~ Unselected Option: O45,O61Logged in as Administrator---\\ Environnement Variables~ System Unit : C:\~ %AppData% : C:\Users\Leila\AppData\Roaming\~ %Desktop% : C:\Users\Leila\Desktop\~ %Favorites% : C:\Users\Leila\Favorites\~ %LocalAppData% : C:\Users\Leila\AppData\Local\~ %StartMenu% : C:\Users\Leila\AppData\Roaming\Microsoft\Windows\Start Menu\~ %Windir% : C:\Windows\~ %System% : C:\Windows\System32\---\\ DOS/DevicesC:\ Hard drive, Flash drive, Thumb drive (Free 190 Go of 226 Go)D:\ Hard drive, Flash drive, Thumb drive (Free 208 Go of 239 Go)E:\ CD-ROM drive (Not Inserted)---\\ Security Center & Tools Informations~ Security Center: 36 Legitimates Filtered in 00mn 00s---\\ Search Generic System Files[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808][MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024][MD5.12716D987D475B051F35895659159705] - (.Microsoft Corporation - Internet Extensions for Win32.) (.16/05/2013 - 21:59:03.) -- C:\Windows\System32\wininet.dll [2241024][MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656][MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448][MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688][MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128][MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160][MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456][MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400][MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368][MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472][MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224][MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208][MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632][MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680][MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280][MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536][MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184][MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296][MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]~ Generic Processes:  Scanned in 00mn 00s---\\ Hidden files state (Hidden/Total)~ Mes images (My Pictures) : 3/703~ Mes musiques (My Musics) : 4/243Mes Videos (My Videos) : 2/2   (Modified) ~ Mes Favoris (My Favorites) : 1/158~ Mes Documents (My Documents) : 3/145~ Mon Bureau (My Desktop) : 1/83~ Menu demarrer (Programs) : 1/26~ Hidden Files:  Scanned in 00mn 01s---\\ Running Processes[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [253816] [PID.2272][MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe   [97680] [PID.2380][MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [920472] [PID.3856][MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe   [17304] [PID.2432][MD5.60B241EFB669D286C9BF636A0334B3BA] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe   [1855880] [PID.2252][MD5.44BA6701B36DE1F6C0661E732080ADCF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7521280] [PID.3604][MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [65640] [PID.1444][MD5.47269F0DE1E5089C6F23BC1EC48CFC31] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe   [73728] [PID.1696][MD5.E127420B7FEB65C7F279EAAC183BBC0E] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe   [138760] [PID.1852][MD5.EB17DF573B4423DF0B3B2EE3B268A6DE] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe   [3289208] [PID.1736]~ Processes Running:  Scanned in 00mn 00s---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\PreferencesG1 - GCS: Preference [User Data\Default] http://www2.delta-search.com   =>Toolbar.DeltaSearch~ Google Browser: 7 Legitimates Filtered in 00mn 00s---\\ Internet Explorer, Proxy Management (R5)R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no keyR5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll~ Proxy management:  Scanned in 00mn 00s---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programsF2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,F2 - REG:system.ini: Shell=C:\Windows\explorer.exeF2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe~ Keys:  Scanned in 00mn 00s---\\ Hosts file redirection (O1)~ Le fichier hosts est sain (The hosts file is clean).~ Hosts File:  Scanned in 00mn 00s~ Nombre de lignes (Lines number): 1---\\ Auto loading programs from Registry and folders (O4)O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKCU\..\Run: [cdloader] . (.magicJack L.P. - magicJack (cdloader2).) -- C:\Users\Leila\AppData\Roaming\mjusbsp\cdloader2.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Leila\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe O4 - HKUS\S-1-5-21-855506272-3775289842-286538128-1000\..\Run: [cdloader] . (.magicJack L.P. - magicJack (cdloader2).) -- C:\Users\Leila\AppData\Roaming\mjusbsp\cdloader2.exe O4 - HKUS\S-1-5-21-855506272-3775289842-286538128-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Leila\AppData\Local\Facebook\Update\FacebookUpdate.exe ~ Application:  Scanned in 00mn 00s---\\ Other User Links (O4)O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.)  -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.)  -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: magicJack.lnk . (.magicJack L.P. - magicJack Loader Component.)  -- C:\Users\Leila\AppData\Roaming\mjusbsp\magicJackLoader.exe O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.)  -- C:\Users\Leila\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe O4 - GS\QuickLaunch: Apostila Escriturário BB.lnk . (...)  -- C:\Program Files (x86)\Apostila Escriturário - Banco do Brasil\eBook.exeO4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.)  -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.)  -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - GS\Desktop: Apostila Escriturário BB.lnk . (...)  -- C:\Program Files (x86)\Apostila Escriturário - Banco do Brasil\eBook.exeO4 - GS\Desktop: Concursos Abertos (notícias).lnk . (...)  -- C:\Program Files (x86)\Apostila Escriturário - Banco do Brasil\Concursos Abertos (notícias).html O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\Desktop: magicJack.lnk . (.magicJack L.P. - magicJack Loader Component.)  -- C:\Users\Leila\AppData\Roaming\mjusbsp\magicJackLoader.exe O4 - GS\Desktop: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.)  -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe ~ Global Startup:  Scanned in 00mn 00s---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico~ IE Extra Buttons:  Scanned in 00mn 00s---\\ Winsock hijacker (Layered Service Provider) (O10)O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll~ Winsock: 8 Legitimates Filtered in 00mn 00s---\\ Lop.com/Domain Hijackers (O17)O17 - HKLM\System\CCS\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: NameServer = 200.225.197.37,200.225.197.34O17 - HKLM\System\CCS\Services\Tcpip\..\{D152D76F-2308-440B-B198-4E8DD73FE0AE}: NameServer = 200.225.197.37O17 - HKLM\System\CCS\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: DhcpNameServer = 10.1.1.1O17 - HKLM\System\CS1\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: NameServer = 200.225.197.37,200.225.197.34O17 - HKLM\System\CS1\Services\Tcpip\..\{D152D76F-2308-440B-B198-4E8DD73FE0AE}: NameServer = 200.225.197.37O17 - HKLM\System\CS1\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: DhcpNameServer = 10.1.1.1O17 - HKLM\System\CS2\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: NameServer = 200.225.197.37,200.225.197.34O17 - HKLM\System\CS2\Services\Tcpip\..\{D152D76F-2308-440B-B198-4E8DD73FE0AE}: NameServer = 200.225.197.37O17 - HKLM\System\CS2\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: DhcpNameServer = 10.1.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1~ Domain:  Scanned in 00mn 00s---\\ Extra protocols (O18)O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll~ Protocole Additionnel:  Scanned in 00mn 00s---\\ AppInit_DLLs Registry value Autorun (O20)O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll~ Winlogon:  Scanned in 00mn 00s---\\ Task Planned Automatically(039)[MD5.4BC02BD73338C3A26265F5C64DBEC770] [APT] [{11E1CF0E-2647-4E16-8CD5-711962DE0A56}] (...) -- C:\Windows\SysWOW64\BDEADMIN.cpl   [183808][MD5.00000000000000000000000000000000] [APT] [{AC95569A-9DB5-49C6-B27F-CBEDA0A59188}] (...) -- C:\Program Files (x86)\ZebHelpProcess\ZHPHep.exe (.not file.)   [0]~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s---\\ Software installed (O42)O42 - Logiciel: Apostila Escriturário - Banco do Brasil versão 1.0 - (.Apostila para o Concurso.) [HKLM][64Bits] -- {09C34F67-4C9D-44E6-ACCD-782C012ED46B}_is1~ Logic: 63 Legitimates Filtered in 00mn 00s---\\ HKCU & HKLM Software Keys[HKCU\Software\Baidu Security]~ Key Software: 142 Legitimates Filtered in 00mn 00s---\\ Contents of the Common Files folders (O43)O43 - CFD: 08/05/2013 - 10:16:36 - [2,061] ----D C:\Program Files (x86)\Apostila Escriturário - Banco do BrasilO43 - CFD: 08/05/2013 - 10:16:01 - [0] ----D C:\Program Files (x86)\Baidu SecurityO43 - CFD: 08/05/2013 - 10:16:39 - [15,548] ----D C:\ProgramData\Baidu SecurityO43 - CFD: 08/05/2013 - 10:14:46 - [0,523] ----D C:\Users\Leila\AppData\Roaming\Baidu Security~ Program Folder: 121 Legitimates Filtered in 00mn 12s---\\ Last modified or created files under Windows and System32 (O44)O44 - LFC:[MD5.0E30D1389B59ED45670D2D70C9DF2BE4] - 18/06/2013 - 10:44:08 ---A- . (...) -- C:\zoek-results.log   [3946]O44 - LFC:[MD5.768F7827CCEE85963E5033B99A621CFE] - 18/06/2013 - 10:26:28 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]O44 - LFC:[MD5.0243062D480C265BDF605C60C70AABFE] - 15/06/2013 - 13:26:05 ---A- . (...) -- C:\{A1A644F4-C113-406E-A647-ACC1405D1AC0}   [31616]O44 - LFC:[MD5.F44A286C5E214027429F7A26DFB03E1D] - 14/06/2013 - 20:54:47 ----- . (...) -- C:\bootsqm.dat   [10016]O44 - LFC:[MD5.8DE978AFD95B9D088D2925622C55AB09] - 09/06/2013 - 21:54:12 ---A- . (...) -- C:\{A9AA5184-C3C8-4D8C-A301-8397C2228B63}   [25048]O44 - LFC:[MD5.6555FD1B77F628E9CFB6164B91835B45] - 09/06/2013 - 18:22:02 ---A- . (...) -- C:\{F30727F6-7595-4A89-9155-AE9BA89836C8}   [32944]O44 - LFC:[MD5.DCBADE1C40D65EFC7B95890825402221] - 09/06/2013 - 17:56:04 ---A- . (...) -- C:\Windows\SysNative\2hps.ico   [3774]O44 - LFC:[MD5.4DB832701EA2D47F325ED11F012F7338] - 09/06/2013 - 17:56:04 ---A- . (...) -- C:\Windows\SysNative\bltinmic.ico   [3774]O44 - LFC:[MD5.E02E99CFA701FC38161FDCA3EB809581] - 09/06/2013 - 17:56:04 ---A- . (...) -- C:\Windows\SysNative\nbspkrs.ico   [15222]O44 - LFC:[MD5.DCBADE1C40D65EFC7B95890825402221] - 09/06/2013 - 17:56:04 RSHAD . (...) -- C:\Windows\System32\2hps.ico   [3774]O44 - LFC:[MD5.4DB832701EA2D47F325ED11F012F7338] - 09/06/2013 - 17:56:04 RSHAD . (...) -- C:\Windows\System32\bltinmic.ico   [3774]O44 - LFC:[MD5.E02E99CFA701FC38161FDCA3EB809581] - 09/06/2013 - 17:56:04 RSHAD . (...) -- C:\Windows\System32\nbspkrs.ico   [15222]~ Files: 131 Legitimates Filtered in 00mn 07s---\\ Microsoft Windows Policies System (MWPS) (O55)O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0~ MWPS: 19 Legitimates Filtered in 00mn 00s---\\ System Drivers List (SDL) (O58)O58 - SDL:[MD5.5C368F4B04ED2A923E6AFCA2D37BAFF5] - 13/05/2011 - 17:57:58 ---A- . (.Hewlett-Packard Company - HP Accelerometer.) -- C:\Windows\System32\Drivers\Accelerometer.sys   [43320]~ Drivers:  Scanned in 00mn 00s---\\ List all tools cleaner (LATC) (O63)O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1~ ADS:  Scanned in 00mn 00s---\\ Start Menu Internet (SMI) (O68)O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exeO68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exeO68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe~ Keys:  Scanned in 00mn 00s---\\ Search Browser Infection (SBI) (O69)O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.comO69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com~ Keys:  Scanned in 00mn 00s---\\ Search Particular Root Folder (SPRF) (O84)[MD5.4EF33D516F31BEB1C9847D1FDA69375C] [SPRF][20/06/2013] (...) -- C:\Users\Leila\Desktop\adwcleaner.exe   [648201][MD5.FEE1D58C6AD73F25EB0DAD4F690560AD] [SPRF][30/12/2012] (.Facebook Inc. - Setup.) -- C:\Users\Leila\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe   [501248][MD5.B9CB373322D54AFE555E3301B02C4A25] [SPRF][20/06/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Leila\Desktop\ZHPDiag2.exe   [5684132]~ Files:  Scanned in 00mn 00s---\\ Additionnal Scan (O88)Database Version : v2.12520 - (18/06/2013)Clés trouvées (Keys found) : 9Valeurs trouvées (Values found) : 0Dossiers trouvés  (Folders found) : 0Fichiers trouvés  (Files found) : 0[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype~ Additionnel Scan: 158385 Items scanned in 00mn 17s---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)SR - | Auto 11/05/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSS - | Demand 12/06/2013 256904 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeSR - | Auto 02/03/2009 89600 |  (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exeSS - | Demand 25/02/2010 227896 |  (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exeSS - | Auto 01/12/2012 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeSS - | Demand 01/12/2012 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeSS - | Demand 30/04/2009 229944 |  (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exeSR - | Auto 13/05/2011 30520 |  (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exeSR - | Auto 22/02/2010 73728 |  (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeSS - | Demand 24/05/2013 117144 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSS - | Demand 16/05/2007 271920 |  (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exeSR - | Auto 10/08/2011 138760 |  (NSL) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exeSR - | Auto 14/05/2013 3289208 |  (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeSS - | Auto 08/01/2013 161536 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exeSR - | Auto 23/03/2010 247808 |  (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exeSR - | Auto 12/07/2009 1924400 |  (vcsFPService) . (.Validity Sensors, Inc..) - C:\Windows\system32\vcsFPService.exeSS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exeSR - | Auto  0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exeSR - | Auto 13/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe~ Services:  Scanned in 00mn 01s---\\ Search Master Boot Record Infection (MBR)(O80)Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netRun by Leila at 20/06/2013 15:06:14device: opened successfullyuser: error reading MBR Disk trace:error: Read  The handle is invalid.kernel: error reading MBR ~ MBR: 9 Legitimates Filtered in 00mn 02s---\\ Search Master Boot Record Infection (MBRCheck)(O80)Written by ad13, http://ad13.geekstogRun by Leila at 20/06/2013 15:06:16********* Dump file Name *********C:\PhysicalDisk0_MBR.bin~ MBR:  Scanned in 00mn 04s~ 1029 Legitimates filtered by white listEnd of the scan (396 lines in 02mn 38s)(0)

ZHP Diag2 Rapport!!

Obrigada desde já!

LFABER

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! LFABER

|- Baixe: < 1268r49.png > ( ... de Thisisu )
|- Salve-o no desktop!
|- Para Windows 7,clique direito em JRT.exe e execute-o como Executar_Administrador.jpg
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

-/-

|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a UAC.

ZHPFix_silent_zps532d2db6.jpg

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

G1 - GCS: Preference [User Data\Default] http://www2.delta-search.com   =>Toolbar.DeltaSearch
O43 - CFD: 08/05/2013 - 10:16:01 - [0] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 08/05/2013 - 10:16:39 - [15,548] ----D C:\ProgramData\Baidu Security
O43 - CFD: 08/05/2013 - 10:14:46 - [0,523] ----D C:\Users\Leila\AppData\Roaming\Baidu Security
O44 - LFC:[MD5.0E30D1389B59ED45670D2D70C9DF2BE4] - 18/06/2013 - 10:44:08 ---A- . (...) -- C:\zoek-results.log   [3946]
O44 - LFC:[MD5.768F7827CCEE85963E5033B99A621CFE] - 18/06/2013 - 10:26:28 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]

proxyfix
emptytemp
emptyclsid
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.

ZHPDiag_PasteClipboard.jpg

|- Clique no menu,"Paste ClipBoard".

acerMAbC.jpg

|- Clique "GO" -> Oui.

ZHPFix_GO.jpg

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

A+

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.