Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

alvotarget

[Resolvido] &nbspConta sendo utilizada em outro computador

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

alvotarget    0

alvotarget
Postado

Olá, hj ao logar abrir minha conta na Origin, apareceu uma mensagem de que a mesma estaria sendo usada em outro computador. Troquei a senha, pergunta secreta mas caso seja um keylogger ou algo desse tipo talvez nao resolva, aqui vai o Log.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:06:49, on 17/08/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
D:\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files\Comodo\GeekBuddy\unit.exe
C:\Program Files\Comodo\COMODO Internet Security\cis.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
D:\Origin\UpdateTool.exe
C:\Windows\system32\conhost.exe
C:\HijackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [bDRegion] c:\program files\cyberlink\shared files\brs.exe
O4 - HKLM\..\Run: [gbrspcontrol] "C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPSON L200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGUL.EXE /FU "C:\Windows\TEMP\E_S2E22.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-21-3525276882-2603632860-661933976-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3525276882-2603632860-661933976-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 5] "D:\Advanced SystemCare 5\ASCTray.exe" /Manual (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 5] "D:\Advanced SystemCare 5\ASCTray.exe" /Manual (User 'Default user')
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\Comodo\GeekBuddy\launcher.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Plug-in 1.6.0_26) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{253164D3-63BB-4E54-8E81-1C52A13DB230}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files\Common Files\BattlEye\BEService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions Inc. - C:\Program Files\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: GeekBuddyRSP Service (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: COMODO IceDragon Update Service (IceDragonUpdater) - Unknown owner - C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files\Overwolf\OverwolfUpdater.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - D:\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files\System Explorer\service\SystemExplorerService.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

--
End of file - 18128 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! alvotarget

 

|- Baixe: < ZHPDiag2.exe > < NicolasCoolman.jpg > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Execute o ícone do pergaminho. ( ZHPDiag )

abynh7jv.jpg

|- Clique: "CONFIGURE"

ZHPDiag_Options2_zps5a090bf7.jpg

|- Clique: "Options" >> "All" >> OK

ZHPDiag_FullAnalysis_zps60157826.jpg

|- Clique: "CONFIGURE" >> "Full Analysis"
|- Aguarde a conclusão!
|- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada.

|- Volte a janela principal da ferramenta.

adcYraWj.jpg

|- Clique "SEARCH e aguarde a conclusão!
|- Ou clique "Options" >> "None".

ZHPDiag_AdditionalScan_zps21f11520.jpg

|- Marque,apenas,a opção "Additional Scan (O88)".

~ Unselected Option:

O1,039,O40,O41,O42,O43,O44,O45,O46,O47,
O48,O49,O50,O51,O52,O53,O54,O55,O56,O57,
O58,O59,O60,O61,O62,O63,O64,O65,O66,O67,
O68,O69,O80,O81,O82,O83,O84,O85,O86,O87,
O89,O90,O91,O92
####

|- Ps: Desta forma,estas opções serão desabilitadas!
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

alvotarget    0

alvotarget
Postado

Olá! Boa tarde.

Aqui vai o relatório!

 

~ Relatório do ZHPDiag v2013.8.17.25 - Nicolas Coolman (17/08/2013)
~ Iniciado por User (17/08/2013 16:29:12)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 20.0.1 (Defaut)
MFIE: Mozilla Firefox 4.0.1 (Defaut)
GCIE: Google Chrome v28.0.1500.95
OPIE: Opera v11.52

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
COMODO Internet Security v6.0.2566.2708
Malwarebytes Anti-Malware versão 1.70.0.1100
ESET Online Scanner v3
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de compartilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.8
µTorrent v3.1.0 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 17

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3575 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 20 GB (28%) free of 68 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USER-PC
~ User Name: User
~ All Users Names: User, UpdatusUser, Convidado, Administrador,
~ Unselected Option: 01,039,040,041,042, O43,044,045,046,047,048, 49,O50,O51,ivers,O53,O54,O55,O56,057,O58,O59, 60,061,O62,063,064,065,066,O67,068,069,080,O81,O82,O83,ados,O84,O85,O86,O87,089, O2,090,091,O92,O93
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppData% : C:\Users\User\AppData\Roaming\
~ %Desktop% : C:\Users\User\Desktop\
~ %Favorites% : C:\Users\User\Favorites\
~ %LocalAppData% : C:\Users\User\AppData\Local\
~ %StartMenu% : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 20 Go of 68 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 319 Go of 863 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Windows Explorer.) (.12/03/2012 - 14:32:31.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.03728C624D05C2F157BBD46F6B7F6EA0] - (.Microsoft Corporation - Internet Extensions para Win32.) (.19/03/2013 - 18:54:35.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/03/2012 - 14:32:31.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.12/03/2012 - 14:43:31.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.12/03/2012 - 14:43:50.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.12/03/2012 - 14:46:13.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 13:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/480
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/8
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 3/2002
~ Mon Bureau (My Desktop) : 2/266
~ Menu demarrer (Programs) : 1/49
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados au arranque du sistema
[MD5.702FDEA429C9418E82DA17176D71A257] - (.Comodo Security Solutions Inc. - livePCsupport launcher system service.) -- C:\Program Files\Common Files\COMODO\launcher_service.exe [70352] [PID.800]
[MD5.2784C071EC57DCDBA6D4A2A017F56CD4] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 320.4.) -- C:\Windows\system32\nvvsvc.exe [640288] [PID.820]
[MD5.2222073BE0232E70A397B8302293AA9D] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [413472] [PID.844]
[MD5.40AF6E444E938BF485B97D97E462AA33] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [409640] [PID.872]
[MD5.3B854A0EEAFBFDF2C6430A43C360B91E] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4801304] [PID.1068]
[MD5.FC3644BBF2AB02A9B5EE910DBFF096B3] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [176128] [PID.1168]
[MD5.892C3473096A9979C1BAE8518E7E1ED2] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [380928] [PID.1440]
[MD5.C5FE9DDA1A982FC3CBA26BB80EDDAE8A] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [875296] [PID.1484]
[MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.1864]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1960]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.116]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.976]
[MD5.308195495181C8F3D51E6ED5B58D54AC] - (...) -- C:\Program Files\Comodo\Dragon\dragon_updater.exe [2095808] [PID.1328]
[MD5.AE63D0DB96C07CAE5DC4CDB2B2A719A0] - (.Comodo Security Solutions, Inc. - GeekBuddy Remote Screen Protocol Server.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088] [PID.1508]
[MD5.77BA4CFC0B2BFF6606567B3148EE42CA] - (...) -- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [1821384] [PID.2068]
[MD5.A1C148801B4AF64847AEB9F3AD9594EF] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144] [PID.2112]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.2176]
[MD5.C5052FB77AA42ED440F9F6B4E37145A9] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [869672] [PID.2208]
[MD5.AE76AFFD55B0CD252D0885882346417D] - (.NVIDIA Corporation - NVIDIA Streamer Service.) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14592288] [PID.2288]
[MD5.056EF5C4AF4BD002AEAE417412C8EB71] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1889568] [PID.2380]
[MD5.63694C307273062A2167AE4CE80730EF] - (.Sony Corporation - Device Information Provider.) -- D:\Sony\PMB\PMBDeviceInfoProvider.exe [398176] [PID.2656]
[MD5.3BEDEB993D284CFC0747796347614DDA] - (.ASUSTeK Computer Inc. - No Comment.) -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [5756544] [PID.2748]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.2760]
[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\Windows\system32\PnkBstrA.exe [76888] [PID.2868]
[MD5.A0FF419B61AE47E26ADF3BB15DB4F2FE] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608] [PID.2920]
[MD5.8726802EA4FBFFA3FD54FD2449BF51D4] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe [217992] [PID.2928]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.3120]
[MD5.6B412FCE75E2B1462C71D17B6E5C1484] - (.NVIDIA Corporation - NVIDIA Update COM object.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe [1209120] [PID.3456]
[MD5.B359E8976725CC3F045984851EB90284] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.2132]
[MD5.0A80BED61A1729DAB9499BC5A9B515A9] - (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [83240] [PID.1936]
[MD5.FD0041A41E4D484BCDA512FF563253B1] - (.Saitek - Saitek MFD File System Driver.) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [123392] [PID.2780]
[MD5.BF0EE37A14144C88A9F6FDA7B44981BB] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328] [PID.828]
[MD5.48E6868781B4E8BF4B77DBEC7694BCE8] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [295072] [PID.4196]
[MD5.DF15765A1421FE1E91E2823A690C2E55] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\Comodo\COMODO Internet Security\cistray.exe [1464536] [PID.4260]
[MD5.04C40F2EFB9F333E16CE33A2D283829F] - (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared Files\brs.exe [91432] [PID.4292]
[MD5.15378E660B6ECFE704074748E050B056] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896] [PID.4428]
[MD5.0CE5B7372D0947889CB2FD394D869011] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872] [PID.4448]
[MD5.F09FB6E14AEF64CD8FEBC0C2F723EDB2] - (.Comodo Security Solutions, Inc. - livePCsupport Component.) -- C:\Program Files\Comodo\GeekBuddy\unit_manager.exe [224464] [PID.4572]
[MD5.74149BCF0307BB76D68C0F8912DF731C] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [447784] [PID.4584]
[MD5.239841ABB778F4D908B07A40A9E3A87C] - (.Comodo Security Solutions, Inc. - livePCsupport Component.) -- C:\Program Files\Comodo\GeekBuddy\unit.exe [213712] [PID.4788]
[MD5.C675BFC4516BD1BB90CD9B07D6096DA5] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\Comodo\COMODO Internet Security\cis.exe [9044696] [PID.4864]
[MD5.7E10A72489716647C0B5ABE186AA746D] - (.COMODO Security Solutions - IceDragon.) -- C:\Program Files\Comodo\IceDragon\icedragon.exe [438984] [PID.5548]
[MD5.41118D920B2B268C0ADC36421248CDCF] - (.Intel Corporation - User Notification Service.) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240] [PID.5124]
[MD5.E5B9A7A4AFFE085B2C559BB7BF90C976] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [1839832] [PID.5860]
[MD5.31EC2C367F440422C93FBF31B7D1314F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7824896] [PID.5448]
~ Processes Running: Scanned in 00mn 04s



---\\ Opera, Plugins,Arranque,Pesquisa (P1,B0,B1)
B0 - SPO: operaprefs.ini [user] Home URL=http://redir.opera.com/portal/home/
P1 - OPN:Opera Plugin Navigator . (.No owner - NPOrbit.) -- C:\Program Files\Opera\Program\Plugins\nporbit.dll
P1 - OPN:Opera Plugin Navigator . (.RealPlayer - RealPlayer Download Plugin.) -- C:\Program Files\Opera\Program\Plugins\nprpplugin.dll
P1 - OPN:Opera Plugin Navigator . (.No owner - NPOrbit.) -- C:\Program Files\Opera\Program\Plugins\nporbit.dll
P1 - OPN:Opera Plugin Navigator . (.RealPlayer - RealPlayer Download Plugin.) -- C:\Program Files\Opera\Program\Plugins\nprpplugin.dll
~ Opera Browser: 21 Legitimates Filtered in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 8 Legitimates Filtered in 00mn 06s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4817zyf.default\prefs.js
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4817zyf.default\user.js
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\buscape.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\mercadolivre.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-br.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-br.xml =>Toolbar.Yahoo
M2 - MFEP: prefs.js [user - c4817zyf.default\{87F8774F-B485-47E2-A755-A40A8A5E886D}] [] Modulo Adicional de Seguranca CAIXA v2.12.0.15.40 (..)
P2 - FPN: [HKLM] [@nokia.com/EnablerPlugin] - (.No owner - Nokia Suite Enabler Plugin.) -- C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
P2 - FPN: [HKLM] [@soe.sony.com/installer,version=1.0.3] - (...) -- C:\Users\User\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
~ Firefox Browser: 44 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Grab Pro - [HKLM]{C55BBCD6-41AD-48AD-9953-3609C48EACC7} . (.No owner - Grab Pro.) -- D:\Orbitdownloader\GrabPro.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{C55BBCD6-41AD-48AD-9953-3609C48EACC7} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E0301295-AB3E-4AF3-979F-3D453C5F9F48} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{00000000-0000-0000-0000-000000000000} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] . (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O4 - HKLM\..\Run: [RemoteControl8] . (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] . (.No owner - Language Application.) -- C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- D:\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [saiMfd] . (.Saitek - Saitek MFD File System Driver.) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [bDRegion] . (.cyberlink - brs.) -- c:\program files\cyberlink\shared files\brs.exe
O4 - HKLM\..\Run: [gbrspcontrol] . (.Comodo Security Solutions, Inc. - GeekBuddy Remote Screen Protocol Server.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
O4 - HKCU\..\Run: [EPSON L200 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGUL.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 5] D:\Advanced SystemCare 5\ASCTray.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3525276882-2603632860-661933976-1004\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-3525276882-2603632860-661933976-1004\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\TaskBar: Comodo IceDragon.lnk . (.COMODO Security Solutions - IceDragon.) -- C:\Program Files\Comodo\IceDragon\icedragon.exe
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Editor de caracteres particulares.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: MediaInfo.lnk . (...) -- C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: DVD Shrink 3.2.lnk . (.DVD Shrink - DVD Shrink 3.2.) -- C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
O4 - GS\Desktop: Fraps.lnk . (.Beepa P/L - Fraps.) -- D:\Fraps\fraps.exe
O4 - GS\Desktop: Microsoft Office Excel 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: NDS_TRT_SP - Atalho.lnk . (...) -- C:\Users\User\Downloads\NDS_TRT_SP.pdf
O4 - GS\Desktop: PhotoScape.lnk . (...) -- C:\Program Files\PhotoScape\PhotoScape.exe
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - GS\Desktop: UnderCoverXP.lnk . (.Wicked & Wild Inc. - What Covers Do Ya Wanna Print Today?.) -- C:\Program Files\UnderCoverXP\UnderCoverXP.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: PhotoScape.lnk . (...) -- C:\Program Files\PhotoScape\PhotoScape.exe
~ Global Startup: Scanned in 00mn 01s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - Sincronização de Favoritos do ActiveSync.) -- C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -- Chave orfã
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll
~ Winsock: 9 Legitimates Filtered in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
~ IE Zone Confiance: Scanned in 00mn 01s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - C:\Windows\Java\classes\xmldso.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{253164D3-63BB-4E54-8E81-1C52A13DB230}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{253164D3-63BB-4E54-8E81-1C52A13DB230}: DhcpNameServer = 201.6.2.82 201.6.2.172 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{98CED40B-A2D0-47BE-86AD-BC1FE65C0AA8}: DhcpNameServer = 192.168.254.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{98CED40B-A2D0-47BE-86AD-BC1FE65C0AA8}: DhcpDomain = computertec
O17 - HKLM\System\CS1\Services\Tcpip\..\{253164D3-63BB-4E54-8E81-1C52A13DB230}: DhcpNameServer = 201.6.2.172 201.6.2.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{98CED40B-A2D0-47BE-86AD-BC1FE65C0AA8}: DhcpNameServer = 192.168.254.90
O17 - HKLM\System\CS1\Services\Tcpip\..\{253164D3-63BB-4E54-8E81-1C52A13DB230}: DhcpDomain = spo.virtua.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{98CED40B-A2D0-47BE-86AD-BC1FE65C0AA8}: DhcpDomain = computertec
O17 - HKLM\System\CS2\Services\Tcpip\..\{253164D3-63BB-4E54-8E81-1C52A13DB230}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{253164D3-63BB-4E54-8E81-1C52A13DB230}: DhcpNameServer = 201.6.2.82 201.6.2.172 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{98CED40B-A2D0-47BE-86AD-BC1FE65C0AA8}: DhcpNameServer = 192.168.254.90
O17 - HKLM\System\CS2\Services\Tcpip\..\{98CED40B-A2D0-47BE-86AD-BC1FE65C0AA8}: DhcpDomain = computertec
O17 - HKLM\System\CS3\Services\Tcpip\..\{253164D3-63BB-4E54-8E81-1C52A13DB230}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS3\Services\Tcpip\..\{253164D3-63BB-4E54-8E81-1C52A13DB230}: DhcpNameServer = 201.6.2.82 201.6.2.172 201.6.4.116
O17 - HKLM\System\CS3\Services\Tcpip\..\{98CED40B-A2D0-47BE-86AD-BC1FE65C0AA8}: DhcpNameServer = 192.168.254.90
O17 - HKLM\System\CS3\Services\Tcpip\..\{98CED40B-A2D0-47BE-86AD-BC1FE65C0AA8}: DhcpDomain = computertec
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.2.82 201.6.2.172 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA Rxinput.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) . (.Cyberlink Corp. - FCL Driver.) - C:\Program Files\CyberLink\PowerDVD8\000.fcl
~ Services: 25 Legitimates Filtered in 00mn 07s



---\\ Scâner Aditional (088)
Database Version : v2.12859 - (17/08/2013)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] =>Toolbar.Conduit
[HKCU\Software\SteamPopCap] =>Adware.PopCap
[HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
C:\ProgramData\hssff =>Toolbar.Conduit
C:\Users\User\AppData\Local\eSupport.com =>Rogue.RegistryWizard
C:\Program Files\Mozilla FireFox\searchplugins\yahoo-br.xml =>Toolbar.Yahoo^
~ Additionnel Scan: 341957 Items scanned in 00mn 18s



---\\ Sumário de detecções encontradas na sua estação
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype =>Toolbar.Skype
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26666257-adware-popcap =>Adware.PopCap
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ MSI: 5 link(s) detected in 00mn 18s



~ 154 Legitimates filtered by white list
End of the scan (412 lines in 00mn 52s)(0)

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Boa Noite! alvotarget


|- Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )


|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >


|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg


AdwCleaner_Clean_zps70ed4f45.jpg


|- Ps: Dê início ao scan,clicando em "Clean".

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt


-/-


|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.


ZHPFix_silent_zps532d2db6.jpg


|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".


R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{C55BBCD6-41AD-48AD-9953-3609C48EACC7} Chave orfã

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E0301295-AB3E-4AF3-979F-3D453C5F9F48} Chave orfã

O3 - Toolbar\WebBrowser: (no name) - [HKCU]{00000000-0000-0000-0000-000000000000} Chave orfã

O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 5] D:\Advanced SystemCare 5\ASCTray.exe (.not file.)


[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKCU\Software\SteamPopCap] => Infection BT (Adware.PopCap)

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype

[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype

[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype

[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] =>Toolbar.Conduit

[HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster

[HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED]

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster


C:\ProgramData\hssff =>Toolbar.Conduit

C:\Users\User\AppData\Local\eSupport.com =>Rogue.RegistryWizard

C:\Program Files\Mozilla FireFox\searchplugins\yahoo-br.xml =>Toolbar.Yahoo^

C:\ProgramData\hssff => Toolbar.Conduit

D:\Advanced SystemCare 5


proxyfix

emptytemp

emptyclsid

emptyflash

firewallraz

sysrestore


|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.


ZHPDiag_PasteClipboard.jpg


|- Clique no menu,"Paste ClipBoard".

|- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".


acerMAbC.jpg


|- Clique "GO" >> Oui.


ZHPFix_GO.jpg


|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt


Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

alvotarget    0

alvotarget
Postado

Boa noite! aqui vai o relatório.

 

# AdwCleaner v2.306 - Relatório criado em 18/08/2013 às 00:20:54
# Atualizado em 19/07/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : User - USER-PC
# Modo de Boot : Normal
# Executado de : C:\Users\User\Desktop\adwcleaner.exe
# Opção [Verificar]


***** [serviços] *****


***** [Arquivos/Pastas] *****

Pasta Encontrado : C:\Program Files\Common Files\DVDVideoSoft\TB
Pasta Encontrado : C:\Windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}

***** [Registro] *****

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Chave Encontrada : HKCU\Software\YahooPartnerToolbar
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Encontrada : HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED
Chave Encontrada : HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B4750D705E2564409328D661F3A08E1
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26E983F1377593143A37E3BA1C65CB74
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C036A97566BFD147A3318BA9E8EA65E
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CC84F27D09408149894EC0F9A7C017F
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4BDFB2601A205D344828E68FC902CAE9
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D010CDB0C7815A48A7F780C5F8AACA7
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AFEEBDA8013CAA74C8052DC06F9F22D8
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC063FFF6402E614191D191F0DE5C5B4
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F18FD125C322BC84286AD21D8B685F2F
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C8F66181D6DDD488BB6F772F71324A
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registro está limpo.

-\\ Mozilla Firefox v20.0.1 (pt-BR)

-\\ Google Chrome v28.0.1500.95

-\\ Opera v11.52.1100.0

*************************

AdwCleaner[R1].txt - [3953 octets] - [18/08/2013 00:20:54]

########## EOF - C:\AdwCleaner[R1].txt - [4013 octets] ##########

 

 

 

Rapport de ZHPFix 2013.7.20.5 par Nicolas Coolman, Update du 20/07/2013
Fichier d'export Registre :
Run by User at 18/08/2013 00:25:32
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit (Build 7600)

Recycle Files Deleted

========== Registry Key ==========
DELETED Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
DELETED Key: HKCU\Software\SteamPopCap
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
DELETED Key: HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
DELETED Key: HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
DELETED Key: HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
DELETED Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
DELETED Key: HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED
DELETED Key: HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED
DELETED Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED
DELETED Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A

========== Registry Value ==========
DELETED URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
DELETED Toolbar: {C55BBCD6-41AD-48AD-9953-3609C48EACC7}
DELETED Toolbar: {E0301295-AB3E-4AF3-979F-3D453C5F9F48}
DELETED Toolbar: {00000000-0000-0000-0000-000000000000}
DELETED RunValue: Advanced SystemCare 5
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (None) : {28052C37-59D6-45F2-9E73-04474ADD8D2B}
DELETED FirewallRaz (Public) : TCP Query User{D12F5C56-1594-4BC0-80AA-2A2E455DBF67}C:\windows\system32\rundll32.exe
DELETED FirewallRaz (Public) : UDP Query User{A4618D61-8C0F-43A5-83EA-C0071CF02EE2}C:\windows\system32\rundll32.exe
DELETED FirewallRaz (None) : {E005786A-0317-4CA5-B6F5-B6B782BC3047}
DELETED FirewallRaz (None) : {840E7B61-1F24-4DC5-95FF-053E7E14C1CF}
DELETED FirewallRaz (Public) : TCP Query User{459FB5E0-C61B-4B9D-9340-D04295EE7553}D:\steam\steamapps\common\the war z\warz.exe
DELETED FirewallRaz (Public) : UDP Query User{813392B0-B382-40E5-B59E-58ADB1F29D70}D:\steam\steamapps\common\the war z\warz.exe
DELETED FirewallRaz (Public) : TCP Query User{EE268228-4F1E-4A98-9218-C033CBCF1C7D}D:\steam\steamapps\kenxay\counter-strike source\hl2.exe
DELETED FirewallRaz (Public) : UDP Query User{5DD95B65-C2A6-4F39-85C0-FFF20E5E873F}D:\steam\steamapps\kenxay\counter-strike source\hl2.exe
DELETED FirewallRaz (None) : {24557B89-0AC8-46C2-B5D9-DABE1EFC08D3}
DELETED FirewallRaz (None) : {8D0C04FA-42FF-4D9E-B3AC-F0EDE77E1FBA}
DELETED FirewallRaz (None) : {6DF0F235-57D6-4EE6-88E5-F84DC92A77F3}
DELETED FirewallRaz (None) : {C1915461-0BDB-458E-BD57-709F6A7ADBDF}
DELETED FirewallRaz (Private) : TCP Query User{12437F92-0571-470F-B1C7-9CAA90580808}D:\steam\steamapps\common\the war z\warz.exe
DELETED FirewallRaz (Private) : UDP Query User{9C1C282C-F5CC-4106-AD9C-CF4A2905B56A}D:\steam\steamapps\common\the war z\warz.exe
DELETED FirewallRaz (Private) : TCP Query User{6B7D6789-C391-4690-BD2F-CC48355C4318}D:\steam\steamapps\kenxay\team fortress 2\hl2.exe
DELETED FirewallRaz (Private) : UDP Query User{F940B2C1-DF70-4DB1-AD92-58CDA2047F70}D:\steam\steamapps\kenxay\team fortress 2\hl2.exe

========== Repertory ==========
DELETED Folder: C:\Users\User\AppData\Local\{09EAD30A-7748-4424-80A4-CCFF9D7FAC14}
DELETED Folder: C:\Users\User\AppData\Local\{0F4A7F1B-86BC-477E-9A1E-995D26046300}
DELETED Folder: C:\Users\User\AppData\Local\{231F9D3C-50CF-4FC0-962A-FE34B5452EEF}
DELETED Folder: C:\Users\User\AppData\Local\{75397110-6710-4339-A5D9-5A48FFFC4290}
DELETED Folder: C:\Users\User\AppData\Local\{7D268D9B-51B3-473A-A2A7-7ADE53F9BED1}
DELETED Folder: C:\Users\User\AppData\Local\{8DE89F8F-812A-40E2-ACD3-444FECB34A1F}
DELETED Folder: C:\Users\User\AppData\Local\{A77F0654-6960-4B7B-9B32-0909E44B0349}
DELETED Folder: C:\Users\User\AppData\Local\{AD4B7D21-0AA3-49D6-8BF4-144344F76F79}
DELETED Folder: C:\Users\User\AppData\Local\{D492F93A-9FEC-4D43-B4C6-8EA157F3FE92}
DELETED Folder: C:\Users\User\AppData\Local\{FF05A6D1-5ED3-4291-AC1E-201DD2D55CF9}
DELETED Flash Cookies

========== File ==========
NOT FOUND File: d:\advanced systemcare 5\asctray.exe
DELETED File: C:\Program Files\Mozilla FireFox\searchplugins\yahoo-br.xml
DELETED File***: c:\program files\mozilla firefox\searchplugins\yahoo-br.xml
NOT FOUND Folder/File: c:\programdata\hssff
NOT FOUND Folder/File: d:\advanced systemcare 5
DELETED Window Temporary
DELETED Flash Cookies

========== Restoration ==========
Restore System Point created succefully


========== Summary ==========
15 : Registry Key
29 : Registry Value
11 : Repertory
7 : File
1 : Restoration


End of clean in 00mn 51s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 18/08/2013 00:25:33 [5668]


Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! alvotarget

 

|- Execute,novamente,a ferramenta AdwCleaner e clique na opção "Clean".

|- Ps: Esta opção estará na nova versão da ferramenta.

|- Poste o relatório!

|- Baixe: < 1268r49.png > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Para Windows 7,clique direito em JRT.exe e execute-o ... Executar_Administrador.jpg
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

-/-

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < 51a612a8b27e2-Zoek.png zoek.exe >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

firefoxlook;
autoclean;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

Zoek_Reboot_zpscf60b3cf.jpg

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

alvotarget    0

alvotarget
Postado

Olá bom dia!

Bom o JRT está dando um erro "7-Zip: Internal error, code 105"

Já reiniciei o PC e baixei novamente mas persiste o erro.



Olá bom dia!

Bom o JRT está dando um erro "7-Zip: Internal error, code 105"

Já reiniciei o PC e baixei novamente mas persiste o erro.

 

Olá novamente, resolvi o problema, tive que desativar o antivirus!



Aqui vai todos os relatórios!

 

# AdwCleaner v2.306 - Relatório criado em 19/08/2013 às 11:31:49
# Atualizado em 19/07/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : User - USER-PC
# Modo de Boot : Normal
# Executado de : C:\Users\User\Desktop\adwcleaner.exe
# Opção [Verificar]


***** [serviços] *****


***** [Arquivos/Pastas] *****

Pasta Encontrado : C:\Program Files\Common Files\DVDVideoSoft\TB
Pasta Encontrado : C:\Windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}

***** [Registro] *****

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Chave Encontrada : HKCU\Software\YahooPartnerToolbar
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B4750D705E2564409328D661F3A08E1
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26E983F1377593143A37E3BA1C65CB74
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C036A97566BFD147A3318BA9E8EA65E
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CC84F27D09408149894EC0F9A7C017F
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4BDFB2601A205D344828E68FC902CAE9
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D010CDB0C7815A48A7F780C5F8AACA7
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AFEEBDA8013CAA74C8052DC06F9F22D8
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC063FFF6402E614191D191F0DE5C5B4
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F18FD125C322BC84286AD21D8B685F2F
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C8F66181D6DDD488BB6F772F71324A
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registro está limpo.

-\\ Mozilla Firefox v20.0.1 (pt-BR)

-\\ Google Chrome v28.0.1500.95

-\\ Opera v11.52.1100.0

*************************

AdwCleaner[R1].txt - [4082 octets] - [18/08/2013 00:20:54]
AdwCleaner[R2].txt - [2790 octets] - [19/08/2013 11:31:49]

########## EOF - C:\AdwCleaner[R2].txt - [2850 octets] ##########

 

----------------------------

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.0 (08.18.2013:1)
OS: Windows 7 Ultimate x86
Ran by User on 19/08/2013 at 11:49:21,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_morphvox-junior_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_morphvox-junior_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_street-chaves_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_street-chaves_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_zuma_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_zuma_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\cre"



~~~ FireFox

Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\c4817zyf.default\user.js
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\c4817zyf.default\prefs.js

user_pref("CT1561552.1000082.state", "{\"state\":\"stopped\",\"text\":\"Danceradio\",\"description\":\"Danceradio\",\"url\":\"hxxp://101danceradio.com/wmx/classicrockjukebox64
user_pref("CT1561552.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.embeddedsData", "[{\"appId\":\"128491907208256770\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT1561552.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT1561552.last-search-provider", "\"google\"");
user_pref("CT1561552.last-social-provider", "\"facebook\"");
user_pref("CT1561552.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp:/
user_pref("CT1561552.search-providers", "{\"google\":[229,1345856663187],\"bing\":[2,1345607729084]}");
user_pref("CT1561552.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT1561552.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1561552\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://HotspotShield.OurToolbar.com//xpi\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Hotspot Shield\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT1561552.social-providers", "{\"facebook\":[95,1345855297652],\"gmail\":[13,1345854966330]}");
user_pref("CT1561552.toolbarAppHeartbeat", "{\"129810223371412420\":1345599035539}");
user_pref("CT1561552.toolbarNotificationSettings", "{\"sendNotifications\":{\"all\":true,\"apps\":{\"0.2646799591156723\":{\"show\":true,\"appName\":\"Iolo \",\"firstTime\":tr
user_pref("CT2765711.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
user_pref("CT2765711.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2765711.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2765711.embeddedsData", "[{\"appId\":\"129279218435694344\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2765711.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2765711.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2765711.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp:/
user_pref("CT2765711.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2765711.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2765711.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2765711.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2765711\"}");
user_pref("CT2765711.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://AFHSS.OurToolbar.com//xpi\"}");
user_pref("CT2765711.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"AF-HSS\"}");
user_pref("CT2765711.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2765711.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT2765711.toolbarAppHeartbeat", "{\"129766354890612884\":1345859783198}");
user_pref("CT2765711.toolbarNotificationQueue", "[{\"app\":0.2646799591156723,\"args\":{\"id\":0.2646799591156723,\"toolbarId\":\"CT2765711\",\"name\":\"Iolo \",\"title\":\"\"
user_pref("CT2765711.toolbarNotificationSettings", "{\"sendNotifications\":{\"all\":true,\"apps\":{\"0.2646799591156723\":{\"show\":true,\"appName\":\"Iolo \",\"firstTime\":tr
user_pref("extensions.BabylonToolbar.pnu_tb9", "{\"newVrsn\":\"2\",\"lastVrsn\":\"2\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0}");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/08/2013 at 11:53:21,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

-----------------------

 

 

 


Zoek.exe Version 4.0.0.4 Updated 19-08-2013
Tool run by User on 19/08/2013 at 11:57:21,41.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.exe [script inserted]

==== System Restore Info ======================

19/08/2013 11:58:42 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4817zyf.default

user.js not found
---- Lines CT1561552 removed from prefs.js ----

user_pref("CT1561552.1000082.state", "{\"state\":\"stopped\",\"text\":\"Danceradio\",\"description\":\"Danceradio\",\"url\":\"http://101danceradio.com/wmx/classicrockjukebox64k.wmx\"}");
user_pref("CT1561552.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.embeddedsData", "[{\"appId\":\"128491907208256770\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":true,\"jsInjection\":true,\"sslGranted\":true},\"onBeforeLoadData\":\"{\\\"view\\\":{\\\"html\\\":\\\"<table id=\\\\\\\"main\\\\\\\" class=\\\\\\\"mainwrapper\\\\\\\" cellpadding=\\\\\\\"0\\\\\\\" cellspacing=\\\\\\\"0\\\\\\\">\\\\n <tbody><tr>\\\\n <!-- don't remove the width=\\\\\\\"100%\\\\\\\" bug in chrome the width become in px-->\\\\n <td id=\\\\\\\"textboxWrapper\\\\\\\" style=\\\\\\\"width: 100%; background: none repeat scroll 0% 0% rgb(255, 255, 255);\\\\\\\" width=\\\\\\\"100%\\\\\\\">\\\\n <!-- take focuse in IE -->\\\\n <!--[if ie]>\\\\n <form onsubmit =\\\\\\\"return false;\\\\\\\" action=\\\\\\\"#\\\\\\\">\\\\n <![endif]-->\\\\n <input style=\\\\\\\"color: rgb(0, 0, 0); background: none repeat scroll 0% 0% rgb(255, 255, 255); min-width: 137px; max-width: 284px; width: 100%;\\\\\\\" id=\\\\\\\"textbox\\\\\\\" type=\\\\\\\"text\\\\\\\">\\\\n <!--[if ie]>\\\\n </form>\\\\n <![endif]-->\\\\n </td>\\\\n <td style=\\\\\\\"background: none repeat scroll 0% 0% rgb(255, 255, 255);\\\\\\\" id=\\\\\\\"infoPopupButtonWrapper\\\\\\\">\\\\n <div id=\\\\\\\"infoPopupButton\\\\\\\" class=\\\\\\\"dropdownButton no-select\\\\\\\"></div>\\\\n </td>\\\\n <td id=\\\\\\\"engineWrapperContainer\\\\\\\">\\\\n <table cellpadding=\\\\\\\"0\\\\\\\" cellspacing=\\\\\\\"0\\\\\\\">\\\\n <tbody><tr>\\\\n <td id=\\\\\\\"imageTextWrapperContainer\\\\\\\">\\\\n <table cellpadding=\\\\\\\"0\\\\\\\" cellspacing=\\\\\\\"0\\\\\\\">\\\\n <tbody><tr>\\\\n <td style=\\\\\\\"display: table-cell;\\\\\\\" id=\\\\\\\"engineWrapper\\\\\\\"><img style=\\\\\\\"display: block;\\\\\\\" id=\\\\\\\"engineImage\\\\\\\" alt=\\\\\\\"\\\\\\\" src=\\\\\\\"http://storage.conduit.com/52/156/CT1561552/images/634553228828881251_20PX.png\\\\\\\" onerror=\\\\\\\"javascript: this.src='http://storage.conduit.com/images/searchengines/go_btn_new.gif'\\\\\\\"></td>\\\\n <td style=\\\\\\\"display: table-cell;\\\\\\\" id=\\\\\\\"engineTextWrapper\\\\\\\">\\\\n <div title=\\\\\\\"Go\\\\\\\" style=\\\\\\\"color: rgb(0, 0, 0); font-family: Tahoma; font-weight: normal; font-style: normal; font-size: 11px;\\\\\\\" id=\\\\\\\"engineText\\\\\\\">Go</div>\\\\n </td>\\\\n </tr>\\\\n </tbody></table>\\\\n </td>\\\\n <td id=\\\\\\\"enginesPopupButtonWrapper\\\\\\\">\\\\n <div id=\\\\\\\"enginesPopupButton\\\\\\\" class=\\\\\\\"dropdownButton no-select\\\\\\\"> </div>\\\\n </td>\\\\n </tr>\\\\n </tbody></table>\\\\n </td>\\\\n </tr>\\\\n</tbody></table>\\\"},\\\"locale\\\":{\\\"alignMode\\\":\\\"LTR\\\",\\\"locale\\\":\\\"en-us\\\",\\\"languageAlignMode\\\":\\\"LTR\\\"}}\"},{\"appId\":\"129465890694457068\",\"apiPermissions\":{\"crossDomainAjax\":false,\"getMainFrameTitle\":false,\"getMainFrameUrl\":false,\"getSearchTerm\":false,\"instantAlert\":true,\"jsInjection\":false,\"sslGranted\":false},\"originalHeight\":0},{\"appId\":\"129623602370237963\",\"apiPermissions\":{\"crossDomainAjax\":false,\"instantAlert\":false,\"jsInjection\":false,\"sslGranted\":false,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true},\"originalHeight\":26},{\"appId\":\"1000082\",\"apiPermissions\":{\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true}},{\"appId\":\"129393336051369227\",\"apiPermissions\":{\"crossDomainAjax\":false,\"instantAlert\":true,\"jsInjection\":false,\"sslGranted\":false,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true},\"originalHeight\":28},{\"appId\":\"129599733775895750\",\"apiPermissions\":{\"crossDomainAjax\":false,\"getMainFrameTitle\":false,\"getMainFrameUrl\":false,\"getSearchTerm\":false,\"instantAlert\":true,\"jsInjection\":false,\"sslGranted\":false},\"originalHeight\":26},{\"appId\":\"129599733639330904\",\"apiPermissions\":{\"crossDomainAjax\":false,\"getMainFrameTitle\":false,\"getMainFrameUrl\":false,\"getSearchTerm\":false,\"instantAlert\":true,\"jsInjection\":false,\"sslGranted\":false},\"originalHeight\":26},{\"appId\":\"129755532604957823\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":true,\"jsInjection\":true,\"sslGranted\":false},\"originalHeight\":20},{\"appId\":\"129810223371412420\",\"apiPermissions\":{\"crossDomainAjax\":true,\"instantAlert\":true,\"jsInjection\":true,\"sslGranted\":false,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true},\"originalHeight\":26},{\"appId\":\"129834662830138324\",\"apiPermissions\":{\"crossDomainAjax\":true,\"instantAlert\":true,\"jsInjection\":true,\"sslGranted\":false,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true},\"originalHeight\":26}]");
user_pref("CT1561552.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT1561552.last-search-provider", "\"google\"");
user_pref("CT1561552.last-social-provider", "\"facebook\"");
user_pref("CT1561552.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"http://HotspotShield.OurToolbar.com/\",\"EB_TOOLBAR_ID\":\"CT1561552\",\"EB_TOOLBAR_VERSION\":\"10.10.22.13\",\"EB_ORIGINAL_CTID\":\"CT1561552\",\"EB_DOWNLOAD_PAGE\":\"http://HotspotShield.OurToolbar.com/\",\"EB_TOOLBAR_NAME\":\"Hotspot Shield\"}");
user_pref("CT1561552.search-providers", "{\"google\":[229,1345856663187],\"bing\":[2,1345607729084]}");
user_pref("CT1561552.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT1561552.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1561552\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://HotspotShield.OurToolbar.com//xpi\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Hotspot Shield\"}");
user_pref("CT1561552.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1561552.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT1561552.social-providers", "{\"facebook\":[95,1345855297652],\"gmail\":[13,1345854966330]}");
user_pref("CT1561552.toolbarAppHeartbeat", "{\"129810223371412420\":1345599035539}");
user_pref("CT1561552.toolbarNotificationSettings", "{\"sendNotifications\":{\"all\":true,\"apps\":{\"0.2646799591156723\":{\"show\":true,\"appName\":\"Iolo \",\"firstTime\":true}}}}");

---- Lines CT1561552 modified from prefs.js ----


---- Lines CT2765711 removed from prefs.js ----


---- Lines CT2765711 modified from prefs.js ----


---- Lines conduit removed from prefs.js ----


---- Lines conduit modified from prefs.js ----


---- Lines yahoo removed from prefs.js ----


---- Lines yahoo modified from prefs.js ----


---- Lines babylon removed from prefs.js ----


---- Lines babylon modified from prefs.js ----


---- Lines ask.com removed from prefs.js ----


---- Lines ask.com modified from prefs.js ----


---- Lines OneClickDownload removed from prefs.js ----


---- Lines OneClickDownload modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs_082013_1203_.backup

==== Deleting Files \ Folders ======================

"C:\Users\User\AppData\Local\{49F69778-4E84-4A46-8FF7-2331C797D3E0}" deleted
"C:\Users\User\AppData\Local\{D4BEDBAD-EE20-4EC9-819C-AB9B02988A8B}" deleted
"C:\Users\User\Downloads\FileConverter_1_1.exe" deleted
"C:\Windows\System32\Tasks\DealPlyUpdate" deleted
"C:\ProgramData\hash.dat" deleted
"C:\Users\User\AppData\Roaming\Mumble" deleted
"C:\Windows\system32\appdata" deleted
"C:\Program Files\Common Files\DVDVideoSoft\TB" deleted
"C:\Program Files\Common Files\DVDVideoSoft\bin" deleted
"C:\Windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4817zyf.default\CT1561552" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4817zyf.default\CT2765711" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4817zyf.default\CT1561552" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4817zyf.default\CT2765711" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4817zyf.default
- OneClick YouTube Downloader - %ProfilePath%\extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
- Modulo Adicional de Seguranca CAIXA - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4817zyf.default
595AC36B25E33791A54E4A72F2AEAB10 - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
5C075DC43D9BF0230DFB049C1ADC75F4 - C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
01815AF8A63F6DD5FF0AA94AA6E5FD23 - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
101700E93EB905992B518256CB441829 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
545E63EE9B530BDD10AAF477A8DD7C63 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
7EE6B6E962FD9E02BBDBF15052E0576D - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
31B2952853BA5F53BDE06DB5AC8F98AA - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll - ESN Launch Mozilla Plugin
BFD3111B723CC07E56316198617932D7 - C:\Program Files\Battlelog Web Plugins\2.1.4\npesnlaunch.dll - ESN Launch Mozilla Plugin
3A523765D795DB006C010B915C3A840A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
05C4A7136F3012BB47107333B5D351D3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.170.2
0566EC21D0C4430EDF95CEA67387BFD2 - D:\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3
079E5264E28489BD258E888F9EAB479B - D:\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3
F737E69B4F6A7E5D5FD55A5877B7BE55 - D:\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3
385B90C3373BCC938B696E4E48943F78 - D:\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3
21AC25E78901A6D1BBEB5AC7FD4E3CCA - D:\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3
9F825A31AA32CAD7778F6EE10ADD4D46 - D:\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3
E2F522DD5517AB8DF6118EE7A4BD26FD - D:\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3
A5C14075B571AF1C9592595BE724D9D2 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
E18B5B26F41D8C37CCAA7256F29F6A15 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)
EBEEC9B1FB8BC809C719713A36640966 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
FEF9ECECFA177AEC0F7564A08394D2C8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
2760DEF92BB72980BBF3F154B651FAC8 - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin
36FBE76F4F51396B0F70FC95CD7481D2 - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin
D02ED3C972BBF10890CA2A586F2C0762 - C:\Users\User\AppData\LocalLow\Sony Online Entertainment\npsoe.dll - SOE Web Installer
C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
B83062F5BFFAF797DCA67464B58970D5 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll - ESN Sonar API
87A356753B2208461DA361B13E7E909C - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
C50B22C8D91A76069A993A2B5197A296 - D:\Veetle\plugins\npVeetle.dll - Veetle TV Core
866B027053F3A40BC36126D265C78E96 - D:\Veetle\Player\npvlc.dll - Veetle TV Player
8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Windows\system32\TVUAx\npTVUAx.dll - TVU Web Player for FireFox
01F0264937036BD962563F1ADF35CE72 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
79BB0C72FD89D855561838E895EDCFFE - C:\Users\User\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll - SOE Web Installer
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
2AA3703D87E1327A2290C9D416D89A28 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29/11/2012 20:35]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02/10/2012 12:14]
mdebcffgnijbblbinknkbefciofebcda - No path found[]

RealDownloader - User - Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Skype Click to Call - User - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\User\AppData\Local\Mozilla\Firefox\Profiles\c4817zyf.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 19/08/2013 at 12:06:07,10 ======================

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! alvotarget

 

|- Baixou a nova versão de AdwCleaner?
|- Baixe: |DelFix| ( ... de Xplode )

DelFix_SetaVerde.jpg

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

delfix.gif

|- Execute-a!
|- Com as 3 checkbox marcadas!
|- Clique "Run".
|- Poste o log e informe as condições da máquina.
|- Seus logs estão limpos.

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Olá bom dia! Baixei agora o AdwCleaner mas a opção "Clean" ainda não está disponivel, acho que ficará após eu executar o Scan. Posso novamente?

Olá!

 

|- Verificou se a versão da ferramenta é a v.3000 ou superior?

 

... editando!

 

advz4z8Y.jpg

 

|- Modificaram recentemente o layout da ferramenta.

|- Clique "Scan" e se o botão "Clean" ficar ativo,pode clicar nele para cada guia que tenha acessado em Results.

 

http://imgbox.com/adegUsFH'>adegUsFH.jpg

 

|- Clique nas setinhas laterais,para ter acesso ao Firefox ou Chrome.

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Olá bom dia!

 

Sim é a versão 3.000!

E já estou fazendo isso!

Bom Dia! alvotarget

 

E a(s) contas! Continuam sendo violadas?

Troque a(s) senhas,após a limpeza que estamos efetuando.

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

alvotarget    0

alvotarget
Postado

Não não rs! Já troquei as senhas e perguntas secretas!

Só uma coisa, está ultima verificação criou 3 relatórios, um para cada guia. Posto para você ver?

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Não não rs! Já troquei as senhas e perguntas secretas!

Só uma coisa, está ultima verificação criou 3 relatórios, um para cada guia. Posto para você ver?

Olá!

 

Sim! Poste-os....

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

alvotarget    0

alvotarget
Postado

# AdwCleaner v3.000 - Report created 22/08/2013 at 09:48:23
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\User\AppData\Local\Hotspot_Shield
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4817zyf.default\.autoreg

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16470


-\\ Mozilla Firefox v20.0.1 (pt-BR)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4817zyf.default\prefs.js ]


-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1567 octets] - [22/08/2013 09:46:05]
AdwCleaner[s0].txt - [1193 octets] - [22/08/2013 09:48:23]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1253 octets] ##########

 

-

-

-

-

 

# AdwCleaner v3.000 - Report created 22/08/2013 at 09:53:25
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16470


-\\ Mozilla Firefox v20.0.1 (pt-BR)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4817zyf.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1567 octets] - [22/08/2013 09:46:05]
AdwCleaner[R1].txt - [1176 octets] - [22/08/2013 09:52:45]
AdwCleaner[s0].txt - [1333 octets] - [22/08/2013 09:48:23]
AdwCleaner[s1].txt - [793 octets] - [22/08/2013 09:53:25]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [852 octets] ##########

-

-

-

-

 

# AdwCleaner v3.000 - Report created 22/08/2013 at 09:58:15
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16470


-\\ Mozilla Firefox v20.0.1 (pt-BR)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c4817zyf.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1567 octets] - [22/08/2013 09:46:05]
AdwCleaner[R1].txt - [1176 octets] - [22/08/2013 09:52:45]
AdwCleaner[R2].txt - [1296 octets] - [22/08/2013 09:57:35]
AdwCleaner[s0].txt - [1333 octets] - [22/08/2013 09:48:23]
AdwCleaner[s1].txt - [931 octets] - [22/08/2013 09:53:25]
AdwCleaner[s2].txt - [912 octets] - [22/08/2013 09:58:15]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [971 octets] ##########


Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Olá! alvotarget

 

Bom trabalho!

Pode executar a DelFix,conforme Post anterior.

Caso queira,poste o log da DelFix.

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

alvotarget    0

alvotarget
Postado

Olá! DigRam

Aqui está o relatório!

 

# DelFix v10.4 - Logfile created 22/08/2013 at 10:34:58
# Updated 19/07/2013 by Xplode
# Username : User - USER-PC
# Operating System : Windows 7 Ultimate (32 bits)

~ Removing disinfection tools ...

Deleted : C:\ZHP
Deleted : C:\Program Files\ZHPDiag
Deleted : C:\AdwCleaner[R1].txt
Deleted : C:\AdwCleaner[R2].txt
Deleted : C:\PhysicalDisk0_MBR.bin
Deleted : C:\ZHPDiag2.exe
Deleted : C:\zoek-results.log
Deleted : C:\Users\User\Desktop\adwcleaner.exe
Deleted : C:\Users\User\Desktop\AdwCleaner[s3] relatorio ajuda nao sei oq.txt
Deleted : C:\Users\User\Desktop\JRT.exe
Deleted : C:\Users\User\Desktop\JRT.txt
Deleted : C:\Users\User\Desktop\ZHPDiag.txt
Deleted : C:\Users\User\Desktop\ZHPFixReport.txt
Deleted : C:\Users\Public\Desktop\MBRCheck.lnk
Deleted : C:\Users\Public\Desktop\ZHPDiag.lnk
Deleted : C:\Users\Public\Desktop\ZHPFix.lnk
Deleted : C:\Users\User\Downloads\AdwCleaner.exe
Deleted : C:\Users\User\Downloads\HiJackThis.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Cleaning system restore ...

Deleted : RP #480 [Removido SPORE™ | 08/17/2013 02:53:30]
Deleted : RP #482 [Removed Grand Theft Auto IV | 08/17/2013 02:58:08]
Deleted : RP #484 [P | 08/18/2013 03:24:56]
Deleted : RP #485 [zoek.exe restore point | 08/19/2013 14:58:17]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! alvotarget

 

Seus logs estão limpos! :yes:

Tudo Ok?

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito