Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

LFABER

[Resolvido] &nbspWebSearch.SearchSun e Propagandas indesejadas!

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

LFABER    0

LFABER
Postado

Olá, deixo aqui o Log do HijackThis!!

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:34:56, on 11/03/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchsun.info/?pid=724&r=2014/03/11&hid=11374417485647289891&lg=EN&cc=BR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchsun.info/?pid=724&r=2014/03/11&hid=11374417485647289891&lg=EN&cc=BR
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEHelper Class - {C6EA5A8D-8B01-4498-8B9A-B40AA281035F} - C:\Program Files (x86)\Retsina Software\IEJet\popkiller.dll
O2 - BHO: NextCoup - {CE3E4642-8D4C-7EF1-7E7F-463A2A2F77CC} - C:\Program Files (x86)\NextCoup\ALE4.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Users\Leila\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Leila\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: IEJet - {44F4B2D4-ED9F-4c9c-9D54-725FE9895554} - C:\Program Files (x86)\Retsina Software\IEJet\popkiller.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: NameServer = 200.225.197.37,200.225.197.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{D152D76F-2308-440B-B198-4E8DD73FE0AE}: NameServer = 200.225.197.37
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10364 bytes

Abr, LFABER.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! LFABER

|- Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

|- Ao acessar,clique na imagem: < download-button-jdownloads.png >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg

advz4z8Y.jpg

|- Ps: Dê início ao scan,clicando em "Examinar".
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

LFABER    0

LFABER
Postado

Digníssimo DigRam, na dúvida, envio o Relatório!!!

 

# AdwCleaner v3.022 - Report created 14/03/2014 at 11:24:52
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Leila - LEILA-PC
# Running from : C:\Users\Leila\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
File Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\searchplugins\WebSearch.xml
Folder Found : C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\chuo5oi8@ykv-.org
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\chuo5oi8@ykv-.org
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\chuo5oi8@ykv-.org
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\donottrackplus@abine.com
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\donottrackplus@abine.com
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\donottrackplus@abine.com
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\eaeiztlpqw@ujl-.net
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\eaeiztlpqw@ujl-.net
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\eaeiztlpqw@ujl-.net
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\lxczk@bksw-.com
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\lxczk@bksw-.com
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\lxczk@bksw-.com
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\xqyha@czgouu.edu
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\xqyha@czgouu.edu
Folder Found : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\xqyha@czgouu.edu
Folder Found C:\Program Files (x86)\SSearccH-NEwTab
Folder Found C:\Program Files (x86)\SSearccH-NEwTab
Folder Found C:\Program Files (x86)\webSaVE
Folder Found C:\Program Files (x86)\YoutubeAdblocker
Folder Found C:\Program Files (x86)\YoutubeAdblocker
Folder Found C:\ProgramData\SSearccH-NEwTab
Folder Found C:\ProgramData\SSearccH-NEwTab
Folder Found C:\ProgramData\webSaVE
Folder Found C:\ProgramData\YoutubeAdblocker
Folder Found C:\ProgramData\YoutubeAdblocker
Folder Found C:\Users\Leila\AppData\Local\torch
Folder Found C:\Users\Leila\AppData\Roaming\EZDownloader

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://websearch.searchsun.info/?pid=724&r=2014/03/11&hid=11374417485647289891&lg=EN&cc=BR
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] - hxxp://websearch.searchsun.info/?pid=724&r=2014/03/11&hid=11374417485647289891&lg=EN&cc=BR

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "WebSearch");
Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.searchsun.info/?pid=724&r=2014/03/11&hid=11374417485647289891&lg=EN&cc=BR&l=1&q=");
Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("browser.startup.homepage", "hxxp://websearch.searchsun.info/?pid=724&r=2014/03/11&hid=11374417485647289891&lg=EN&cc=BR");
Line Found : user_pref("extensions.25vaIh.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumo[...]
Line Found : user_pref("extensions.7Go.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorob[...]
Line Found : user_pref("extensions.QLa9Cs1.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sum[...]
Line Found : user_pref("extensions.v2R6YmO5PnNN.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf([...]
Line Found : user_pref("keyword.URL", "hxxp://websearch.searchsun.info/?pid=724&r=2014/03/11&hid=11374417485647289891&lg=EN&cc=BR&l=1&q=");

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : keyword

*************************

AdwCleaner[R0].txt - [9055 octets] - [21/11/2013 16:26:15]
AdwCleaner[R1].txt - [8679 octets] - [14/03/2014 11:24:52]
AdwCleaner[s0].txt - [9028 octets] - [21/11/2013 16:27:07]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [8799 octets] ##########

 

Abr,

LFABER.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! LFABER

 

|- O relatório de AdwCleaner está incorreto. ( # Option : Scan )

|- Rode-o na opção Delete.

 

-/-

 

|- Baixe: < ZHPDiag2.exe > < NicolasCoolman.jpg > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

ZHPDiag_Pergaminho2_zps6e758639.jpg

|- Execute o ícone do pergaminho. ( ZHPDiag )

ZHPDiag_Pesquisar_zps3acb0f25.jpg

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

zhpdia11.png

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < Cjoint_Logo.jpg >

|- Maiores informações: < |Link| >

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

LFABER    0

LFABER
Postado

Relatório Delete :

 

 

# AdwCleaner v3.022 - Report created 20/03/2014 at 20:25:38
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Leila - LEILA-PC
# Running from : C:\Users\Leila\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\webSaVE
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\SSearccH-NEwTab
Folder Deleted : C:\Program Files (x86)\webSaVE
Folder Deleted : C:\Program Files (x86)\YoutubeAdblocker
Folder Deleted : C:\Program Files (x86)\SSearccH-NEwTab
Folder Deleted : C:\Users\Leila\AppData\Local\torch
Folder Deleted : C:\Users\Leila\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\chuo5oi8@ykv-.org
Folder Deleted : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\donottrackplus@abine.com
Folder Deleted : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\eaeiztlpqw@ujl-.net
Folder Deleted : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\lxczk@bksw-.com
Folder Deleted : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\xqyha@czgouu.edu
Folder Deleted : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Deleted : C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
File Deleted : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\searchplugins\WebSearch.xml
File Deleted : C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchsun.info/?pid=724&r=2014/03/11&hid=11374417485647289891&lg=EN&cc=BR&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.searchsun.info/?pid=724&r=2014/03/11&hid=11374417485647289891&lg=EN&cc=BR");
Line Deleted : user_pref("extensions.25vaIh.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumo[...]
Line Deleted : user_pref("extensions.7Go.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorob[...]
Line Deleted : user_pref("extensions.QLa9Cs1.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sum[...]
Line Deleted : user_pref("extensions.v2R6YmO5PnNN.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf([...]
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchsun.info/?pid=724&r=2014/03/11&hid=11374417485647289891&lg=EN&cc=BR&l=1&q=");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [9055 octets] - [21/11/2013 16:26:15]
AdwCleaner[R1].txt - [8907 octets] - [14/03/2014 11:24:52]
AdwCleaner[R2].txt - [8965 octets] - [20/03/2014 20:24:03]
AdwCleaner[s0].txt - [9028 octets] - [21/11/2013 16:27:07]
AdwCleaner[s1].txt - [6861 octets] - [20/03/2014 20:25:38]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [6921 octets] ##########

Compartilhar este post

Link para o post
Compartilhar em outros sites

LFABER    0

LFABER
Postado

Aqui está!

 

 

~ Report of ZHPDiag v2014.3.22.25 - Nicolas Coolman (22/03/2014)
~ Launched by Leila (22/03/2014 21:55:43)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome v33.0.1750.154

---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows® 7, OEM_COA_SLP channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Windows Defender W7

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3999 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 171 GB (75%) free of 226 GB

---\\ Connection to the system mode
~ Computer Name: LEILA-PC
~ User Name: Leila
~ All Users Names: Leila, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Leila\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Leila\AppData\Roaming\
~ %Desktop% : C:\Users\Leila\Desktop\
~ %Favorites% : C:\Users\Leila\Favorites\
~ %LocalAppData% : C:\Users\Leila\AppData\Local\
~ %StartMenu% : C:\Users\Leila\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 171 Go of 226 Go)
D: Hard drive, Flash drive, Thumb drive (Free 207 Go of 239 Go)
E: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions for Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 3/2973
~ Mes musiques (My Musics) : 4/244
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/156
~ Mes Documents (My Documents) : 3/271
~ Mon Bureau (My Desktop) : 1/87
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 00s



---\\ Process running
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.3256]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3464]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5036]
[MD5.7D25BE752946B2307CDFCA22D6CEADBB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8256000] [PID.1532]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1860]
[MD5.BE531939BB6D153DB63DBBFBD398A713] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584] [PID.1968]
[MD5.33E9F08F675EF94633C8EF8A7C4EADF3] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608] [PID.1088]
[MD5.47269F0DE1E5089C6F23BC1EC48CFC31] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1428]
[MD5.E127420B7FEB65C7F279EAAC183BBC0E] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [138760] [PID.2056]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.5712]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [user Data\Default] http://www.google.com
G2 - GCE: Preference [user Data\Default] [bnndldcmakhohpjmmdmfpobkfjmmegkg] SSearccH-NEwTab v.2.1 (Activé) =>Adware.FastSaveApp
G2 - GCE: Preference [user Data\Default] [epojjbofkhffmihobdncmbhdocjljhpi] Best Flash Save v.202 (Activé)
G2 - GCE: Preference [user Data\Default] [hcbfcombiokajjgllhdcbpcdolapkgpd] NextCoup v.1.0 (Activé) =>PUP.NetCoupon
G2 - GCE: Preference [user Data\Default] [igdhbblpcellaljokkpfhcjlagemhgjl] Iminent v.8.7.3.1, (Activé) =>Adware.IMBooster
G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [user Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [user Data\Default] [pacpcodpockdfjokhacbfljijbmlclmf] webbSSave v.3.7 (Activé) =>PUP.Websave

---\\ Google Chrome Extension Folder

~ Google Lines Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Leila\AppData\Roaming\Mozilla\Firefox\Profiles\mgfcnw26.default-1371434733694\prefs.js
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Browser Helper Objects (O2)
O2 - BHO: IEHelper Class [64Bits] - {C6EA5A8D-8B01-4498-8B9A-B40AA281035F} . (.Retsina Software Solutions - PopKiller Module.) -- C:\Program Files (x86)\Retsina Software\IEJet\popkiller.dll
O2 - BHO: NextCoup [64Bits] - {CE3E4642-8D4C-7EF1-7E7F-463A2A2F77CC} . (...) -- C:\Program Files (x86)\NextCoup\ALE4.dll =>PUP.NetCoupon
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{30CEEEA2-3742-40E4-85DD-812BF1CBB83D} Orphan key
~ Toolbar: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: LightScribe.lnk . (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe
O4 - GS\Desktop [Public]: MetaTrader 4 at FOREX.com.lnk . (.MetaQuotes Software Corp. - MetaTrader.) -- C:\Program Files\terminal.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: PC Blindado Security 2013.lnk . (...) -- C:\Program Files (x86)\PCBlindado Antivirus\PC Blindado Security 2013\seccenter.exe (.not file.)
O4 - GS\Desktop [Public]: PCBlindado Antivirus Safepay.lnk . (...) -- C:\Program Files (x86)\PCBlindado Antivirus\PC Blindado Security 2013\antispam32\obk.exe (.not file.)
O4 - GS\QuickLaunch [Leila]: Apostila Escriturário BB.lnk . (...) -- C:\Program Files (x86)\Apostila Escriturário - Banco do Brasil\eBook.exe
O4 - GS\QuickLaunch [Leila]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Leila]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Leila]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Leila]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Leila]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Leila]: magicJack.lnk . (.magicJack L.P. - magicJack Loader Component.) -- C:\Users\Leila\AppData\Roaming\mjusbsp\magicJackLoader.exe
O4 - GS\SystemTools [Leila]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Leila]: Apostila Escriturário BB.lnk . (...) -- C:\Program Files (x86)\Apostila Escriturário - Banco do Brasil\eBook.exe
O4 - GS\Desktop [Leila]: Concursos Abertos (notícias).lnk . (...) -- C:\Program Files (x86)\Apostila Escriturário - Banco do Brasil\Concursos Abertos (notícias).html
O4 - GS\Desktop [Leila]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Leila]: magicJack.lnk . (.magicJack L.P. - magicJack Loader Component.) -- C:\Users\Leila\AppData\Roaming\mjusbsp\magicJackLoader.exe
~ Global Startup: 67 Legitimates Filtered in 00mn 07s



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Leila]: Recorte de tela e Iniciador do OneNote 2007.lnk . (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [sysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [bdagent] . (.PCBlindado Antivirus - PCBlindado Antivirus Agent.) -- C:\Program Files\PCBlindado Antivirus\PC Blindado Security 2013\bdagent.exe
O4 - HKCU\..\Run: [cdloader] . (.magicJack L.P. - magicJack (cdloader2).) -- C:\Users\Leila\AppData\Roaming\mjusbsp\cdloader2.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Leila\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-855506272-3775289842-286538128-1000\..\Run: [cdloader] . (.magicJack L.P. - magicJack (cdloader2).) -- C:\Users\Leila\AppData\Roaming\mjusbsp\cdloader2.exe
O4 - HKUS\S-1-5-21-855506272-3775289842-286538128-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Leila\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: NameServer = 200.225.197.37,200.225.197.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{D152D76F-2308-440B-B198-4E8DD73FE0AE}: NameServer = 200.225.197.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: NameServer = 200.225.197.37,200.225.197.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{D152D76F-2308-440B-B198-4E8DD73FE0AE}: NameServer = 200.225.197.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: NameServer = 200.225.197.37,200.225.197.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{D152D76F-2308-440B-B198-4E8DD73FE0AE}: NameServer = 200.225.197.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{ACAB1337-2CDA-4F6A-965D-3942DF715EDD}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: PCBlindado Antivirus Desktop Update Service (UPDATESRV) . (.PCBlindado Antivirus - PCBlindado Antivirus Update Service.) - C:\Program Files\PCBlindado Antivirus\PC Blindado Security 2013\updatesrv.exe
~ Services: 11 Legitimates Filtered in 00mn 12s



---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-855506272-3775289842-286538128-1000.job [562]
[MD5.DEA3132C462938CADDC91D1FC5857B30] [APT] [bho_update] (...) -- C:\Program Files (x86)\Internet Explorer\Updater.exe [9216]
[MD5.4BC02BD73338C3A26265F5C64DBEC770] [APT] [{11E1CF0E-2647-4E16-8CD5-711962DE0A56}] (...) -- C:\Windows\SysWOW64\BDEADMIN.cpl [183808]
[MD5.00000000000000000000000000000000] [APT] [{AC95569A-9DB5-49C6-B27F-CBEDA0A59188}] (...) -- C:\Program Files (x86)\ZebHelpProcess\ZHPHep.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F1306CF4-D760-4AFF-B042-5EAF7DB86578}] (...) -- E:\Setup.exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 07s



---\\ Software installed (O42)
O42 - Logiciel: Apostila Escriturário - Banco do Brasil versão 1.0 - (.Apostila para o Concurso.) [HKLM][64Bits] -- {09C34F67-4C9D-44E6-ACCD-782C012ED46B}_is1
O42 - Logiciel: IEJet-Popup Killer & Ad Stopper (remove only) - (...) [HKLM][64Bits] -- Retsina IEJet
O42 - Logiciel: NextCoup - (.NextCOup.) [HKLM][64Bits] -- {3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3} =>PUP.NetCoupon
O42 - Logiciel: PC Blindado Security 2013 - (.PCBlindado Antivirus.) [HKLM][64Bits] -- PCBlindado Antivirus
~ Logic: 27 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
~ Key Software: 198 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 08/05/2013 - 10:16:36 - [2,061] ----D C:\Program Files (x86)\Apostila Escriturário - Banco do Brasil
O43 - CFD: 08/05/2013 - 10:16:01 - [0] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/03/2014 - 10:28:55 - [0,862] ----D C:\Program Files (x86)\NextCoup =>PUP.NetCoupon
O43 - CFD: 11/03/2014 - 10:28:56 - [0,118] ----D C:\ProgramData\b72fc98bb18f05f0
O43 - CFD: 08/05/2013 - 10:16:39 - [15,548] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 11/03/2014 - 10:22:31 - [0] ----D C:\ProgramData\HostIt
O43 - CFD: 11/03/2014 - 10:22:30 - [2,243] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 11/03/2014 - 10:28:56 - [0,446] ----D C:\ProgramData\NextCoup =>PUP.NetCoupon
O43 - CFD: 08/05/2013 - 10:14:46 - [0,523] ----D C:\Users\Leila\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 05/10/2013 - 18:57:51 - [0] ----D C:\Users\Leila\AppData\Roaming\IE Addon
O43 - CFD: 20/11/2013 - 21:25:01 - [0] ----D C:\Users\Leila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IEJet
~ Program Folder: 146 Legitimates Filtered in 00mn 01s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.9C64CBA1A697CD99AEDFE9EB7661E5C6] - 19/03/2014 - 22:16:39 --HA- . (...) -- C:\bdr-im01.gz [38038889]
O44 - LFC:[MD5.CDD862092CDA309A99D3B04C0A9FF563] - 19/03/2014 - 22:16:40 --HA- . (...) -- C:\bdr-bz01 [2510608]
O44 - LFC:[MD5.C0197E397B4C40BE2C02605C0FB1A9CE] - 19/03/2014 - 22:18:03 --HA- . (...) -- C:\bdr-cf01 [750]
O44 - LFC:[MD5.8E83A0EAB3AD8599EA4CC21F18564B2D] - 19/03/2014 - 22:18:03 --HA- . (...) -- C:\bdr-ld01 [253404]
O44 - LFC:[MD5.0F6AA65A6E1037C915DD38A8109ACAFE] - 19/03/2014 - 22:18:03 --HA- . (...) -- C:\bdr-ld01.mbr [9216]
O44 - LFC:[MD5.4E8F2BB3A5A87E75C35533723B50E685] - 20/03/2014 - 06:13:56 ---A- . (...) -- C:\Windows\System32\user_gensett.xml [385]
O44 - LFC:[MD5.DFEEC2A304F1CA5C69A84033902B7BDE] - 21/03/2014 - 21:13:56 ---A- . (...) -- C:\bdlog.txt [5387]
~ Files: 51 Legitimates Filtered in 02mn 09s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 28/06/2013 - 10:34:50 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] - 28/06/2013 - 10:34:50 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] - 28/06/2013 - 10:34:50 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.524C79054636D2E5751169005006460B] - 29/06/2009 - 09:17:00 ---A- . (.ENE TECHNOLOGY INC. - ENE CIR Driver for eHome(64).) -- C:\Windows\System32\Drivers\enecir.sys [70656]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.DFFBC024DFC7BB05B2129E05CBC7A201] - 23/03/2010 - 14:53:06 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [505344]
~ Drivers: 18 Legitimates Filtered in 01mn 17s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.CB1CBAC1F37193570E2F82AA8B1AEFCC] [sPRF][19/03/2014] (...) -- C:\ProgramData\1395278061.bdinstall.bin [423709]
[MD5.A01A39A654CB7275A5ED8D31D2BB985F] [sPRF][22/03/2014] (...) -- C:\ProgramData\1395535880.bdinstall.bin [84690]
[MD5.FEE1D58C6AD73F25EB0DAD4F690560AD] [sPRF][30/12/2012] (.Facebook Inc. - Setup.) -- C:\Users\Leila\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe [501248]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.E2B7BDA14469B03BBE35FF73D44C1BF3] [WIS][18/03/2014] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\15c839.msi [25001984]
~ WIS: 76 Legitimates Filtered in 01mn 19s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 25/02/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Auto 01/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 19/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 16/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
SR - | Auto 13/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 22/02/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 10/08/2011 138760 | (NSL) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
SR - | Auto 23/03/2010 247808 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
SR - | Auto 21/03/2013 68848 | (UPDATESRV) . (.PCBlindado Antivirus.) - C:\Program Files\PCBlindado Antivirus\PC Blindado Security 2013\updatesrv.exe
SR - | Auto 12/07/2009 1924400 | (vcsFPService) . (.Validity Sensors, Inc..) - C:\Windows\system32\vcsFPService.exe
SR - | Auto 21/03/2013 1645248 | (VSSERV) . (.PCBlindado Antivirus.) - C:\Program Files\PCBlindado Antivirus\PC Blindado Security 2013\vsserv.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 01mn 24s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (22/03/2014)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 1

[HKLM\Software\Google\Chrome\Extensions\bnndldcmakhohpjmmdmfpobkfjmmegkg] =>Adware.FastSaveApp^
[HKLM\Software\Google\Chrome\Extensions\hcbfcombiokajjgllhdcbpcdolapkgpd] =>PUP.NetCoupon^
[HKLM\Software\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl] =>Adware.IMBooster^
[HKLM\Software\Google\Chrome\Extensions\pacpcodpockdfjokhacbfljijbmlclmf] =>PUP.Websave^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE3E4642-8D4C-7EF1-7E7F-463A2A2F77CC}] =>PUP.NetCoupon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}] =>PUP.NetCoupon^
[HKLM\Software\Classes\AppID\ieaddon.dll] =>Trojan.FakeAlert
C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnndldcmakhohpjmmdmfpobkfjmmegkg =>Adware.FastSaveApp^
C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcbfcombiokajjgllhdcbpcdolapkgpd =>PUP.NetCoupon^
C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl =>Adware.IMBooster^
C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacpcodpockdfjokhacbfljijbmlclmf =>PUP.Websave^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\NextCoup =>PUP.NetCoupon^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\NextCoup =>PUP.NetCoupon^
C:\Users\Leila\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
~ Additionnel Scan: 211150 Items scanned in 00mn 37s



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/26801402-adware-fastsaveapp =>Adware.FastSaveApp
~ http://nicolascoolman.webs.com/apps/blog/show/40325014-pup-netcoupon =>PUP.NetCoupon
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/41475428-pup-websave =>PUP.WebSave
~ http://nicolascoolman.webs.com/apps/blog/show/28158343-adware-bdsearch =>Adware.BDSearch
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ MSI: 6 link(s) detected in 00mn 37s



~ 1017 Legitimates filtered by white list
End of the scan (450 lines in 06mn 45s)(0)

Muito grata, abr,

LFABER!!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Boa Tarde! LFABER


|- Execute este script na ferramenta ZHPFix.

|- Copie estas informações que estão em vermelho,para o Bloco de Notas.

|- Com o Bloco de Notas aberto,faça: ctrl+a (Selecionar) >> ctrl+c (Copiar)

|- À seguir,minimize o Bloco de Notas.


script zhpfix

[HKLM\Software\Google\Chrome\Extensions\bnndldcmakhohpjmmdmfpobkfjmmegkg] =>Adware.FastSaveApp^

[HKLM\Software\Google\Chrome\Extensions\hcbfcombiokajjgllhdcbpcdolapkgpd] =>PUP.NetCoupon^

[HKLM\Software\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl] =>Adware.IMBooster^

[HKLM\Software\Google\Chrome\Extensions\pacpcodpockdfjokhacbfljijbmlclmf] =>PUP.Websave^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE3E4642-8D4C-7EF1-7E7F-463A2A2F77CC}] =>PUP.NetCoupon^

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}] =>PUP.NetCoupon^

[HKLM\Software\Classes\AppID\ieaddon.dll] =>Trojan.FakeAlert

[HKCU\Software\Baidu Security] =>Adware.BDSearch^

C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnndldcmakhohpjmmdmfpobkfjmmegkg =>Adware.FastSaveApp^

C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcbfcombiokajjgllhdcbpcdolapkgpd =>PUP.NetCoupon^

C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl =>Adware.IMBooster^

C:\Users\Leila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacpcodpockdfjokhacbfljijbmlclmf =>PUP.Websave^

C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^

C:\Program Files (x86)\NextCoup =>PUP.NetCoupon^

C:\ProgramData\Baidu Security =>Adware.BDSearch^

C:\ProgramData\InstallMate =>PUP.Tarma^

C:\ProgramData\NextCoup =>PUP.NetCoupon^

C:\Users\Leila\AppData\Roaming\Baidu Security =>Adware.BDSearch^

emptytemp

firewallraz

emptyclsid


|- Abra a ferramenta ZHPFix. < ZHPFix_logo2_zpsea0f2aa4.jpg >

|- Clique IMPORTAÇÃO >> OK.

|- Clique "GO".

|- Poste o relatório!


Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

LFABER    0

LFABER
Postado

OUI MOUNSIEUR DIGRAM, CES'T LE RAPPORTE DE ZHPFIX;

 

Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by Leila at 25/03/2014 22:31:59
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (00mn 37s)

========== Registry keys ==========
REMOVES:* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE3E4642-8D4C-7EF1-7E7F-463A2A2F77CC}
REMOVES: HKLM\Software\Classes\AppID\ieaddon.dll
REMOVES: HKCU\Software\Baidu Security

========== Registry values ==========
ABSENT value Standard Profile: FirewallRaz :
ABSENT value Domain Profile: FirewallRaz :

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
Deletes temporary Windows (44) (10.812.835 octets)


========== Summary ==========
3 : Registry keys
2 : Registry values
1 : Folders
1 : Files


End of clean in 00mn 46s

========== Path to file report ==========
C:\Users\Leila\AppData\Roaming\ZHP\ZHPFix[R1].txt - 25/03/2014 22:32:36 [988]

 

SALUT!

LFABER.

Compartilhar este post

Link para o post
Compartilhar em outros sites

LFABER    0

LFABER
Postado

Aqui está Dig Ram;

 

Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014

Fichier d'export Registre :

Run by Leila at 25/03/2014 22:31:59

High Elevated Privileges : OK

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

 

Recycle Bin emptied (00mn 37s)

 

========== Registry keys ==========

REMOVES:* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE3E4642-8D4C-7EF1-7E7F-463A2A2F77CC}

REMOVES: HKLM\Software\Classes\AppID\ieaddon.dll

REMOVES: HKCU\Software\Baidu Security

 

========== Registry values ==========

ABSENT value Standard Profile: FirewallRaz :

ABSENT value Domain Profile: FirewallRaz :

 

========== Folders ==========

No folders empty CLSID Local user

 

========== Files ==========

Deletes temporary Windows (44) (10.812.835 octets)

 

 

========== Summary ==========

3 : Registry keys

2 : Registry values

1 : Folders

1 : Files

 

 

End of clean in 00mn 46s

 

========== Path to file report ==========

C:\Users\Leila\AppData\Roaming\ZHP\ZHPFix[R1].txt - 25/03/2014 22:32:36 [988]

 

Muito grata,

LFABER.

 

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito