[Resolvido] &nbspdownloads com arquivos corrompidos e interropidos ant

[vlad nunez 0]

Boa noite,tenho um notebook com 2 partições no hd.em uma uso o win.8.1 pro e na outra uso win.7 ultmate ambos 64bits.Mas aqui neste post quero me referir ao win.8.1 pro.

De uns 5 dias para cá venho percebendo um funcionamento estranho em minha maquina e em alguns programas instalados nela,principalmente com relação aos downloads,poes estes quando ñ são interrompidos antes de terminar,quando são baixados,chegam completamente corrompidos.O gerenciador de download IDM.,enlouqueceu,termina de baixar o arquivo e continua refazendo o mesmo processo sem parar,ou seja,continua baixando o mesmo arquivo,as vezes quando abro a pasta de download para ver os arquivos,ñ existe mais arquivo algum isso quado estes ñ são interrompidos antes do termino.Uso como navegador padrão o chromo e os downloads através do chromo tambem chegam corrompidos e as vezes são interrompidos antes de terminar.

Alguns programas tambem ñ estão funcionando corretamente.

 

 

Abaixo segue o log. do registro

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:00:58, on 12/11/2013

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.16384)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe

C:\Users\Vlad\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKUS\S-1-5-18\..\Run: [Agente da Carteira Bitdefender] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SISTEMA')

O4 - HKUS\S-1-5-18\..\Run: [Carteira Bitdefender] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SISTEMA')

O4 - HKUS\S-1-5-18\..\Run: [Agente de Aplicativo de Carteira Bitdefender] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\Run: [Agente da Carteira Bitdefender] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm

O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm

O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - (no file)

O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - (no file)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: WSIEChrome - (no CLSID) - (no file)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe

O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\DfsdkS64.exe

O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe

O23 - Service: @oem7.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\WINDOWS\system32\DptfParticipantProcessorService.exe (file missing)

O23 - Service: @oem7.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform & Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Ashampoo LiveTuner Service (WO_LiveService) - Unknown owner - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe

--

End of file - 7081 bytes

 

 

[DigRam 144]

Bom Dia! vlad nunez

|- Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Execute o ícone do pergaminho. ( ZHPDiag )



|- Clique: "CONFIGURE"



|- Clique: "Options" >> "All" >> OK



|- Clique: "CONFIGURE" >> "Full Analysis"
|- Aguarde a conclusão!
|- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada.
|- Volte a janela principal da ferramenta.



|- Clique "SEARCH" e aguarde a conclusão!
|- Ou clique "Options" >> "None".



|- Marque,apenas,a opção "Additional Scan (O88)".

~ Unselected Option:

O1,039,O40,O41,O42,O43,O44,O45,O46,O47,
O48,O49,O50,O51,O52,O53,O54,O55,O56,O57,
O58,O59,O60,O61,O62,O63,O64,O65,O66,O67,
O68,O69,O80,O81,O82,O83,O84,O85,O86,O87,
O89,O90,O91,O92
####

|- Desta forma,estas opções serão desabilitadas!



|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < >

|- Maiores informações: < |Link| >

A+

[vlad nunez 0]

Caro DigRam gostaria de informar que houve uma atualização do programa ( ZHPDiag ) e com isso o mesmo ganhou novas funcionalidades e ademais está quase totalmente em Português os botões da barra de ferramentas do programa que eu baixei via link acima são completamente diferente do tuto que vc. postou pra mim.

Diante disso,me atrapalhei e ñ soube como executar o mesmo.

 

Vald Nunez

[DigRam 144]

Boa Tarde! vlad nunez

 

Caro DigRam gostaria de informar que houve uma atualização do programa ( ZHPDiag ) e com isso o mesmo ganhou novas funcionalidades e ademais está quase totalmente em Português os botões da barra de ferramentas do programa que eu baixei via link acima são completamente diferente do tuto que vc. postou pra mim.

Diante disso,me atrapalhei e ñ soube como executar o mesmo.

 

Vald Nunez

|- Testei a versão v2013.11.13.29 que não teve mudança em seu layout ou gráfico.

|- Reparei que a mesma veio traduzida para o Português,e onde se lê "SEARCH" passamos a ter "PESQUISAR".

|- Diante disso,qual foi o seu atrapalho,ao manusear a ferramenta?

 

A+

[vlad nunez 0]

Desculpe pelo transtorno. segue abaixo o log.

 

~ Relatório do ZHPDiag v2013.11.12.28 - Nicolas Coolman (12/11/2013)

~ Iniciado por Vlad (14/11/2013 06:59:51)

~ Endereço do Website : http://nicolascoolman.webs.com

~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/

~ Tradução pelo utilizador

~ Estatuto da versão :

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador :

---\\ Navegadores Internet

MSIE: Internet Explorer v11.0.9600.16438 (Defaut)

MFIE: Mozilla Firefox 24.0

GCIE: Google Chrome v30.0.1599.101

---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 8 Business Edition, 64-bit Service Pack 1 (9600)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema

Kaspersky Internet Security v14.0.0.4651

Malwarebytes Anti-Malware versão 1.75.0.1300

SUPERAntiSpyware v5.6.1018

Windows Defender W8

---\\ Softwares d'optimização do sistema

CCleaner v4.07 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

Adobe Flash Player 11 Plugin

Java 7 Update 40

---\\ Informações sobre o sistema

~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 8077 MB (85% free)

System Restore: Activé (Enable)

System drive C: has 43 GB (45%) free of 95 GB

---\\ Modo de conexão ao sistema

~ Computer Name: VLADNUNEZ2014

~ User Name: Vlad

~ All Users Names: Vlad, HomeGroupUser$, Convidado, Administrador,

~ Unselected Option: None

Logged in as Administrator

---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\Vlad\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Vlad\AppData\Roaming\

~ %Desktop% : C:\Users\Vlad\Desktop\

~ %Favorites% : C:\Users\Vlad\Favorites\

~ %LocalAppData% : C:\Users\Vlad\AppData\Local\

~ %StartMenu% : C:\Users\Vlad\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 43 Go of 95 Go)

D: Hard drive, Flash drive, Thumb drive (Free 82 Go of 118 Go)

E: CD-ROM drive (Not Inserted)

F: Hard drive, Flash drive, Thumb drive (Free 35 Go of 115 Go)

H: Hard drive, Flash drive, Thumb drive (Free 116 Go of 117 Go)

---\\ Estado do Centro de Segurança do Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

~ Security Center: 46 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos

[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Windows Explorer.) (.22/10/2013 - 04:55:27.) -- C:\Windows\Explorer.exe [2328872]

[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]

[MD5.92E05214CC073A85CEDFF9BD4966F96B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.19/10/2013 - 00:53:26.) -- C:\Windows\System32\wininet.dll [2332160]

[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/08/2013 - 06:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]

[MD5.2F18065618E39AA2E656EE737B71E791] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.22/08/2013 - 07:39:40.) -- C:\Windows\System32\sppcomapi.dll [447488]

[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]

[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]

[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]

[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]

[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 08:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]

[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 08:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]

[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]

[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] - (.Microsoft Corporation - IP Network Address Translator.) (.30/09/2013 - 01:11:38.) -- C:\Windows\system32\Drivers\IpNat.sys [141824]

[MD5.6129EDB793A4255B1E2FB41773AC9D9A] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.30/09/2013 - 01:11:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [404992]

[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]

[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.22/08/2013 - 10:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]

[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]

[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]

[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.30/09/2013 - 00:58:56.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]

[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]

[MD5.9F9CE33B50611A1C61A46B8911E0B30B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.22/08/2013 - 09:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [312160]

~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes images (My Pictures) : 2/39

~ Mes musiques (My Musics) : 1/5

~ Mes Videos (My Videos) : 1/6

~ Mes Favoris (My Favorites) : 1/11

~ Mes Documents (My Documents) : 1/24

~ Mon Bureau (My Desktop) : 1/16

~ Menu demarrer (Programs) : 1/40

~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados

[MD5.3C7704D641F4B986A1BB61BE8B8A90EA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe [992448] [PID.1288]

[MD5.FA72EC09946D6A6AB3D461CEBA1CDD74] - (.CyberLink Corp. - PowerDVD 13.) -- C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [517144] [PID.1824]

[MD5.63760311F53B0E10D8C6ED95E839871F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8208384] [PID.3568]

~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\Vlad\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)

G2 - GCE: Preference [user Data\Default] [ccahoghmggldkcdjiebjkidpfongdfbl] Bitdefender Wallet v.17.19.0 (Désactivé)

G2 - GCE: Preference [user Data\Default] [mkanfekjmffmlpcpghgodmjdfbdpmhpp] Super Animes - Pokemon v.1 (Activé)

~ Google Browser: 10 Legitimates Filtered in 00mn 03s

---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 24

---\\ Outras conexões do utilizador (04)

O4 - GS\Desktop [Public]: Aiseesoft Total Media Converter Platinum.lnk . (.Aiseesoft - Aiseesoft Total Media Converter Platinum.) -- C:\Program Files (x86)\Aiseesoft Studio\Aiseesoft Total Media Converter Platinum\Aiseesoft Total Media Converter Platinum.exe

O4 - GS\Desktop [Public]: ALLConverter PRO.lnk . (.ALLCinema Ltd. - ALLConverter PRO.) -- C:\Program Files (x86)\ALLConverter PRO\ALLConverterPro.exe

O4 - GS\Desktop [Public]: BS.Player PRO.lnk . (.AB Team - BS.Player.) -- C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe

O4 - GS\Desktop [Public]: FreeSmith.lnk . (...) -- C:\Program Files (x86)\FreeSmith\FreeSmith.exe

O4 - GS\Desktop [Public]: Kaspersky Internet Security.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe

O4 - GS\Desktop [Public]: Leawo Blu-ray Player.lnk . (.Leawo - Leawo Blu-ray Player.) -- C:\Program Files (x86)\leawo\Leawo Blu-ray Player\Leawo Blu-ray Player.exe

O4 - GS\Desktop [Public]: MP3 Rocket 6.3.14 PRO.lnk . (...) -- C:\Program Files (x86)\MP3 Rocket\MP3Rocket.exe

O4 - GS\Desktop [Public]: Mp3FreeZe.exe.lnk . (...) -- C:\Program Files (x86)\Mp3FreeZe Corp\Mp3FreeZe Downloader\Mp3FreeZe.exe

O4 - GS\Desktop [Public]: RegClean Pro.lnk . (.Systweak Inc - RegClean Pro.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe =>Rogue.RegistryPowerCleaner

O4 - GS\Desktop [Public]: SUPERAntiSpyware Professional.lnk . (.SUPERAntiSpyware - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - GS\Desktop [Public]: UltraISO.lnk . (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files (x86)\UltraISO\UltraISO.exe

O4 - GS\Desktop [Public]: UMPlayer.lnk . (...) -- C:\Program Files (x86)\UMPlayer\umplayer.exe

O4 - GS\Desktop [Public]: Wondershare Player.lnk . (.Wondershare - Wondershare Player.) -- C:\Program Files (x86)\Wondershare\Player\WSPlayer.exe

O4 - GS\Program [Public]: Desktop.lnk - Chave orfã

O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O4 - GS\Program [Public]: Songr.lnk . (.Xamasoft - Songr.) -- C:\Program Files (x86)\Songr-2-Portable\Songr\Songr.exe

O4 - GS\QuickLaunch [Vlad]: Aiseesoft Total Media Converter Platinum.lnk . (.Aiseesoft - Aiseesoft Total Media Converter Platinum.) -- C:\Program Files (x86)\Aiseesoft Studio\Aiseesoft Total Media Converter Platinum\Aiseesoft Total Media Converter Platinum.exe

O4 - GS\QuickLaunch [Vlad]: ALLConverter PRO.lnk . (.ALLCinema Ltd. - ALLConverter PRO.) -- C:\Program Files (x86)\ALLConverter PRO\ALLConverterPro.exe

O4 - GS\QuickLaunch [Vlad]: BS.Player PRO.lnk . (.AB Team - BS.Player.) -- C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe

O4 - GS\QuickLaunch [Vlad]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\QuickLaunch [Vlad]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\QuickLaunch [Vlad]: MiPony.lnk . (.www.mipony.net - Mipony.) -- C:\Program Files (x86)\MiPony\MiPony.exe

O4 - GS\QuickLaunch [Vlad]: MP3 Rocket 6.3.14 PRO.lnk . (...) -- C:\Program Files (x86)\MP3 Rocket\MP3Rocket.exe

O4 - GS\QuickLaunch [Vlad]: WinX HD Video Converter Deluxe.lnk . (.Digiarty Software, Inc. - WinX HD Video Converter Deluxe.) -- C:\Program Files (x86)\Digiarty\WinX_HD_Video_Converter_Deluxe\WinX_HD_Video_Converter_Deluxe.exe =>.Xilisoft

O4 - GS\QuickLaunch [Vlad]: Wondershare Player.lnk . (.Wondershare - Wondershare Player.) -- C:\Program Files (x86)\Wondershare\Player\WSPlayer.exe

O4 - GS\QuickLaunch [Vlad]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vlad\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O4 - GS\TaskBar [Vlad]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\TaskBar [Vlad]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\TaskBar [Vlad]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O4 - GS\Program [Vlad]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\Program [Vlad]: Kaspersky Internet Security.lnk . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe

O4 - GS\Program [Vlad]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O4 - GS\SendTo [Vlad]: Transferência de Arquivo Bluetooth.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe

O4 - GS\Desktop [Vlad]: filmes - Atalho.lnk . (...) -- F:\filmes

O4 - GS\Desktop [Vlad]: MiPony.lnk . (.www.mipony.net - Mipony.) -- C:\Program Files (x86)\MiPony\MiPony.exe

O4 - GS\Desktop [Vlad]: Songr.exe - Atalho.lnk . (.Xamasoft - Songr.) -- C:\Program Files (x86)\Songr-2-Portable\Songr\Songr.exe

O4 - GS\Desktop [Vlad]: Splash PRO EX.lnk . (.Mirillis Ltd. - Splash PRO EX.) -- C:\Program Files (x86)\Mirillis\Splash PRO EX\SplashProEx.exe

O4 - GS\Desktop [Vlad]: Toolbar Cleaner.lnk . (.Visicom Media Inc. - Toolbar Cleaner.) -- C:\Program Files (x86)\Toolbar Cleaner\ToolbarCleaner.exe =>Adware.ToolbarCleaner

O4 - GS\Desktop [Vlad]: WinX HD Video Converter Deluxe.lnk . (.Digiarty Software, Inc. - WinX HD Video Converter Deluxe.) -- C:\Program Files (x86)\Digiarty\WinX_HD_Video_Converter_Deluxe\WinX_HD_Video_Converter_Deluxe.exe =>.Xilisoft

O4 - GS\Desktop [Vlad]: WO10 - Atalho.lnk . (.Ashampoo Development GmbH & Co. KG - Ashampoo WinOptimizer 10.) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WO10.exe

O4 - GS\Desktop [Vlad]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vlad\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Global Startup: 74 Legitimates Filtered in 00mn 03s

---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe

O4 - HKCU\..\RunOnce: [Application Restart #0] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - HKUS\S-1-5-18\..\Run: [Agente da Carteira Bitdefender] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (.not file.)

O4 - HKUS\S-1-5-18\..\Run: [Carteira Bitdefender] C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe (.not file.)

O4 - HKUS\S-1-5-18\..\Run: [Agente de Aplicativo de Carteira Bitdefender] C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (.not file.)

O4 - HKUS\S-1-5-21-1484110739-4102003295-3467594972-1001\..\RunOnce: [Application Restart #0] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: Teclado Virtual [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kbrd.ico

O9 - Extra button: Verificação de URLs [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\logo.ico

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{A0236399-B92E-49C8-96D1-2B7528A61067}: DhcpNameServer = 189.5.128.62 189.5.128.67 201.6.4.116

O17 - HKLM\System\CS1\Services\Tcpip\..\{A0236399-B92E-49C8-96D1-2B7528A61067}: DhcpNameServer = 189.5.128.62 189.5.128.67 201.6.4.116

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.5.128.62 189.5.128.67 201.6.4.116

~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)

O18 - Handler: WSIEChrome [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\SysWOW64\mshtml.dll

O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

~ Winlogon: Scanned in 00mn 00s

---\\ Tarefas planificadas automaticamente (039)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\ASC7_SkipUac_Vlad.job [268]

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Mp3FreeZe-Updater.job [474]

[MD5.00000000000000000000000000000000] [APT] [sBW_UpdateTask_Logon_333737303534313030392d372d55324157505a57454a2a] (...) -- C:\ProgramData\SpeedBit\sbhe.js" sbu.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [sBW_UpdateTask_Time_333737303534313030392d372d55324157505a57454a2a] (...) -- C:\ProgramData\SpeedBit\sbhe.js" sbu.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [somotoUpdateCheckerAutoStart] (...) -- C:\Users\Vlad\AppData\Local\FilesFrog Update Checker\update_checker.exe (.not file.) [0] =>Adware.MegaSearch

[MD5.00000000000000000000000000000000] [APT] [{C437F8BC-38B0-4D77-8675-C2CCB46A2AE2}] (...) -- C:\Windows.old\Program Files (x86)\UltraISO\unins000.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{DD3B7505-9F83-420A-B4D2-E47EE5CBB970}] (...) -- C:\Users\Vlad\Downloads\UNWISE.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{FC69EB9C-3E01-4666-96CF-5DDAB2274A95}] (...) -- I:\ASUS\WinFlash\WinFlash.exe (.not file.) [0]

~ Scheduled Task: 20 Legitimates Filtered in 00mn 09s

---\\ Software instalados (042)

O42 - Logiciel: Mp3FreeZe Downloader - (.Mp3FreeZe Corp..) [HKLM][64Bits] -- Mp3FreeZe Downloader 1.0.7

O42 - Logiciel: Mp3FreeZe Downloader - (.Mp3FreeZe Corp..) [HKLM][64Bits] -- {100B79D5-B2C0-4E95-9D99-4F085DD594CF}

O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM][64Bits] -- RegClean Pro_is1 =>Rogue.RegistryPowerCleaner

O42 - Logiciel: Toolbar Cleaner - (.Visicom Media Inc..) [HKLM][64Bits] -- Toolbar Cleaner =>Adware.ToolbarCleaner

~ Logic: 64 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\ARAR]

[HKCU\Software\Celular]

[HKCU\Software\Conduit] =>Toolbar.Conduit

[HKCU\Software\Drivers]

[HKCU\Software\FFE]

[HKCU\Software\Full]

[HKCU\Software\SpeedBit]

[HKCU\Software\System32]

[HKCU\Software\ToolbarCleaner]

[HKCU\Software\WSVCUPlugin]

[HKCU\Software\Win]

[HKCU\Software\superdownloads.com.br]

[HKLM\Software\SpeedBit]

[HKLM\Software\Wow6432Node\MP3 Rocket]

[HKLM\Software\Wow6432Node\Mailedsafe]

[HKLM\Software\Wow6432Node\Mp3FreeZe Corp.]

[HKLM\Software\Wow6432Node\SpeedBit]

~ Key Software: 208 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 01/11/2013 - 10:30:11 - [27,894] ----D C:\Program Files (x86)\FreeSmith

O43 - CFD: 28/09/2013 - 09:21:06 - [52,331] ----D C:\Program Files (x86)\MP3 Rocket

O43 - CFD: 11/11/2013 - 14:25:46 - [2,433] ----D C:\Program Files (x86)\Mp3FreeZe Corp

O43 - CFD: 06/11/2013 - 20:23:43 - [17,551] ----D C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner

O43 - CFD: 06/11/2013 - 20:07:08 - [0,736] ----D C:\Program Files (x86)\Toolbar Cleaner =>Adware.ToolbarCleaner

O43 - CFD: 25/10/2013 - 22:37:04 - [0,106] ----D C:\ProgramData\InstallMate =>PUP.Tarma

O43 - CFD: 01/11/2013 - 14:12:43 - [0] ----D C:\ProgramData\ProductData

O43 - CFD: 05/09/2013 - 22:44:05 - [28,177] ----D C:\ProgramData\SpeedBit

O43 - CFD: 19/10/2013 - 18:13:25 - [0] ----D C:\ProgramData\xml_param

O43 - CFD: 28/08/2013 - 22:50:15 - [0] ----D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}

O43 - CFD: 01/11/2013 - 10:34:57 - [0,006] ----D C:\Users\Vlad\AppData\Roaming\FreeSmith

O43 - CFD: 04/09/2013 - 01:47:33 - [0,009] ----D C:\Users\Vlad\AppData\Roaming\Full

O43 - CFD: 11/11/2013 - 14:38:31 - [0] ----D C:\Users\Vlad\AppData\Roaming\Mp3FreeZe Corp

O43 - CFD: 11/11/2013 - 00:20:17 - [4,797] ----D C:\Users\Vlad\AppData\Roaming\MP3Rocket

O43 - CFD: 12/09/2013 - 00:25:36 - [0,010] ----D C:\Users\Vlad\AppData\Roaming\SimpleFiles =>Adware.SimpleFiles

O43 - CFD: 24/09/2013 - 03:24:56 - [0] ----D C:\Users\Vlad\AppData\Roaming\TagJet

O43 - CFD: 08/09/2013 - 02:36:32 - [0] ----D C:\Users\Vlad\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

O43 - CFD: 11/11/2013 - 14:01:43 - [0] ----D C:\Users\Vlad\AppData\Local\Media Get LLC =>PUP.MediaGet

O43 - CFD: 11/11/2013 - 14:28:05 - [0] ----D C:\Users\Vlad\AppData\Local\MediaGet2 =>PUP.MediaGet

O43 - CFD: 11/11/2013 - 16:41:13 - [0,001] ----D C:\Users\Vlad\AppData\Local\Mp3FreeZe_Downloader

O43 - CFD: 26/10/2013 - 13:07:36 - [0,005] ----D C:\Users\Vlad\AppData\Local\SoulseekQt =>P2P.SoulSeek

O43 - CFD: 11/11/2013 - 14:01:43 - [0] ----D C:\Users\Vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2 =>PUP.MediaGet

O43 - CFD: 06/11/2013 - 19:58:37 - [0,001] ----D C:\Users\Vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner =>Adware.ToolbarCleaner

~ Program Folder: 211 Legitimates Filtered in 00mn 17s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.FD4AC0952283CA1291E7C4BEF21C2A1A] - 08/11/2013 - 01:55:09 ---A- . (.No owner - Setup/Uninstall.) -- C:\Windows\unins000.exe [764577]

O44 - LFC:[MD5.46018517D39CFEC243E3F58950248D2D] - 08/11/2013 - 01:55:13 ---A- . (...) -- C:\Windows\Read me (ask4pc).txt [1502]

O44 - LFC:[MD5.CF4452B2DE5D3AB7BEA779B3FD5772BC] - 08/11/2013 - 01:55:13 ---A- . (...) -- C:\Windows\unins000.dat [1524]

O44 - LFC:[MD5.4E8F2BB3A5A87E75C35533723B50E685] - 09/11/2013 - 10:34:27 ---A- . (...) -- C:\Windows\SysNative\user_gensett.xml [385]

O44 - LFC:[MD5.4E8F2BB3A5A87E75C35533723B50E685] - 09/11/2013 - 10:34:27 ---A- . (...) -- C:\Windows\System32\user_gensett.xml [385]

O44 - LFC:[MD5.4B1FD48432223FF190A655EE161F3634] - 11/11/2013 - 18:15:26 ---A- . (...) -- C:\bdlog.txt [6751]

O44 - LFC:[MD5.70D15E6D7F155CBBE474CD4132AEBE11] - 12/11/2013 - 10:25:40 ---A- . (...) -- C:\Windows\SysNative\ASOROSet.bin [1656]

O44 - LFC:[MD5.70D15E6D7F155CBBE474CD4132AEBE11] - 12/11/2013 - 10:25:40 ---A- . (...) -- C:\Windows\System32\ASOROSet.bin [1656]

O44 - LFC:[MD5.D2096B322A5F8D9354B61B4BFDFA7132] - 13/11/2013 - 11:23:08 ---A- . (...) -- C:\Windows\SysNative\ApnDatabase.xml [385528]

O44 - LFC:[MD5.D2096B322A5F8D9354B61B4BFDFA7132] - 13/11/2013 - 11:23:08 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [385528]

O44 - LFC:[MD5.B1DA41CC188D1E067A7C16114D9E013B] - 13/11/2013 - 11:42:12 ---A- . (...) -- C:\Windows\SysNative\prfc0416.dat [161438]

O44 - LFC:[MD5.B98C105CFA6ECAB5B9A7479A8FAED4A2] - 13/11/2013 - 11:42:12 ---A- . (...) -- C:\Windows\SysNative\prfh0416.dat [782326]

O44 - LFC:[MD5.B1DA41CC188D1E067A7C16114D9E013B] - 13/11/2013 - 11:42:12 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [161438]

O44 - LFC:[MD5.B98C105CFA6ECAB5B9A7479A8FAED4A2] - 13/11/2013 - 11:42:12 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [782326]

~ Files: 227 Legitimates Filtered in 00mn 08s

---\\ Últimos ficheiros criados no Windows Prefetch (045)

O45 - LFCP:[MD5.6696116E43A960CFCF70E264E10890C9] - 02/11/2013 - 20:11:07 ---A- - C:\Windows\Prefetch\SETUP_9.0.1.722_03.11.2013_02-A7AE65B3.pf

O45 - LFCP:[MD5.23F0F9A24DF68E7959F9E5C5417EFE12] - 02/11/2013 - 21:53:24 ---A- - C:\Windows\Prefetch\REALTIMEPROTECTOR.EXE-337E4574.pf

O45 - LFCP:[MD5.9A5C43F366D239365371BF13CFE6881E] - 04/11/2013 - 16:11:56 ---A- - C:\Windows\Prefetch\WINX_HD_VIDEO_CONVERTER_DELUX-6E5BC760.pf

O45 - LFCP:[MD5.8AF82FDB8CCA0C453D4530AA4CDE7E8A] - 05/11/2013 - 15:52:44 ---A- - C:\Windows\Prefetch\AAV_MAIN.EXE-9433194D.pf

O45 - LFCP:[MD5.E1E57F6BE7ADB219D45D30A3F6E4F17E] - 06/11/2013 - 09:28:59 ---A- - C:\Windows\Prefetch\FOOPLAYER.EXE-D7C9810D.pf

O45 - LFCP:[MD5.877CB0E6995BD84A381A4AA8C3AE3BF2] - 08/11/2013 - 22:42:18 ---A- - C:\Windows\Prefetch\FOLDERCOLORPICKER.EXE-345DE8B6.pf

O45 - LFCP:[MD5.D3471C810942A8F19CC516BE14C37BFE] - 09/11/2013 - 21:52:58 ---A- - C:\Windows\Prefetch\SUR11_SHORTCUTFIXER.EXE-2A1AFCAC.pf

O45 - LFCP:[MD5.AFB84608B767E7DBF6E4EA2BDDFA873E] - 09/11/2013 - 23:37:17 ---A- - C:\Windows\Prefetch\SUO12_STARTUPMANAGER.EXE-48B66236.pf

O45 - LFCP:[MD5.23FA4B741F4C166D6F94CD758FD4A4A6] - 10/11/2013 - 12:53:08 ---A- - C:\Windows\Prefetch\ALLPLAYER.EXE-AC7F0ABF.pf

O45 - LFCP:[MD5.19FE9BF4CE3694E958D98E6488DC1B48] - 10/11/2013 - 12:54:57 ---A- - C:\Windows\Prefetch\BDFVWIZ.EXE-BED7F0C8.pf

O45 - LFCP:[MD5.605D90D995A5678E2EFB921D0CC17ED8] - 10/11/2013 - 12:56:03 ---A- - C:\Windows\Prefetch\FREESMITH.EXE-7D74D9B9.pf

O45 - LFCP:[MD5.B563607165865F5A5647A52FD2F4766C] - 10/11/2013 - 17:32:09 ---A- - C:\Windows\Prefetch\TRIAL.EXE-406E59BE.pf

O45 - LFCP:[MD5.9A9394C948BB0ED329A2D3FFC97093CA] - 10/11/2013 - 17:36:09 ---A- - C:\Windows\Prefetch\MEDIAESPRESSO.EXE-49F81606.pf

O45 - LFCP:[MD5.EEA57F49EF99830167E491BFB2A60ABA] - 10/11/2013 - 22:54:07 ---A- - C:\Windows\Prefetch\INTEGRATEDSUPPORT.EXE-9697C868.pf

O45 - LFCP:[MD5.491ADFE2E35BFAE70B1264A09D1320FE] - 10/11/2013 - 23:00:01 ---A- - C:\Windows\Prefetch\ABOUT.EXE-101E8503.pf

O45 - LFCP:[MD5.5B7D1408644586402C2E08D66658EFCA] - 11/11/2013 - 00:59:30 ---A- - C:\Windows\Prefetch\SONGR_324409EF8CC7_PROGRAMFIL-7F33A699.pf

O45 - LFCP:[MD5.257168B66086539E12A4C1CE2E3AFB59] - 11/11/2013 - 01:06:29 ---A- - C:\Windows\Prefetch\STREAMING AUDIO RECORDER.EXE-9838877D.pf

O45 - LFCP:[MD5.D3B77C3CF1BC10F84C2735A51647BF92] - 11/11/2013 - 09:40:44 ---A- - C:\Windows\Prefetch\SONGR.EXE-A8027A17.pf

O45 - LFCP:[MD5.4372E8A293FF6B74E483CF8BB4435E81] - 11/11/2013 - 12:59:45 ---A- - C:\Windows\Prefetch\TAGJET-214-32-BITS.EXE-5D28FE15.pf

O45 - LFCP:[MD5.B03902153471B69F4420A5CECF5644B5] - 11/11/2013 - 13:25:03 ---A- - C:\Windows\Prefetch\MP3FREEZE.EXE-8270EBDE.pf

O45 - LFCP:[MD5.10C351C217013CAE263EC111D13C91E7] - 11/11/2013 - 13:26:30 ---A- - C:\Windows\Prefetch\MEDIAGET_ID2907562IDS2S.EXE-C83DA9B9.pf =>PUP.MediaGet

O45 - LFCP:[MD5.E37A4A4D2AEBE44BB822904AA1834E6E] - 11/11/2013 - 13:27:33 ---A- - C:\Windows\Prefetch\MEDIAGET_ID2907715IDS2S.EXE-A9015D41.pf =>PUP.MediaGet

O45 - LFCP:[MD5.322A32040769366B68D1389893736DF8] - 11/11/2013 - 13:28:41 ---A- - C:\Windows\Prefetch\MDC_0.6_WIN32.EXE-CE20183E.pf

O45 - LFCP:[MD5.1C09DB7265EE8FA8A122D6293CDA4CEE] - 11/11/2013 - 13:40:42 ---A- - C:\Windows\Prefetch\MP3JAM-1113-32-BITS.EXE-1C1FBA4D.pf

O45 - LFCP:[MD5.549715A8A8BEF055422A383D666B44CE] - 11/11/2013 - 13:42:07 ---A- - C:\Windows\Prefetch\MP3JAM.EXE-38583993.pf

O45 - LFCP:[MD5.4ACF250B0EE3B39842A3CA5A1F1BDE96] - 11/11/2013 - 13:42:37 ---A- - C:\Windows\Prefetch\QTRAX-20130807002-32-BITS.EXE-F2FD7242.pf =>P2P.Qtrax

O45 - LFCP:[MD5.5C2AE3CA949419EE3C035A56A31C8E67] - 11/11/2013 - 13:43:54 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-F15BC247.pf

O45 - LFCP:[MD5.FE3FE3087CE75CF73B660009AB417D94] - 11/11/2013 - 13:50:26 ---A- - C:\Windows\Prefetch\MP3JAMSETUP (1).EXE-F83935D8.pf

O45 - LFCP:[MD5.7D24293D22770306C6F2FCFD5A5A374F] - 11/11/2013 - 18:11:46 ---A- - C:\Windows\Prefetch\BDWIZREG.EXE-A38CB0DA.pf

O45 - LFCP:[MD5.BA6516754F4BE1722B43125CDBBDF7AC] - 11/11/2013 - 20:57:18 ---A- - C:\Windows\Prefetch\BOOTIM.EXE-D61D2F34.pf

O45 - LFCP:[MD5.DC99044CFD3BB946C8E76C99999BC910] - 12/11/2013 - 10:21:05 ---A- - C:\Windows\Prefetch\SSUPDATE64.EXE-5CD4C185.pf

O45 - LFCP:[MD5.0A4E3B7059765D074909CB1A7323D576] - 12/11/2013 - 10:22:14 ---A- - C:\Windows\Prefetch\KEYGEN.EXE-A76AC36A.pf

O45 - LFCP:[MD5.2920E6493D509135FAA2748E9F737888] - 12/11/2013 - 10:24:31 ---A- - C:\Windows\Prefetch\WLRMDR.EXE-8CD26CA2.pf

O45 - LFCP:[MD5.5374D3F5FBCA91D76947F3DEC959BA3E] - 12/11/2013 - 13:48:11 ---A- - C:\Windows\Prefetch\MP3FREEZE.EXE-7F9E741D.pf

O45 - LFCP:[MD5.7A7E59771264B5030A58F18945CF7B71] - 12/11/2013 - 13:54:15 ---A- - C:\Windows\Prefetch\WSPLAYER.EXE-8B656A45.pf

O45 - LFCP:[MD5.95FA2DCD6351C5425A9866332EDD281D] - 12/11/2013 - 14:03:53 ---A- - C:\Windows\Prefetch\ASCTRAY.EXE-0AC0A816.pf

O45 - LFCP:[MD5.582F30543A2F993DECB60118C289A0B0] - 12/11/2013 - 14:06:07 ---A- - C:\Windows\Prefetch\SUA13_EMPTYFOLDERSCANNER.EXE-265A4A60.pf

O45 - LFCP:[MD5.4A069A9BE494C30CFEF3F629FA5B59F5] - 12/11/2013 - 14:51:09 ---A- - C:\Windows\Prefetch\AVPUI.EXE-CBE774B8.pf

O45 - LFCP:[MD5.9816257A8DDC4EDB2BE6CEF8546474BE] - 12/11/2013 - 15:00:15 ---A- - C:\Windows\Prefetch\TOOLBARCLEANER.EXE-7D72469D.pf

O45 - LFCP:[MD5.6026D4F905EFC1E3F6DF5A93C444EEDC] - 12/11/2013 - 15:28:25 ---A- - C:\Windows\Prefetch\dynreservedpri.db

O45 - LFCP:[MD5.231BDEE05BB30AFD2F30F2BD941E522B] - 13/11/2013 - 01:03:12 ---A- - C:\Windows\Prefetch\AVSMEDIAPLAYER.EXE-D20AF44C.pf

O45 - LFCP:[MD5.C5477FC3EF70DB046CA4190EF3275A86] - 13/11/2013 - 02:12:52 ---A- - C:\Windows\Prefetch\PAVARK.EXE-029B3539.pf

O45 - LFCP:[MD5.FC6162F1EB8DD15768B2B29E26842238] - 13/11/2013 - 02:28:19 ---A- - C:\Windows\Prefetch\MBAR-1.07.0.1007.EXE-E802617E.pf

O45 - LFCP:[MD5.652F5364EB0EB3F618ACF13F5555C2E2] - 13/11/2013 - 11:43:27 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf

O45 - LFCP:[MD5.FECAAC0BB94E98AFA74063D8DEDF88F5] - 13/11/2013 - 11:58:09 ---A- - C:\Windows\Prefetch\WO10.EXE-B1832CE4.pf

O45 - LFCP:[MD5.07AECC7AFF818B969473BF4D85BC28DA] - 13/11/2013 - 15:08:26 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf

O45 - LFCP:[MD5.12D30CA2F70844110CCAA662769191AA] - 13/11/2013 - 23:20:14 ---A- - C:\Windows\Prefetch\AVPUI.EXE-CBE774B7.pf

O45 - LFCP:[MD5.9AF7DD2DA2D35A792E81D619538A4E1D] - 13/11/2013 - 23:20:15 ---A- - C:\Windows\Prefetch\PfPre_679095d7.db

O45 - LFCP:[MD5.A6FD31E12466A0A5052BB9C80899FBBF] - 14/11/2013 - 05:53:19 ---A- - C:\Windows\Prefetch\LOADINGSCREEN.EXE-22C69E92.pf

O45 - LFCP:[MD5.8E66039812A1890793DD1D8A2C50164F] - 14/11/2013 - 05:53:26 ---A- - C:\Windows\Prefetch\LEAWO BLU-RAY PLAYER.EXE-BEC1F609.pf

O45 - LFCP:[MD5.8929B883350DD0C95AC935D01CFD0665] - 14/11/2013 - 05:53:29 ---A- - C:\Windows\Prefetch\YABSS.EXE-790B9D92.pf

O45 - LFCP:[MD5.75CB27746F5BBEA3C2F3235EAFC5F87E] - 14/11/2013 - 05:55:45 ---A- - C:\Windows\Prefetch\PDVDLP.EXE-0F43BEF3.pf

O45 - LFCP:[MD5.5A0F3BD2B81F7E9BC66B05830C9C01C2] - 25/10/2013 - 16:03:43 ---A- - C:\Windows\Prefetch\MEDIA CENTER 19.EXE-BDE1EBD7.pf

O45 - LFCP:[MD5.A0413898AB08908A064EF8659F53F91C] - 25/10/2013 - 19:24:21 ---A- - C:\Windows\Prefetch\SPLASHPRO.EXE-A999D920.pf

O45 - LFCP:[MD5.3B1FFA8779F34D11658EA126BCE830DA] - 26/10/2013 - 11:46:41 ---A- - C:\Windows\Prefetch\ACDVC PRO.EXE-EE59A478.pf

O45 - LFCP:[MD5.6823D2E27D6289142C9F8FC4ED7D6A02] - 27/10/2013 - 17:39:14 ---A- - C:\Windows\Prefetch\AISEESOFT BLU-RAY PLAYER.EXE-87383F7E.pf

O45 - LFCP:[MD5.BF5CB95C9A90AE9783B34D64F54DF1F0] - 27/10/2013 - 18:12:12 ---A- - C:\Windows\Prefetch\DAPLAYER.EXE-AE6FA86C.pf

O45 - LFCP:[MD5.E22F899C91AC8B02A752112974D3C330] - 31/10/2013 - 22:25:24 ---A- - C:\Windows\Prefetch\UPDATE~1.EXE-128CCDDC.pf

~ Prefetcher: 259 Legitimates Filtered in 00mn 00s

---\\ Controlo do Modo de Segurança (CSB) (49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)

~ CSB: 19 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\Agente da Carteira Bitdefender [Key] . (...) -- c:\program files\bitdefender\bitdefender\pmbxag.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Agente de Aplicativo de Carteira Bitdefender [Key] . (...) -- c:\program files\bitdefender\bitdefender\antispam32\bdapppassmgr.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\ALLUpdate [Key] . (...) -- c:\program files (x86)\allplayer\allupdate.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\BrowserPlugInHelper [Key] . (...) -- c:\program files (x86)\iskysoft\video converter ultimate\browserpluginhelper.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Carteira Bitdefender [Key] . (...) -- c:\program files\bitdefender\bitdefender\pwdmanui.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\DelaypluginInstall [Key] . (...) -- c:\programdata\wondershare\player\delayplugini.exe

O53 - SMSR:HKLM\...\startupreg\FooPlayer [Key] . (...) -- c:\program files (x86)\fooplayer\fooplayer.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\SoMud [Key] . (...) -- c:\program files (x86)\somud\somud.exe (.not file.)

~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "NoDispCPL"=0

O55 - MWPS:[HKLM\...\Policies\System] - "VerboseStatus"=0

O55 - MWPS:[HKLM\...\Policies\System] - "Novo Valor #1"=0

~ MWPS: 23 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveTrack"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoClose"=0

~ MWPE Keys: 17 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 12/08/2013 - 20:25:46 ---A- . (.Windows ® Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]

~ Drivers: 23 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)

O61 - LFC: 14/11/2013 - 07:01:51 ---A- . (...) -- C:\Users\Vlad\AppData\Roaming\Leawo\Blu-ray Player\userdata\guisettings.xml [17581]

O61 - LFC: 14/11/2013 - 07:01:51 ---A- . (...) -- C:\Users\Vlad\AppData\Roaming\Leawo\Blu-ray Player\userdata\playlists\media\defaultPlaylist.lwpl [42]

O61 - LFC: 14/11/2013 - 07:01:51 ---A- . (...) -- C:\Users\Vlad\AppData\Roaming\Leawo\Blu-ray Player\userdata\profiles.xml [897]

~ 1 Fichiers temporaires (Temporary files)

~ Files: 17 Legitimates Filtered in 01mn 02s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <Torch> <>[HKLM\..\Shell\open\Command] (.Not Key.)

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] Web - (Web) - http://br.yhs4.search.yahoo.com

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.084BA3420505449194DA2EBC1C163BFD] [sPRF][09/11/2013] (...) -- C:\ProgramData\1384003614.bdinstall.bin [1887824]

[MD5.C4D68EC8D06420E1C2D62B756F195470] [sPRF][11/11/2013] (...) -- C:\ProgramData\1384204479.bdinstall.bin [251925]

[MD5.32F58A21782C4EE1E2849469A42274E2] [sPRF][02/11/2013] (...) -- C:\ProgramData\ntuser.dat [262144]

[MD5.16E53BFC96CE14021C0E07EB1C198478] [sPRF][27/10/2013] (...) -- C:\Users\Vlad\AppData\Roaming\inst.exe [99384]

[MD5.A9220115BF8D64017F66887732304B24] [sPRF][05/11/2013] (...) -- C:\Users\Vlad\Desktop\adwcleaner.exe [1073258]

[MD5.82589FADC12F673C18CBCA1179361595] [sPRF][21/12/2012] (.No owner - branding Dynamic Link Library.) -- C:\Program Files (x86)\branding.dll [20288]

[MD5.74CAFCDF698C8675462C98B68A739D9E] [sPRF][29/01/2013] (...) -- C:\Program Files (x86)\CCleaner.dat [88] =>Piriform Ltd

~ Files: 10 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "TCP Query User{FA06E528-50B1-4E3E-BC86-DD8A1D47F786}C:\program files (x86)\leawo\leawo blu-ray player\leawo blu-ray player.exe" | In - Public - P6 - TRUE | .(.Leawo.) -- C:\program files (x86)\leawo\leawo blu-ray player\leawo blu-ray player.exe

O87 - FAEL: "UDP Query User{EE39CE0D-39CE-4369-8788-97177E5C8517}C:\program files (x86)\leawo\leawo blu-ray player\leawo blu-ray player.exe" | In - Public - P17 - TRUE | .(.Leawo.) -- C:\program files (x86)\leawo\leawo blu-ray player\leawo blu-ray player.exe

~ Firewall: 238 Legitimates Filtered in 00mn 00s

---\\ Listagem dos códigos dos software (PUC) (090)

O90 - PUC: "5D97B0010C2B59E4D999F480D55D49FC" . (.Mp3FreeZe Downloader.) -- C:\WINDOWS\Installer\{100B79D5-B2C0-4E95-9D99-4F085DD594CF}\icon.exe

~ Update Products: 15 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)

[MD5.0D7A72DC3165E31E71BC9E18649FD08F] [WIS][10/10/2013] (.Mp3FreeZe Corp. - Mp3FreeZe Downloader.) -- C:\Windows\Installer\9545f.msi [1801216]

~ WIS: 16 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Disabled 07/05/2013 143088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE64.exe

SS - | Disabled 25/10/2013 878368 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

SS - | Disabled 25/06/2013 208384 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Windows\System32\AdminService.exe

SR - | Auto 14/10/2013 214512 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe

SS - | Demand 01/10/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe

SS - | Disabled 13/09/2013 77576 | (CyberLink PowerDVD 13 Media Server Monitor Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe

SS - | Disabled 13/09/2013 327432 | (CyberLink PowerDVD 13 Media Server Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe

SS - | Demand 24/08/2009 544768 | (DfSdkS) . (.mst software GmbH, Germany.) - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\DfsdkS64.exe

SS - | Demand 25/06/2013 632352 | (Disc Soft Bus Service) . (.Disc Soft Ltd.) - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe

SR - | Auto 30/07/2012 29056 | (DptfParticipantProcessorService) . (...) - C:\Windows\System32\DptfParticipantProcessorService.exe

SR - | Auto 30/07/2012 30592 | (DptfPolicyConfigTDPService) . (...) - C:\Windows\System32\DptfPolicyConfigTDPService.exe

SS - | Disabled 27/10/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 27/10/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Disabled 25/10/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

SS - | Demand 12/10/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe

SS - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SS - | Demand 15/05/2013 885096 | (WO_LiveService) . (...) - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe

SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 13/09/2013 130320 | ({09F57980-3432-4AFC-957D-27AC45FAE1F5}) . (.CyberLink Corp..) - C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl

~ Services: Scanned in 00mn 02s

---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)

Run by Vlad at 14/11/2013 07:02:37

~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s

---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)

Written by ad13, http://ad13.geekstog

Run by Vlad at 14/11/2013 07:02:39

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s

---\\ Scâner Aditional (088)

Database Version : 12994 - (12/11/2013)

Clés trouvées (Keys found) : 2

Valeurs trouvées (Values found) : 4

Dossiers trouvés (Folders found) : 10

Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1] =>Rogue.RegistryPowerCleaner^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner] =>Adware.ToolbarCleaner^

C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner^

C:\Program Files (x86)\Toolbar Cleaner =>Adware.ToolbarCleaner^

C:\ProgramData\InstallMate =>PUP.Tarma^

C:\Users\Vlad\AppData\Roaming\SimpleFiles =>Adware.SimpleFiles^

C:\Users\Vlad\AppData\Local\Media Get LLC =>PUP.MediaGet^

C:\Users\Vlad\AppData\Local\MediaGet2 =>PUP.MediaGet^

C:\Users\Vlad\AppData\Local\SoulseekQt =>P2P.SoulSeek^

C:\Users\Vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2 =>PUP.MediaGet^

C:\Users\Vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner =>Adware.ToolbarCleaner^

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro =>Rogue.RegistryPowerCleaner

[HKCU\Software\Conduit] =>Toolbar.Conduit^

~ Additionnel Scan: 181207 Items scanned in 00mn 12s

---\\ Sumário das deteções encontradas na sua estação

~ http://nicolascoolman.webs.com/apps/blog/show/29295819-rogue-registrypowercleaner =>Rogue.RegistryPowerCleaner

~ http://nicolascoolman.webs.com/apps/blog/show/33105275-adware-toolbarcleaner =>Adware.ToolbarCleaner

~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch

~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit

~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma

~ http://nicolascoolman.webs.com/apps/blog/show/33161900-adware-simplefiles =>Adware.SimpleFiles

~ http://nicolascoolman.webs.com/apps/blog/show/28151468-pup-mediaget =>PUP.MediaGet

~ MSI: 7 link(s) detected in 00mn 12s

~ 1462 Legitimates filtered by white list

End of the scan (589 lines in 03mn 02s)(0)

[DigRam 144]

Boa Noite! vlad nunez

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como



|- Ps: Dê início à ferramenta,clicando em "Scan".
|- Ao concluir,clique "Clean" >> Clique "Report".
|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

-/-

|- Execute este script na ferramenta ZHPFix.
|- Copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c
|- À seguir,minimize o Bloco de Notas.

script zhpfix
[MD5.00000000000000000000000000000000] [APT] [somotoUpdateCheckerAutoStart] (...) -- C:\Users\Vlad\AppData\Local\FilesFrog Update Checker\update_checker.exe (.not file.) [0] =>Adware.MegaSearch
[MD5.00000000000000000000000000000000] [APT] [sBW_UpdateTask_Logon_333737303534313030392d372d55324157505a57454a2a] (...) -- C:\ProgramData\SpeedBit\sbhe.js" sbu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [sBW_UpdateTask_Time_333737303534313030392d372d55324157505a57454a2a] (...) -- C:\ProgramData\SpeedBit\sbhe.js" sbu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C437F8BC-38B0-4D77-8675-C2CCB46A2AE2}] (...) -- C:\Windows.old\Program Files (x86)\UltraISO\unins000.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DD3B7505-9F83-420A-B4D2-E47EE5CBB970}] (...) -- C:\Users\Vlad\Downloads\UNWISE.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FC69EB9C-3E01-4666-96CF-5DDAB2274A95}] (...) -- I:\ASUS\WinFlash\WinFlash.exe (.not file.) [0]
[MD5.084BA3420505449194DA2EBC1C163BFD] [sPRF][09/11/2013] (...) -- C:\ProgramData\1384003614.bdinstall.bin [1887824]
[MD5.C4D68EC8D06420E1C2D62B756F195470] [sPRF][11/11/2013] (...) -- C:\ProgramData\1384204479.bdinstall.bin [251925]
O4 - GS\Desktop [Public]: RegClean Pro.lnk . (.Systweak Inc - RegClean Pro.) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe =>Rogue.RegistryPowerCleaner
O4 - GS\Desktop [Vlad]: Toolbar Cleaner.lnk . (.Visicom Media Inc. - Toolbar Cleaner.) -- C:\Program Files (x86)\Toolbar Cleaner\ToolbarCleaner.exe =>Adware.ToolbarCleaner
O42 - Logiciel: RegClean Pro - (.Systweak Inc.) [HKLM][64Bits] -- RegClean Pro_is1 =>Rogue.RegistryPowerCleaner
O42 - Logiciel: Toolbar Cleaner - (.Visicom Media Inc..) [HKLM][64Bits] -- Toolbar Cleaner =>Adware.ToolbarCleaner
O43 - CFD: 06/11/2013 - 20:23:43 - [17,551] ----D C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner
O43 - CFD: 06/11/2013 - 20:07:08 - [0,736] ----D C:\Program Files (x86)\Toolbar Cleaner =>Adware.ToolbarCleaner
O43 - CFD: 25/10/2013 - 22:37:04 - [0,106] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 12/09/2013 - 00:25:36 - [0,010] ----D C:\Users\Vlad\AppData\Roaming\SimpleFiles =>Adware.SimpleFiles
O43 - CFD: 11/11/2013 - 14:01:43 - [0] ----D C:\Users\Vlad\AppData\Local\Media Get LLC =>PUP.MediaGet
O43 - CFD: 11/11/2013 - 14:28:05 - [0] ----D C:\Users\Vlad\AppData\Local\MediaGet2 =>PUP.MediaGet
O43 - CFD: 11/11/2013 - 14:01:43 - [0] ----D C:\Users\Vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2 =>PUP.MediaGet
O43 - CFD: 06/11/2013 - 19:58:37 - [0,001] ----D C:\Users\Vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner =>Adware.ToolbarCleaner
O43 - CFD: 01/11/2013 - 14:12:43 - [0] ----D C:\ProgramData\ProductData
O43 - CFD: 19/10/2013 - 18:13:25 - [0] ----D C:\ProgramData\xml_param
O43 - CFD: 28/08/2013 - 22:50:15 - [0] ----D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
O45 - LFCP:[MD5.10C351C217013CAE263EC111D13C91E7] - 11/11/2013 - 13:26:30 ---A- - C:\Windows\Prefetch\MEDIAGET_ID2907562IDS2S.EXE-C83DA9B9.pf =>PUP.MediaGet
O45 - LFCP:[MD5.E37A4A4D2AEBE44BB822904AA1834E6E] - 11/11/2013 - 13:27:33 ---A- - C:\Windows\Prefetch\MEDIAGET_ID2907715IDS2S.EXE-A9015D41.pf =>PUP.MediaGet
O45 - LFCP:[MD5.4ACF250B0EE3B39842A3CA5A1F1BDE96] - 11/11/2013 - 13:42:37 ---A- - C:\Windows\Prefetch\QTRAX-20130807002-32-BITS.EXE-F2FD7242.pf =>P2P.Qtrax
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O53 - SMSR:HKLM\...\startupreg\ALLUpdate [Key] . (...) -- c:\program files (x86)\allplayer\allupdate.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\BrowserPlugInHelper [Key] . (...) -- c:\program files (x86)\iskysoft\video converter ultimate\browserpluginhelper.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\FooPlayer [Key] . (...) -- c:\program files (x86)\fooplayer\fooplayer.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SoMud [Key] . (...) -- c:\program files (x86)\somud\somud.exe (.not file.)
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\System32]
[HKCU\Software\ToolbarCleaner]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1] =>Rogue.RegistryPowerCleaner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner] =>Adware.ToolbarCleaner^
C:\Program Files (x86)\RegClean Pro =>Rogue.RegistryPowerCleaner^
C:\Program Files (x86)\Toolbar Cleaner =>Adware.ToolbarCleaner^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\Vlad\AppData\Roaming\SimpleFiles =>Adware.SimpleFiles^
C:\Users\Vlad\AppData\Local\Media Get LLC =>PUP.MediaGet^
C:\Users\Vlad\AppData\Local\MediaGet2 =>PUP.MediaGet^
C:\Users\Vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2 =>PUP.MediaGet^
C:\Users\Vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner =>Adware.ToolbarCleaner^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro =>Rogue.RegistryPowerCleaner
firewallraz
emptyflash
emptytemp
emptyclsid

|- Abra a ferramenta ZHPFix.
|- Clique IMPORTAÇÃO >> OK. ( Irá acionar a opção colar! )
|- Clique "GO".
|- Poste o relatório!

A+

[vlad nunez 0]

Segue log. Adwcleaner

 

# AdwCleaner v3.012 - Relatório criado 14/11/2013 às 21:33:33

# Atualizado 11/11/2013 por Xplode

# Sistema Operacional : Windows 8.1 Pro (64 bits)

# Usuário : Vlad - VLADNUNEZ2014

# Executando de : C:\Users\Vlad\Desktop\adwcleaner.exe

# Opção : Examinar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Users\Public\Desktop\RegClean Pro.lnk

Arquivo Encontrado : C:\WINDOWS\System32\Tasks\RegClean Pro

Pasta Encontrado C:\Program Files (x86)\RegClean Pro

Pasta Encontrado C:\Program Files (x86)\Toolbar Cleaner

Pasta Encontrado C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro

Pasta Encontrado C:\Users\Vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner

Pasta Encontrado C:\Users\Vlad\AppData\Roaming\Systweak

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Encontrada : HKCU\Software\Conduit

Chave Encontrada : HKCU\Software\systweak

Chave Encontrada : [x64] HKCU\Software\Conduit

Chave Encontrada : [x64] HKCU\Software\systweak

Chave Encontrada : HKLM\Software\hdcode

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Chave Encontrada : HKLM\Software\systweak

Chave Encontrada : HKLM\Software\Toolbar Cleaner

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16384

-\\ Mozilla Firefox v24.0 (pt-BR)

[ Arquivo : C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\xlnyvy0n.default\prefs.js ]

-\\ Google Chrome v30.0.1599.101

[ Arquivo : C:\Users\Vlad\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R10].txt - [2432 octets] - [10/10/2013 00:11:21]

AdwCleaner[R11].txt - [5869 octets] - [31/10/2013 23:20:41]

AdwCleaner[R12].txt - [5284 octets] - [31/10/2013 23:44:43]

AdwCleaner[R13].txt - [2846 octets] - [05/11/2013 17:27:12]

AdwCleaner[R14].txt - [4054 octets] - [12/11/2013 16:02:58]

AdwCleaner[R15].txt - [2037 octets] - [14/11/2013 21:33:33]

AdwCleaner[R3].txt - [1697 octets] - [08/09/2013 23:21:05]

AdwCleaner[R4].txt - [1188 octets] - [13/09/2013 15:22:37]

AdwCleaner[R5].txt - [1318 octets] - [13/09/2013 23:56:40]

AdwCleaner[R6].txt - [1257 octets] - [14/09/2013 00:58:57]

AdwCleaner[R7].txt - [1524 octets] - [16/09/2013 10:46:34]

AdwCleaner[R8].txt - [1735 octets] - [24/09/2013 16:46:53]

AdwCleaner[R9].txt - [1648 octets] - [27/09/2013 15:42:22]

AdwCleaner[s10].txt - [2794 octets] - [05/11/2013 17:28:13]

AdwCleaner[s11].txt - [3790 octets] - [12/11/2013 16:05:00]

AdwCleaner[s2].txt - [1538 octets] - [08/09/2013 23:22:26]

AdwCleaner[s3].txt - [1195 octets] - [13/09/2013 15:23:22]

AdwCleaner[s4].txt - [1276 octets] - [13/09/2013 23:57:40]

AdwCleaner[s5].txt - [1530 octets] - [16/09/2013 10:47:52]

AdwCleaner[s6].txt - [1737 octets] - [24/09/2013 16:47:41]

AdwCleaner[s7].txt - [1656 octets] - [27/09/2013 15:43:12]

AdwCleaner[s8].txt - [2385 octets] - [10/10/2013 00:12:14]

AdwCleaner[s9].txt - [4889 octets] - [31/10/2013 23:46:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R15].txt - [3120 octets] ##########

 

 

log. adwcleaner após a limpeza

 

 

 

 

# AdwCleaner v3.012 - Relatório criado 14/11/2013 às 21:48:24

# Atualizado 11/11/2013 por Xplode

# Sistema Operacional : Windows 8.1 Pro (64 bits)

# Usuário : Vlad - VLADNUNEZ2014

# Executando de : C:\Users\Vlad\Desktop\adwcleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro

Pasta Deletada : C:\Program Files (x86)\RegClean Pro

Pasta Deletada : C:\Program Files (x86)\Toolbar Cleaner

Pasta Deletada : C:\Users\Vlad\AppData\Roaming\Systweak

Pasta Deletada : C:\Users\Vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner

Arquivo Deletada : C:\Users\Public\Desktop\RegClean Pro.lnk

Arquivo Deletada : C:\WINDOWS\System32\Tasks\RegClean Pro

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKCU\Software\Conduit

Chave Deletedo : HKCU\Software\systweak

Chave Deletedo : HKLM\Software\hdcode

Chave Deletedo : HKLM\Software\systweak

Chave Deletedo : HKLM\Software\Toolbar Cleaner

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16384

-\\ Mozilla Firefox v24.0 (pt-BR)

[ Arquivo : C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\xlnyvy0n.default\prefs.js ]

-\\ Google Chrome v30.0.1599.101

[ Arquivo : C:\Users\Vlad\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R10].txt - [2432 octets] - [10/10/2013 00:11:21]

AdwCleaner[R11].txt - [5869 octets] - [31/10/2013 23:20:41]

AdwCleaner[R12].txt - [5284 octets] - [31/10/2013 23:44:43]

AdwCleaner[R13].txt - [2846 octets] - [05/11/2013 17:27:12]

AdwCleaner[R14].txt - [4054 octets] - [12/11/2013 16:02:58]

AdwCleaner[R15].txt - [3209 octets] - [14/11/2013 21:33:52]

AdwCleaner[R16].txt - [3270 octets] - [14/11/2013 21:47:50]

AdwCleaner[R3].txt - [1697 octets] - [08/09/2013 23:21:05]

AdwCleaner[R4].txt - [1188 octets] - [13/09/2013 15:22:37]

AdwCleaner[R5].txt - [1318 octets] - [13/09/2013 23:56:40]

AdwCleaner[R6].txt - [1257 octets] - [14/09/2013 00:58:57]

AdwCleaner[R7].txt - [1524 octets] - [16/09/2013 10:46:34]

AdwCleaner[R8].txt - [1735 octets] - [24/09/2013 16:46:53]

AdwCleaner[R9].txt - [1648 octets] - [27/09/2013 15:42:22]

AdwCleaner[s10].txt - [2794 octets] - [05/11/2013 17:28:13]

AdwCleaner[s11].txt - [3790 octets] - [12/11/2013 16:05:00]

AdwCleaner[s12].txt - [2592 octets] - [14/11/2013 21:48:24]

AdwCleaner[s2].txt - [1538 octets] - [08/09/2013 23:22:26]

AdwCleaner[s3].txt - [1195 octets] - [13/09/2013 15:23:22]

AdwCleaner[s4].txt - [1276 octets] - [13/09/2013 23:57:40]

AdwCleaner[s5].txt - [1530 octets] - [16/09/2013 10:47:52]

AdwCleaner[s6].txt - [1737 octets] - [24/09/2013 16:47:41]

AdwCleaner[s7].txt - [1656 octets] - [27/09/2013 15:43:12]

AdwCleaner[s8].txt - [2385 octets] - [10/10/2013 00:12:14]

AdwCleaner[s9].txt - [4889 octets] - [31/10/2013 23:46:39]

########## EOF - C:\AdwCleaner\AdwCleaner[s12].txt - [3133 octets] ##########

[DigRam 144]

Boa Noite! vlad nunez

#####
AdwCleaner[S12].txt - [2592 octets] - [14/11/2013 21:48:24]
#####

|- Esta ferramenta foi muito utilizada por vc...fez isso por conta própria?

-/-

|- Poste o relatório! ( ZHPFix )

A+

[vlad nunez 0]

Rapport de ZHPFix 2013.11.14.5 par Nicolas Coolman, Update du 14/11/2013

Fichier d'export Registre :

Run by Vlad at 14/11/2013 22:13:35

High Elevated Privileges : OK

Windows 8 Business Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 10s)

========== Chaves do Registo ==========

ELIMINÉ O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)

ELIMINÉ O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)

ELIMINÉ:* StartupReg: ALLUpdate

ELIMINÉ:* StartupReg: BrowserPlugInHelper

ELIMINÉ:* StartupReg: FooPlayer

ELIMINÉ:* StartupReg: SoMud

ELIMINÉ: HKCU\Software\System32

ELIMINÉ: HKCU\Software\ToolbarCleaner

========== Valores do Registo ==========

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

ELIMINÉ: FirewallRaz (Domain) : {9E3D57FC-7C37-4424-9352-4831E97D029D}

ELIMINÉ: FirewallRaz (Domain) : {548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}

ELIMINÉ: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}

ELIMINÉ: FirewallRaz (None) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}

========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========

ELIMINÉ: C:\ProgramData\1384003614.bdinstall.bin

ELIMINÉ: C:\ProgramData\1384204479.bdinstall.bin

ELIMINÉ: c:\users\vlad\desktop\toolbar cleaner.lnk

ELIMINÉ: c:\windows\prefetch\mediaget_id2907562ids2s.exe-c83da9b9.pf

ELIMINÉ: c:\windows\prefetch\mediaget_id2907715ids2s.exe-a9015d41.pf

ELIMINÉ: c:\windows\prefetch\qtrax-20130807002-32-bits.exe-f2fd7242.pf

ELIMINÉ Flash Cookies (0) (0 octets)

ELIMINÉ Temporários windows (36) (30.699.159 octets)

========== Tarefa planificada ==========

ELIMINÉ: SomotoUpdateCheckerAutoStart

ELIMINÉ: SBW_UpdateTask_Logon_333737303534313030392d372d55324157505a57454a2a

ELIMINÉ: SBW_UpdateTask_Time_333737303534313030392d372d55324157505a57454a2a

ELIMINÉ: {C437F8BC-38B0-4D77-8675-C2CCB46A2AE2}

ELIMINÉ: {DD3B7505-9F83-420A-B4D2-E47EE5CBB970}

ELIMINÉ: {FC69EB9C-3E01-4666-96CF-5DDAB2274A95}

========== Recapitulativo ==========

8 : Chaves do Registo

6 : Valores do Registo

1 : Pastas

8 : Ficheiros

6 : Tarefa planificada

End of clean in 00mn 22s

========== Caminho do ficheiro do relatório ==========

C:\Users\Vlad\AppData\Roaming\ZHP\ZHPFix[R1].txt - 13/11/2013 12:23:20 [573]

C:\Users\Vlad\AppData\Roaming\ZHP\ZHPFix[R2].txt - 13/11/2013 12:24:00 [770]

C:\Users\Vlad\AppData\Roaming\ZHP\ZHPFix[R3].txt - 14/11/2013 21:11:48 [624]

C:\Users\Vlad\AppData\Roaming\ZHP\ZHPFix[R4].txt - 14/11/2013 22:13:45 [2623]

É que eu fiz primeiro o escaneamento e tinha esquecido de fazer a limpeza

[DigRam 144]

Boa Noite! vlad nunez

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < zoek.exe >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;
iedefaults;
chromelook;
autoclean;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

 

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.



|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

A+

[vlad nunez 0]

log do zoek

 

 

 

 

 

 

 

Zoek.exe Version 4.0.0.5 Updated 14-November-2013

Tool run by Vlad on 14/11/2013 at 23:01:01,10.

Microsoft 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Vlad\Desktop\zoek\zoek.pif [script inserted]

==== System Restore Info ======================

14/11/2013 23:02:07 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\ProgramData\Malwarebytes' Anti-Malware (portable) deleted

C:\PROGRA~2\Wondershare deleted

C:\Users\Vlad\AppData\Roaming\eCyber deleted

C:\ProgramData\SpeedBit deleted

C:\ProgramData\SummerSoft deleted

C:\Users\Vlad\AppData\Local\CRE deleted

C:\Users\Vlad\AppData\Local\NativeMessaging deleted

C:\Users\Vlad\AppData\Local\Wondershare deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted

"C:\Users\Vlad\AppData\Roaming\Vso" deleted

"C:\Users\Vlad\AppData\Roaming\ArcSoft" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [07/11/2013 23:32]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"mozilla_cc@internetdownloadmanager.com"="C:\Users\Vlad\AppData\Roaming\IDM\idmmzcc5" [10/10/2013 00:41]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\xlnyvy0n.default

- IDM CC - C:\Users\Vlad\AppData\Roaming\IDM\idmmzcc5

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Vlad\AppData\Roaming\Mozilla\Firefox\Profiles\xlnyvy0n.default

AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43

E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash

369EC92E676537A3F86C5074BA30FC96 - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

Super Animes - Pokemon - Vlad - Default\Extensions\mkanfekjmffmlpcpghgodmjdfbdpmhpp

Google Wallet - Vlad - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agente da Carteira Bitdefender deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agente de Aplicativo de Carteira Bitdefender deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Carteira Bitdefender deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKCU\..\Run: [blazeServoTool] "C:\Program Files (x86)\BlazeVideo\BlazeVideo HDTV Player Professional\MediaDetector.exe"

O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session http://www.facebook.com/n/?index.php&medium=email&mid=8e77738G5af32437ab4aG0G2b&bcode=1.1383954954.AbljQKRH2FFmJQow&n_m=valdei39%40hotmail.com&lloc=cta

O4 - HKUS\S-1-5-18\..\Run: [Agente da Carteira Bitdefender] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SISTEMA')

O4 - HKUS\S-1-5-18\..\Run: [Carteira Bitdefender] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SISTEMA')

O4 - HKUS\S-1-5-18\..\Run: [Agente de Aplicativo de Carteira Bitdefender] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\Run: [Agente da Carteira Bitdefender] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm

O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - (no file)

O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - (no file)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: WSIEChrome - (no CLSID) - (no file)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe

O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\DfsdkS64.exe

O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe

O23 - Service: @oem7.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\WINDOWS\system32\DptfParticipantProcessorService.exe (file missing)

O23 - Service: @oem7.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform & Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Ashampoo LiveTuner Service (WO_LiveService) - Unknown owner - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Vlad\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Vlad\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Vlad\AppData\Local\Mozilla\Firefox\Profiles\xlnyvy0n.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Vlad\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Vlad\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\Users\Vlad\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 14/11/2013 at 23:10:31,72 ======================

[DigRam 144]

Boa Noite! vlad nunez

 

|- E o IDM? Ainda baixa arquivos e os corrompe?

 

A+

[vlad nunez 0]

vou coloca-lo à prova amanhã cedo,quanto ao chromo ja baixei vários arquivos hoje e todos chegaram intactos.Sem problemas...

Quero que vc. me diga qual era o broblema,era Rootkit? Pq. o adwcleaner reconhece o toolbarcleaner e o regcleaner como programas maliciosos?Por várias vzs. o adwcleaner excluiu o resgistro de ambos e eu reeintalei novamente...

[DigRam 144]

Bom Dia! vlad nunez

< http://nicolascoolma...trypowercleaner =>Rogue.RegistryPowerCleaner
~ http://nicolascoolma...-toolbarcleaner =>Adware.ToolbarCleaner
~ http://nicolascoolma...ware-megasearch =>Adware.MegaSearch
~ http://nicolascoolma...toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolma...9-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolma...are-simplefiles =>Adware.SimpleFiles
~ http://nicolascoolma...68-pup-mediaget =>PUP.MediaGet

|- Eis,descrito logo àcima,os problemas encontrados em seu PC.

A+

[vlad nunez 0]

ok,eu vi

 

valeuuuuuuu ate a próxima mano brigaduuuuuuuuuuuuuu...

 

problema resolvido

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.