[Arquivado] Será que é vírus?

Power Max · Junho 16, 2014

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.

_______________________________________________________________________

:seta: Acesse o site https://www.virustotal.com e envie estes arquivos destacados em negrito abaixo para serem analisados:

C:\Program Files (x86)\Central de Jogos\Central.exe

C:\Windows\wpd99.drv

Assim que a análise de cada um deles for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste estes links em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

Analise arquivos e links suspeitos de forma online e totalmente gratuita

______________________________________________________________

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

:veja: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com os links das análises dos arquivos no site Virus Total.

moicanofacul · Junho 16, 2014

Central já tinha sido analisado antes:
https://www.virustotal.com/pt/file/0e875b393f62f5912887a74a45793dbc476e82073e4dcdb7f6c8e1439a8385b8/analysis/

wpd99:
https://www.virustotal.com/pt/file/5a8368a73715db122d76f8ba691e57a0fb264aa12a2a158db976a99d7c51532b/analysis/1402947617/

ZHPFIX:

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Pierre Cardoso at 16/06/2014 16:46:02
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLord_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLord_RASMANCS

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: user_pref("weboftrust.search.ask.display", "Ask.com Web Search");

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\tasks\pcdrscheduledmaintenance
ELIMINÉ Temporários windows (3) (56.188 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
2 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Preferências do navegador
1 : Restauração Sistema

End of clean in 00mn 37s

========== Caminho do ficheiro do relatório ==========
C:\Users\Pierre Cardoso\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/06/2014 16:46:07 [1498]

Power Max · Junho 16, 2014

Reinicie o PC para completar a limpeza.

Depois de reiniciar abra novamente o ( ZHPDiag )

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

moicanofacul · Junho 16, 2014

~ Relatório do ZHPDiag v2014.6.16.92 - Nicolas Coolman (16/06/2014)
~ Iniciado por Pierre Cardoso (16/06/2014 17:43:56)
~ Endereço do Website : http://www.paologios.com]
[HKCU\Software\SERPRO]
[HKCU\Software\VCM]
[HKCU\Software\nester]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Full Tilt Poker]
[HKLM\Software\Wow6432Node\SIC]
~ Key Software: 409 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/07/2010 - 23:13:17 - [] ----D C:\Program Files (x86)\Central de Jogos
O43 - CFD: 15/11/2010 - 22:16:00 - [] ----D C:\Program Files (x86)\Formats
O43 - CFD: 19/04/2014 - 13:12:19 - [] ----D C:\Program Files (x86)\Full Tilt Poker
O43 - CFD: 21/08/2012 - 20:32:56 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 14/03/2014 - 20:28:54 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 27/01/2014 - 22:06:48 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 09/07/2010 - 10:54:12 - [] ----D C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 - CFD: 05/01/2010 - 15:50:23 - [] --H-D C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}
O43 - CFD: 14/02/2013 - 20:18:08 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\cef-cache
O43 - CFD: 11/08/2012 - 22:28:28 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Party
O43 - CFD: 22/03/2011 - 14:02:30 - [] ----D C:\Users\Pierre Cardoso\AppData\Local\CPN
O43 - CFD: 19/04/2014 - 13:12:16 - [] ----D C:\Users\Pierre Cardoso\AppData\Local\FullTiltPoker
O43 - CFD: 14/04/2011 - 14:29:32 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 29/04/2013 - 22:59:37 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 14/03/2014 - 20:28:24 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 260 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 14/06/2014 - 09:40:21 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.0C6AAF4486F82C18C40BB5C1764A36F0] - 16/06/2014 - 15:51:03 ----- . (...) -- C:\bootsqm.dat [3288]
O44 - LFC:[MD5.F182F2A8B007FD133FF64745F182E18A] - 16/06/2014 - 16:13:40 ---A- . (...) -- C:\Windows\wpd99.drv [60]
~ Files: 51 Legitimates Filtered in 00mn 36s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:29/05/2012 - 14:53:30 ---A- . (.Windows ® Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/04/2012 - 22:09:43 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:09/10/2012 - 08:29:58 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [46440]
O58 - SDL:08/04/2014 - 18:22:39 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 64 Legitimates Filtered in 00mn 01s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0CFC0FF2-7D28-4419-B506-086356381DDA} - (Americanas.com.br) - http://www.americanas.com
O69 - SBI: SearchScopes [HKCU] {0D763647-EF4D-4055-AA9E-5AA247285547} - (Saraiva.com) - http://www.livrariasaraiva.com
O69 - SBI: SearchScopes [HKCU] {5D3373DE-E345-414F-9E6C-5EA687463EA2} - (Submarino.com) - http://www.submarino.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9AFB250B-3A9F-4BE3-BA52-E5235AC5E952} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {E354496C-DDB9-47A7-A193-3ED9DEE8EA88} - (Bondfaro) - http://www.bondfaro.com
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D96EC2DE0DF19F3323E0CECFB49FCAFF] [sPRF][09/12/2013] (...) -- C:\Users\Pierre Cardoso\AppData\Roaming\unins000.dat [33278]
[MD5.C11706D2FD4AFCB8B0D6DAA0EF55D2C8] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\Rar.exe [403968]
[MD5.8C458DC9E7DC6EC0DC5F24C999AFA4C7] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\RarExt64.dll [193536]
[MD5.AD08FE53A5E484EA568D60544EF3F05C] [sPRF][25/04/2012] (...) -- C:\Program Files (x86)\rarnew.dat [20]
[MD5.8C95C6D737C450F0B847C22B9BA88766] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\UnRAR.exe [266240]
[MD5.BD3165A325F222F642F743B6CF2937ED] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\WinRAR.exe [1150464]
[MD5.76CDB2BAD9582D23C1F6F4D868218D6C] [sPRF][25/04/2012] (...) -- C:\Program Files (x86)\zipnew.dat [22]
~ Files: 12 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{A1092867-F199-4D94-A2A5-3CDF72CE0F5A}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{2D5B64E1-7283-4B78-ACB9-A7604D60BF6B}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
~ BTK: 611 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 22/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 10/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 15/03/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Demand 04/01/2012 718888 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 30/08/2011 140672 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE64.exe
SR - | Auto 08/09/2009 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 04/06/2014 430160 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 04/06/2014 430160 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 02/10/2009 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 20/08/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 15/03/2013 877856 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 14/03/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 05s

---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:13/04/2012 - 22:09:43 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
~ Emulateurs: Scanned in 00mn 05s

---\\ Scâner Aditional (088)
Database Version : 13026 - (16/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 396117 Items scanned in 00mn 44s

---\\ Informações complémentaires do módulos
~ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/%C2'> =>.Browser Helper Objects do navegador (02)
~ AMI: 3 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s

~ 1005 Legitimates filtered by white list
End of the scan (471 lines in 02mn 04s)(0)

Power Max · Junho 16, 2014

Faltou você seguir aquele tutorial que te passei para escolher os programas que iniciam com o PC, ainda há vários iniciando sem necessidade. Fora isto, o log está limpo.

Como está o PC?

moicanofacul · Junho 17, 2014

Os programas que se iniciam ou são importante (skydrive, coisa da placa de vídeo) ou eu não sei do que se trata.

Devo desativar todos e deixar apenas o que for de defesa?

O aviso do Avira de bloqueio de Host continua. Notei que fica aparecendo enquanto navego no facebook.

Power Max · Junho 17, 2014

:seta: Todos estes abaixo você pode desativar seguindo aquele tutorial que te passei:

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
______________________________________________________________

:seta: Faça também um update na base de dados do Malwarebytes que você já tem instalado em seu PC, faça uma verificação completa com ele, remova todos os problemas que ele encontrar e poste o relatório dele em sua próxima resposta.

moicanofacul · Junho 17, 2014

Feito o CCleaner

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versão da Base de Dados: v2014.06.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17126
Pierre Cardoso :: PIERRECARDOSO [administrador]

17/06/2014 00:19:04
mbam-log-2014-06-17 (00-19-04).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 555671
Tempo decorrido: 1 hora(s), 51 minuto(s), 15 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 1
C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\rld.dll (VirTool.Obfuscator) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Power Max · Junho 17, 2014

Como está o PC?

moicanofacul · Junho 17, 2014

Acabei de abrir o Mozzila Firefox e botei pra rodar em duas abas: Facebook e iMasters.

Surgiu a notificação de bloqueio host do Avira.

O que é essa notificação?

Power Max · Junho 17, 2014

Até pouco tempo atrás eu usava e indicava o Avira. Mas depois ele começou a apresentar alguns problemas em sua proteção em tempo real que não mais funcionava muito bem e troquei ele pelo Bitdefender que tem se mostrado excelente.

Se você quiser experimentá-lo creio que vai gostar muito também. E o Bitdefender nos últimos testes está sempre nos primeiros lugares.

Para instalar e usar corretamente o Bitdefender é só seguir as dicas deste tutorial:

Mantenha seu PC protegido com a versão gratuita do antivirus Bitdefender

http://www.caixadedicas.com/2014/06/tutorial-do-antivirus-bitdefender-free.html

moicanofacul · Junho 17, 2014

Farei a troca então. Obrigado!

Power Max · Junho 17, 2014

Ok, depois que você fizer a troca faça por gentileza uma verificação completa com o Bitdefender e nos diga como está o PC depois disto.

moicanofacul · Junho 17, 2014

Não consigo. No meio do processo de verificação sempre dá o mesmo erro, porém alterando a numeração, e em seguida fecha o programa ao clicar em 'ok'.

Power Max · Junho 17, 2014

Você executou o instalador dele como administrador? Caso não tenha feito assim, clique com o botão direito do mouse sobre o instalador dele e escolha a opção de Executar como administrador.

Se mesmo assim não resolver, faça o seguinte:

Baixe: < Shortcut_Module > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download:

Execute-o da forma indicada nesta postagem:

Desinfecte atalhos infectados e exclua adwares com a ferramenta Shortcut_Module

Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Shortcut_Module_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).

moicanofacul · Junho 17, 2014

¤¤¤¤¤¤¤¤¤¤ | Shortcut_Module | g3n-h@ckm@n | 17.06.2014.2

¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 19:10:10 - 17/06/2014

Atualizado : 17/06/2014 | 10.00 Por g3n-h@ckm@n

Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html

Boot: Normal boot

Sistema : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1

Memória RAM = Total (MB) : 4054 | Livre (MB) : 2806
Pagefile = Total (MB) : 8106 | Livre (MB) : 6755
Virtual = Total (MB) : 4194 | Livre (MB) : 4031

Registro protegido, restabelecer : C:\Shortcut_Module\Save\Clean\ERDNT.exe

¤¤¤¤¤¤¤¤¤¤ | Windows atualizado

Nenhuma atualização descoberta !!!

¤¤¤¤¤¤¤¤¤¤ | Navegadores

FF : 11.0.9600.17126 (© Microsoft Corporation. Todos os direitos reservados.)
IE : 29.0.1.5239 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
IE : 35.0.1916.153 (Copyright 2012 Google Inc. All rights reserved.)

¤¤¤¤¤¤¤¤¤¤ | Security

AV :
AS : Windows Defender Enabled
FW :
WMI : /!\
WU: Windows Update Service [Auto(2)] = Começado
AS: Windows Defender [Auto(2)] = Começado
FW: Windows FireWall Service [Auto(2)] = Começado

Colocação apagada em um modo auxiliar !

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

FlashPlayer ActiveX : 13.0.0.214
FlashPlayer Plugin : 13.0.0.214

¤¤¤¤¤¤¤¤¤¤ | Processos mortos

844 | [Owner : SISTEMA |Parent : 632] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 314.22.) - (8.17.13.1422) = C:\Windows\System32\nvvsvc.exe
884 | [Owner : SISTEMA |Parent : 632] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.1422) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
912 | [Owner : SISTEMA |Parent : 632] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (3.1.6.3) = C:\PROGRA~2\GbPlugin\gbpsv.exe
124 | [Owner : SISTEMA |Parent : 632] - (.AMD - AMD External Events Service Module.) - (6.14.11.1040) = C:\Windows\System32\atiesrxx.exe
1456 | [Owner : SISTEMA |Parent : 632] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1552 | [Owner : SISTEMA |Parent : 124] - (.AMD - AMD External Events Client Module.) - (6.14.11.1040) = C:\Windows\System32\atieclxx.exe
1616 | [Owner : SISTEMA |Parent : 844] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.1422) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1624 | [Owner : SISTEMA |Parent : 844] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 314.22.) - (8.17.13.1422) = C:\Windows\System32\nvvsvc.exe
1804 | [Owner : SISTEMA |Parent : 632] - (.SUPERAntiSpyware.com - Core Service.) - (1.0.0.1066) = C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
1852 | [Owner : SISTEMA |Parent : 632] - (.Hewlett-Packard Company - LightScribe Service.) - (1.18.8.1) = C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1908 | [Owner : SISTEMA |Parent : 632] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
1936 | [Owner : SISTEMA |Parent : 632] - (.Microsoft Corporation - Microsoft SeaPort Search Enhancement Broker.) - (3.0.133.0) = C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1692 | [Owner : SISTEMA |Parent : 632] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1316 | [Owner : SISTEMA |Parent : 632] - (.Intel Corporation - IAStorDataSvc.) - (9.5.0.1037) = C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
2076 | [Owner : Pierre Cardoso |Parent : 632] - (.Microsoft Corporation - Processo de Host para Tarefas do Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
2180 | [Owner : Pierre Cardoso |Parent : 1032] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
2232 | [Owner : Pierre Cardoso |Parent : 2136] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
2992 | [Owner : SERVIÇO LOCAL |Parent : 752] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe
1688 | [Owner : Pierre Cardoso |Parent : 2232] - (. - SmartMenu.) - (3.1.0.1) = C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
1900 | [Owner : Pierre Cardoso |Parent : 2232] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.0.4041.512) = C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
2740 | [Owner : Pierre Cardoso |Parent : 2232] - (.DesktopCal, Inc. - desktopcal Module.) - (1.1.3.1951) = C:\Program Files (x86)\DesktopCal\desktopcal.exe
1780 | [Owner : Pierre Cardoso |Parent : 2892] - (.Hewlett-Packard - hpsysdrv.) - (2.10.0.0) = C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
2868 | [Owner : Pierre Cardoso |Parent : 2892] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
2884 | [Owner : Pierre Cardoso |Parent : 1616] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.1422) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2904 | [Owner : SISTEMA |Parent : 632] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
3148 | [Owner : SERVIÇO DE REDE |Parent : 632] - (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
3504 | [Owner : Pierre Cardoso |Parent : 2180] - (.CyberLink - CyberLink MediaLibray Service.) - (4.3.3318.0) = C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
1284 | [Owner : SISTEMA |Parent : 632] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (7.2.45.3) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
3908 | [Owner : SISTEMA |Parent : 1032] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
2732 | [Owner : Pierre Cardoso |Parent : 768] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe

¤¤¤¤¤¤¤¤¤¤ | Processos começados

332 | [Owner : SISTEMA |Parent : 4] - (.Microsoft Corporation - Gerenciador de Sessão do Windows.) - (6.1.7601.18229) = C:\Windows\System32\smss.exe
488 | [Owner : SISTEMA |Parent : 480] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
556 | [Owner : SISTEMA |Parent : 480] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe
580 | [Owner : SISTEMA |Parent : 568] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
632 | [Owner : SISTEMA |Parent : 556] - (.Microsoft Corporation - Aplicativo de serviços e controle.) - (6.1.7600.16385) = C:\Windows\System32\services.exe
640 | [Owner : SISTEMA |Parent : 556] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18443) = C:\Windows\System32\lsass.exe
652 | [Owner : SISTEMA |Parent : 556] - (.Microsoft Corporation - Serviço do Gerenciador de Sessão Local.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe
768 | [Owner : SISTEMA |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
828 | [Owner : SISTEMA |Parent : 568] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) - (6.1.7601.18409) = C:\Windows\System32\winlogon.exe
976 | [Owner : SERVIÇO DE REDE |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
516 | [Owner : SERVIÇO LOCAL |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
752 | [Owner : SISTEMA |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
568 | [Owner : SERVIÇO LOCAL |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1032 | [Owner : SISTEMA |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1252 | [Owner : SISTEMA |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1340 | [Owner : SERVIÇO DE REDE |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1484 | [Owner : SERVIÇO LOCAL |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
2024 | [Owner : SERVIÇO LOCAL |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
2044 | [Owner : SISTEMA |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
2144 | [Owner : Pierre Cardoso |Parent : 752] - (.Microsoft Corporation - Gerenciador de Janelas da Área de Trabalho.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe
2944 | [Owner : SERVIÇO DE REDE |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
3356 | [Owner : SERVIÇO LOCAL |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
3476 | [Owner : SERVIÇO LOCAL |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1528 | [Owner : SISTEMA |Parent : 632] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
744 | [Owner : SERVIÇO LOCAL |Parent : 516] - (.Microsoft Corporation - Isolamento de Gráfico de Dispositivo de Áudio do Windows .) - (6.1.7601.17514) = C:\Windows\System32\audiodg.exe
1796 | [Owner : Pierre Cardoso |Parent : 2232] - (. - Shortcut_Module.) - (17.6.2014.2) = C:\Users\Pierre Cardoso\Desktop\Shortcut_Module.exe
3736 | [Owner : SERVIÇO LOCAL |Parent : 752] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe
2824 | [Owner : Pierre Cardoso |Parent : 1796] - (. - Process Stopper.) - (1.0.0.0) = C:\Shortcut_Module\Protect_Module.exe

¤¤¤¤¤¤¤¤¤¤ | RUN

04 - [64] HKLM\..\Run : [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
04 - [64] HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
04 - [32] HKLM\..\Run : [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
04 - [32] HKLM\..\Run : [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
04 - [32] HKLM\..\RunOnce : [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
04 - HKU\S-1-5-19\..\Run : [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\..\Run : [skyDrive] "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
04 - HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\..\Run : [DesktopCal] C:\Program Files (x86)\DesktopCal\desktopcal.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\..\RunOnce : [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
04 - HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\..\RunOnce : [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530"
04 - HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\..\RunOnce : [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
04 - HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\..\RunOnce : [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627"
04 - HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\..\RunOnce : [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
04 - HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\..\RunOnce : [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"
04 - HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\..\RunOnce : [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
04 - HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\..\RunOnce : [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217"
04 - HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\..\RunOnce : [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
04 - HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\..\RunOnce : [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328"

¤¤¤¤¤¤¤¤¤¤ | Serviços

funcionando : WINDEFEND
Serviço parado : WINDEFEND
funcionando : MMCSS
funcionando : Dhcp
funcionando : TcpIp
funcionando : WinHttpAutoProxysvc
Serviço parado : WinHttpAutoProxysvc
funcionando : SSDPSRV
funcionando : MPSSvc
Serviço parado : MPSSvc
funcionando : LanmanServer
funcionando : DNScache
Serviço parado : DNScache

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\Windows\System32\Drivers\etc\hosts : Reponha para zerar prosperamente

¤¤¤¤¤¤¤¤¤¤ | Registro

Apagado prosperamente : [64]HKLM\Software\Classes\CLSID\{102A897A-FC92-4F8B-A7D5-7DE434FE7D3E} : C:\Program Files (x86)\RealArcade\Installer\bin\InstallerDlg.dll
Apagado prosperamente : [64]HKLM\Software\Classes\CLSID\{28DFE5B9-610E-4df7-9ADD-615BE7F7CAFA} : C:\Program Files (x86)\RealArcade\Installer\bin\GCHROME.dll
Apagado prosperamente : [64]HKLM\Software\Classes\CLSID\{5818813E-D53D-47A5-ABBB-37E2A07056B5} : C:\Program Files (x86)\RealArcade\Installer\bin\InstallerDlg.dll
Apagado prosperamente : [64]HKLM\Software\Classes\CLSID\{748744E8-6812-4F07-9F57-5F40395BDE65} : C:\Program Files (x86)\RealArcade\Installer\bin\InstallerDlg.dll
Apagado prosperamente : [64]HKLM\Software\Classes\CLSID\{782355DA-B9DB-48F3-84D4-340E450EF3A5} : C:\Program Files (x86)\RealArcade\Installer\CheckInst.dll
Apagado prosperamente : [64]HKLM\Software\Classes\CLSID\{7B5C103F-DAAF-425E-B3A9-DEDE61F3A6F4} : C:\Program Files (x86)\RealArcade\Installer\bin\InstallerDlg.dll
Apagado prosperamente : [64]HKLM\Software\Classes\CLSID\{80AB3FB6-9660-416C-BE8D-0E2E8AC3138B} : C:\Program Files (x86)\RealArcade\Installer\bin\InstallerDlg.dll
Apagado prosperamente : [64]HKLM\Software\Classes\CLSID\{C8F76629-E4F4-4646-AFC0-665082D167B1} : C:\Program Files (x86)\RealArcade\Installer\bin\InstallerDlg.dll
Apagado prosperamente : [64]HKLM\Software\Classes\TypeLib\{12631F96-F37E-4975-81D5-16E871EE557B} : C:\Program Files (x86)\RealArcade\Installer\bin\InstallerDlg.dll
Apagado prosperamente : [64]HKLM\Software\Classes\TypeLib\{334A3120-6600-41F2-81BC-97D6DC7C9CB7} : C:\Program Files (x86)\RealArcade\Installer\CheckInst.dll
Apagado prosperamente : [64]HKLM\Software\Classes\TypeLib\{7D10077E-0FF1-42E9-940A-CFFEE4DC7D63} : C:\Program Files (x86)\RealArcade\Installer\bin\GCHROME.dll
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{0D60A064-2009-4623-8FC1-F99CAC01037E} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{12DE7CAC-9F64-48FA-9526-212043DF0AAE} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{29F023B2-B05F-4613-A60F-2A0094DF3017} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{48D11E12-E33E-40A7-A78D-2EAFD88906DC} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B} : {7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{860450DB-79C1-44E4-96E0-C89144E4B444} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{C7E480B1-78D1-4D43-8B94-0D32DD109899} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{C7FD6819-9EB2-4330-A161-77CC9225DAA1} : {334A3120-6600-41F2-81BC-97D6DC7C9CB7}
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{D991AAA3-6CEB-47CD-9A34-08E0C9D0959E} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [64]HKLM\Software\Classes\Interface\{F5609BFB-AC99-4F0C-AA90-5BA58C1E382E} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{0D60A064-2009-4623-8FC1-F99CAC01037E} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{12DE7CAC-9F64-48FA-9526-212043DF0AAE} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{29F023B2-B05F-4613-A60F-2A0094DF3017} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{48D11E12-E33E-40A7-A78D-2EAFD88906DC} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{71AFB688-0483-40F7-A49B-6A411DA1DF0B} : {7D10077E-0FF1-42E9-940A-CFFEE4DC7D63}
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{860450DB-79C1-44E4-96E0-C89144E4B444} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{C7E480B1-78D1-4D43-8B94-0D32DD109899} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{C7FD6819-9EB2-4330-A161-77CC9225DAA1} : {334A3120-6600-41F2-81BC-97D6DC7C9CB7}
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{D991AAA3-6CEB-47CD-9A34-08E0C9D0959E} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : [32]HKLM\Software\Classes\Interface\{F5609BFB-AC99-4F0C-AA90-5BA58C1E382E} : {12631F96-F37E-4975-81D5-16E871EE557B}
Apagado prosperamente : HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 : C:\Users\Pierre Cardoso\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D62088BE-DBCC-11DB-8D0A-D0DD55D89595} : C:\Program Files (x86)\RealArcade\Installer\bin
Apagado prosperamente : [64]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{782355DA-B9DB-48F3-84D4-340E450EF3A5}

¤¤¤¤¤¤¤¤¤¤ | IFEO

¤¤¤¤¤¤¤¤¤¤ | Arquivos

Apagado prosperamente : C:\Program Files (x86)\RealArcade
Apagado prosperamente : C:\Users\Pierre Cardoso\AppData\Local\Unity\WebPlayer
Apagado prosperamente : C:\Users\Pierre Cardoso\AppData\LocalLow\Unity\WebPlayer
Apagado prosperamente : C:\Users\Pierre Cardoso\AppData\Roaming\Unity\WebPlayerPrefs
Apagado prosperamente : C:\Users\Pierre Cardoso\Desktop\Ajeitar\2 Conto\BO\Contatos\Tutorial - Contatos.txt (.-.)
Apagado prosperamente : C:\Users\Pierre Cardoso\Desktop\Ajeitar\2 Conto\Makemoney\Tutoriais\TutorialMMoney.exe (Copyright © 1994, 1998 Lotus Development Corporation.-.Lotus ScreenCam)[OFN : SCRNCAM.EXE]
Apagado prosperamente : C:\Users\\Pierre Cardoso\AppData\Roaming\unins000.dat

¤¤¤¤¤¤¤¤¤¤ | Malversações de atalhos

¤¤¤¤¤¤¤¤¤¤ | Proxy

Consertado : [HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1

¤¤¤¤¤¤¤¤¤¤ | Malversações internet Explorer

Consertado : [HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\Software\Microsoft\Internet Explorer\Main]|[search Bar] : http://go.microsoft.com/fwlink/?linkid=54896 -> http://www.google.com/
Consertado : [HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\Software\Microsoft\Internet Explorer\Main]|[start Page] : about:blank -> http://www.google.com/
Consertado : [HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm
Consertado : [HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\Software\Microsoft\Internet Explorer\Main]|[search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Consertado : [HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896
Consertado : [HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> http://go.microsoft.com/fwlink/?LinkId=69157
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[search Bar] : http://search.msn.com/spbasic.htm -> http://www.google.com/
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://www.google.com/
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[start Default_Page_URL] : -> http://www.google.com/
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[browserMngr Start Page] : -> http://www.google.com/
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> http://www.google.com/
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[search Bar] : -> http://www.google.com/
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[start Page] : -> http://www.google.com/
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[start Default_Page_URL] : -> http://www.google.com/
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\Windows\SysWOW64\blank.htm
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[search Page] : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[browserMngr Start Page] : -> http://www.google.com/
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : -> http://www.google.com/
Consertado : [64][HKLM\Software\Microsoft\Internet Explorer\AboutURLs]|[Tabs] : res://ieframe.dll/tabswelcome.htm -> http://www.google.com/
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[search Bar] : -> http://www.google.com/
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://go.microsoft.com/fwlink/?LinkId=69157 -> http://www.google.com/
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[start Default_Page_URL] : -> http://www.google.com/
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\System32\blank.htm -> C:\Windows\SysWOW64\blank.htm
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[browserMngr Start Page] : -> http://www.google.com/
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> http://www.google.com/
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[search Bar] : -> http://www.google.com/
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[start Page] : -> http://www.google.com/
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[start Default_Page_URL] : -> http://www.google.com/
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\Windows\SysWOW64\blank.htm
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[search Page] : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[browserMngr Start Page] : -> http://www.google.com/
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : -> http://www.google.com/
Consertado : [32][HKLM\Software\Microsoft\Internet Explorer\AboutURLs]|[Tabs] : -> http://www.google.com/

¤¤¤¤¤¤¤¤¤¤ | Malversações Google Chrome

Apagado prosperamente : [64]HKLM\Software\Policies\Google
[Pierre Cardoso] Reponha para zerar prosperamente : SearchURL
[Pierre Cardoso] Reponha para zerar prosperamente : Preferences

[Pierre Cardoso] : aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co
[Pierre Cardoso] : apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co
[Pierre Cardoso] : blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com/?feature=ytca - Google & co
[Pierre Cardoso] : coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co
[Pierre Cardoso] : idhngdhcfkoamngbedgpaokgjbnpdiji = : Detects all recordable content on the browser - RealDownloader
[Pierre Cardoso] : nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co
[Pierre Cardoso] : pgacfjdigcddmmncljpflgcfpfahebkh = : Módulo de Segurança - Banco do Brasil - GBBD Banco do Brasil
[Pierre Cardoso] : pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co

¤¤¤¤¤¤¤¤¤¤ | Malversações Firefox

¤¤¤¤¤¤¤¤¤¤ | Opera

¤¤¤¤¤¤¤¤¤¤ | Malversação de chaves StartMenuInternet

Consertado : [64][HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\open\command] : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -> "C:\Program Files\Mozilla Firefox\Firefox.exe"
Consertado : [64][HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\safemode\command] : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode -> "C:\Program Files\Mozilla Firefox\Firefox.exe" -safe-mode
Consertado : [64][HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"
Consertado : [64][HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -> "C:\Program Files\Google\Chrome\Application\chrome.exe"

¤¤¤¤¤¤¤¤¤¤ | AppInit_DLLs

[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0
[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0

¤¤¤¤¤¤¤¤¤¤ | Malversações Javascript

¤¤¤¤¤¤¤¤¤¤ | Firewall

Consertado : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]|[EnableFirewall] : 1 -> 0
Consertado : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]|[EnableFirewall] : 1 -> 0
Consertado : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]|[EnableFirewall] : 1 -> 0

¤¤¤¤¤¤¤¤¤¤ | ADS

C:\ProgramData\Temp:
Apagado prosperamente :5C321E34

¤¤¤¤¤¤¤¤¤¤ | Arquivos temporários

[All Users] Arquivos temporários Apagado : 0 Ko
[Default] Arquivos temporários Apagado : 0 Ko
[Default User] Arquivos temporários Apagado : 0 Ko
[Pierre Cardoso] Arquivos temporários Apagado : 206115 Ko
[Public] Arquivos temporários Apagado : 0 Ko
[Todos os Usuários] Arquivos temporários Apagado : 0 Ko
[updatusUser] Arquivos temporários Apagado : 0 Ko
[usuário Padrão] Arquivos temporários Apagado : 0 Ko
[C:\Windows\Temp] Arquivos temporários Apagado : 3 Ko
[C:\Temp] Arquivos temporários Apagado : 0 Ko

Serviço reiniciado : DNScache
Serviço reiniciado : MPSsvc

Outros relatórios

Colocação restabelecida em um modo auxiliar

¤¤¤¤¤¤¤¤¤¤ | Listing

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files (x86)

[09/07/2010 10:54:08] - |D| - C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
[09/07/2010 11:34:18] - |D| - C:\Program Files (x86)\Adobe
[11/11/2013 01:21:32] - |D| - C:\Program Files (x86)\AGEIA Technologies
[11/11/2012 17:18:44] - |D| - C:\Program Files (x86)\BitTorrent
[06/07/2010 23:36:12] - |D| - C:\Program Files (x86)\CCleaner
[09/07/2010 14:50:27] - |D| - C:\Program Files (x86)\Central de Jogos
[14/07/2009 00:20:08] - |D| - C:\Program Files (x86)\Common Files
[05/01/2010 15:53:55] - |D| - C:\Program Files (x86)\Cyberlink
[13/04/2012 22:09:07] - |D| - C:\Program Files (x86)\DAEMON Tools Lite
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\Default.SFX
[25/04/2012 22:57:09] - |A| - C:\Program Files (x86)\Descript.ion
[14/07/2009 01:54:24] - |ASH| - C:\Program Files (x86)\desktop.ini
[06/02/2014 21:16:25] - |D| - C:\Program Files (x86)\DesktopCal
[23/04/2012 17:32:10] - |D| - C:\Program Files (x86)\Diablo II
[12/08/2012 15:25:36] - |D| - C:\Program Files (x86)\EA GAMES
[09/02/2013 22:10:23] - |D| - C:\Program Files (x86)\Electronic Arts
[25/04/2012 22:57:09] - |A| - C:\Program Files (x86)\File_Id.diz
[25/04/2012 22:57:10] - |D| - C:\Program Files (x86)\Formats
[11/11/2012 17:24:49] - |D| - C:\Program Files (x86)\Full Tilt Poker
[24/06/2011 20:51:53] - |D| - C:\Program Files (x86)\GbPlugin
[22/03/2013 13:00:35] - |D| - C:\Program Files (x86)\Google
[17/07/2010 23:26:19] - |D| - C:\Program Files (x86)\GRETECH
[18/09/2013 13:29:30] - |D| - C:\Program Files (x86)\Guitar Pro 5
[05/01/2010 15:48:26] - |D| - C:\Program Files (x86)\Hewlett-Packard
[05/01/2010 15:49:26] - |D| - C:\Program Files (x86)\hp
[10/03/2011 23:07:02] - |D| - C:\Program Files (x86)\HP Photo Creations
[14/04/2011 14:29:35] - |HD| - C:\Program Files (x86)\InstallJammer Registry
[05/01/2010 15:50:31] - |HD| - C:\Program Files (x86)\InstallShield Installation Information
[05/01/2010 15:50:31] - |D| - C:\Program Files (x86)\Intel
[14/07/2009 00:20:08] - |D| - C:\Program Files (x86)\Internet Explorer
[14/02/2012 21:57:48] - |D| - C:\Program Files (x86)\Java
[30/05/2012 17:30:20] - |D| - C:\Program Files (x86)\KONAMI
[25/04/2012 22:57:09] - |A| - C:\Program Files (x86)\License.txt
[07/07/2010 23:05:47] - |D| - C:\Program Files (x86)\Malwarebytes' Anti-Malware
[05/01/2010 16:13:08] - |D| - C:\Program Files (x86)\Microsoft
[06/07/2010 21:52:42] - |D| - C:\Program Files (x86)\Microsoft Antimalware
[21/11/2010 01:35:35] - |D| - C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[05/01/2010 16:05:24] - |D| - C:\Program Files (x86)\Microsoft Office
[19/06/2013 19:17:39] - |D| - C:\Program Files (x86)\Microsoft Silverlight
[09/06/2013 12:58:37] - |D| - C:\Program Files (x86)\Microsoft SkyDrive
[05/01/2010 16:14:15] - |D| - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[05/01/2010 16:05:18] - |D| - C:\Program Files (x86)\Microsoft Works
[09/07/2010 10:53:02] - |D| - C:\Program Files (x86)\Microsoft.NET
[10/05/2014 01:30:34] - |D| - C:\Program Files (x86)\Mozilla Firefox
[02/05/2012 05:46:45] - |D| - C:\Program Files (x86)\Mozilla Maintenance Service
[14/07/2009 02:32:38] - |D| - C:\Program Files (x86)\MSBuild
[23/08/2011 16:48:42] - |D| - C:\Program Files (x86)\MSECache
[03/07/2010 14:10:55] - |D| - C:\Program Files (x86)\MSXML 4.0
[28/08/2010 14:31:45] - |D| - C:\Program Files (x86)\Nokia
[07/11/2013 22:00:14] - |D| - C:\Program Files (x86)\NVIDIA Corporation
[05/01/2010 16:09:43] - |RD| - C:\Program Files (x86)\Online Services
[25/04/2012 22:57:09] - |A| - C:\Program Files (x86)\Order.htm
[21/08/2012 20:32:56] - |D| - C:\Program Files (x86)\Pando Networks
[22/07/2012 00:33:15] - |D| - C:\Program Files (x86)\PC Connectivity Solution
[09/07/2010 11:59:06] - |D| - C:\Program Files (x86)\pdf995
[14/03/2014 20:28:54] - |D| - C:\Program Files (x86)\Programas RFB
[08/09/2010 23:04:33] - |D| - C:\Program Files (x86)\Project64 1.6
[28/05/2013 21:55:02] - |D| - C:\Program Files (x86)\QuickTime
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\Rar.exe
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\rar.lng
[25/04/2012 22:57:09] - |A| - C:\Program Files (x86)\Rar.txt
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\rarext.lng
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\RarExt64.dll
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\RarFiles.lst
[25/04/2012 22:57:32] - |A| - C:\Program Files (x86)\rarnew.dat
[25/04/2012 22:57:09] - |A| - C:\Program Files (x86)\ReadMe.txt
[07/08/2012 21:54:26] - |D| - C:\Program Files (x86)\Real
[16/07/2010 15:48:50] - |D| - C:\Program Files (x86)\Real Alternative
[11/09/2013 06:54:09] - |D| - C:\Program Files (x86)\RealNetworks
[05/01/2010 15:51:56] - |D| - C:\Program Files (x86)\Realtek
[14/07/2009 02:32:38] - |D| - C:\Program Files (x86)\Reference Assemblies
[12/08/2012 13:41:19] - |D| - C:\Program Files (x86)\Rockstar Games
[14/09/2011 18:32:54] - |RD| - C:\Program Files (x86)\Skype
[01/08/2011 01:35:31] - |D| - C:\Program Files (x86)\SpywareBlaster
[25/04/2012 22:57:09] - |A| - C:\Program Files (x86)\TechNote.txt
[05/01/2010 15:51:55] - |HD| - C:\Program Files (x86)\Temp
[14/07/2009 01:57:06] - |HD| - C:\Program Files (x86)\Uninstall Information
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\uninstall.lng
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\Uninstall.lst
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\UnRAR.exe
[08/07/2010 22:40:15] - |D| - C:\Program Files (x86)\USB Vibration
[09/07/2010 12:05:03] - |D| - C:\Program Files (x86)\Valve
[08/09/2010 20:29:29] - |D| - C:\Program Files (x86)\VDownloader
[08/07/2010 22:40:53] - |D| - C:\Program Files (x86)\VID_0E8F&PID_3013
[25/04/2012 22:57:09] - |A| - C:\Program Files (x86)\WhatsNew.txt
[31/05/2012 19:46:33] - |D| - C:\Program Files (x86)\Winamp
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\WinCon.SFX
[14/07/2009 02:32:38] - |D| - C:\Program Files (x86)\Windows Defender
[05/01/2010 16:09:48] - |D| - C:\Program Files (x86)\Windows Live
[14/07/2009 00:20:08] - |D| - C:\Program Files (x86)\Windows Mail
[14/07/2009 02:32:38] - |D| - C:\Program Files (x86)\Windows Media Player
[14/07/2009 00:20:08] - |D| - C:\Program Files (x86)\Windows NT
[24/11/2013 18:55:11] - |D| - C:\Program Files (x86)\Windows Phone
[14/07/2009 02:32:38] - |D| - C:\Program Files (x86)\Windows Photo Viewer
[14/07/2009 02:32:38] - |D| - C:\Program Files (x86)\Windows Portable Devices
[14/07/2009 02:32:38] - |D| - C:\Program Files (x86)\Windows Sidebar
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\WinRAR.chm
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\WinRAR.exe
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\winrar.lng
[16/07/2010 15:54:07] - |D| - C:\Program Files (x86)\XMedia Recode
[10/02/2011 23:09:01] - |HD| - C:\Program Files (x86)\Zero G Registry
[16/06/2014 12:10:04] - |D| - C:\Program Files (x86)\ZHPDiag
[25/04/2012 22:57:10] - |A| - C:\Program Files (x86)\Zip.SFX
[25/04/2012 22:57:32] - |A| - C:\Program Files (x86)\zipnew.dat

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files

[01/07/2010 22:03:31] - |SHD| - C:\Program Files\Arquivos Comuns
[05/01/2010 15:51:01] - |D| - C:\Program Files\ATI
[17/06/2014 18:49:34] - |D| - C:\Program Files\Bitdefender
[06/07/2010 23:52:56] - |D| - C:\Program Files\ClocX
[14/07/2009 00:20:08] - |D| - C:\Program Files\Common Files
[20/10/2013 22:24:21] - |D| - C:\Program Files\CPUID
[14/07/2009 01:54:24] - |ASH| - C:\Program Files\desktop.ini
[28/08/2010 14:31:58] - |D| - C:\Program Files\DIFX
[14/07/2009 02:32:38] - |D| - C:\Program Files\DVD Maker
[05/01/2010 15:49:19] - |D| - C:\Program Files\Hewlett-Packard
[10/03/2011 23:05:29] - |D| - C:\Program Files\HP
[14/07/2009 00:20:08] - |D| - C:\Program Files\Internet Explorer
[14/07/2009 02:32:38] - |D| - C:\Program Files\Microsoft Games
[09/07/2010 10:52:10] - |D| - C:\Program Files\Microsoft Office
[19/06/2013 19:17:39] - |D| - C:\Program Files\Microsoft Silverlight
[14/07/2009 02:32:38] - |D| - C:\Program Files\MSBuild
[07/11/2013 21:41:27] - |D| - C:\Program Files\NVIDIA Corporation
[05/01/2010 16:00:46] - |D| - C:\Program Files\PC-Doctor for Windows
[05/01/2010 15:53:22] - |D| - C:\Program Files\PlayReady
[05/01/2010 15:43:29] - |D| - C:\Program Files\Realtek
[14/07/2009 02:32:38] - |D| - C:\Program Files\Reference Assemblies
[30/07/2011 03:50:55] - |D| - C:\Program Files\SUPERAntiSpyware
[14/07/2009 02:09:26] - |HD| - C:\Program Files\Uninstall Information
[14/07/2009 02:32:38] - |D| - C:\Program Files\Windows Defender
[14/07/2009 04:45:58] - |D| - C:\Program Files\Windows Journal
[20/10/2010 20:42:18] - |D| - C:\Program Files\Windows Live
[14/07/2009 00:20:08] - |D| - C:\Program Files\Windows Mail
[14/07/2009 02:32:38] - |D| - C:\Program Files\Windows Media Player
[14/07/2009 00:20:08] - |D| - C:\Program Files\Windows NT
[14/07/2009 02:32:38] - |D| - C:\Program Files\Windows Photo Viewer
[14/07/2009 02:32:38] - |D| - C:\Program Files\Windows Portable Devices
[14/07/2009 02:32:38] - |D| - C:\Program Files\Windows Sidebar

¤¤¤¤¤¤¤¤¤¤ | C:\Users\Pierre Cardoso\AppData\Roaming

[01/07/2010 22:30:57] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Adobe
[10/11/2012 11:05:53] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Apple Computer
[01/07/2010 22:12:37] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\ATI
[29/05/2012 21:51:53] - |A| - C:\Users\Pierre Cardoso\AppData\Roaming\bitlord_log.txt
[11/11/2012 17:17:31] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\BitTorrent
[14/02/2013 20:18:08] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\cef-cache
[01/07/2010 23:20:33] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\CyberLink
[08/07/2010 22:01:51] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\DAEMON Tools Lite
[06/02/2014 21:16:30] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\DesktopCal
[08/09/2010 20:47:35] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\DivX
[15/05/2011 19:47:41] - |A| - C:\Users\Pierre Cardoso\AppData\Roaming\GhostObjGAFix.xml
[17/07/2010 23:27:24] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\GRETECH
[01/07/2010 22:04:04] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Hewlett-Packard
[03/07/2010 15:16:32] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\HP Support Assistant
[03/07/2010 16:39:57] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\hpqLog
[02/07/2010 22:26:44] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\HpUpdate
[01/07/2010 22:11:19] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Identities
[01/07/2010 22:11:43] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Intel Corporation
[01/07/2010 22:30:58] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Macromedia
[07/07/2010 23:05:55] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Malwarebytes
[01/07/2010 22:03:40] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Media Center Programs
[16/07/2010 15:50:25] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Media Player Classic
[01/07/2010 22:03:40] - |SD| - C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft
[06/07/2010 23:38:14] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla
[22/10/2011 01:52:22] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla-Cache
[28/08/2010 14:36:32] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Nokia
[09/11/2013 19:58:18] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\NVIDIA
[15/03/2012 18:26:34] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Origin
[11/08/2012 22:26:53] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Party
[28/08/2010 14:36:28] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\PC Suite
[09/07/2010 12:00:40] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\pdf995
[29/05/2012 21:51:56] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Python-Eggs
[17/06/2014 18:48:17] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\QuickScan
[28/09/2011 17:40:08] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Real
[11/09/2013 06:54:37] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\RealNetworks
[21/11/2010 01:40:04] - |RHD| - C:\Users\Pierre Cardoso\AppData\Roaming\SecuROM
[14/09/2011 18:42:11] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Skype
[10/02/2011 23:13:58] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Sports Interactive
[30/07/2011 03:51:02] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\SUPERAntiSpyware.com
[07/07/2013 21:32:24] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Unity
[31/05/2012 19:46:33] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Winamp
[03/07/2010 16:39:28] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\WinBatch
[20/10/2010 20:51:16] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\Windows Live Writer
[06/07/2010 23:36:46] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\WinRAR
[15/04/2011 21:09:04] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\XMedia Recode
[16/06/2014 12:10:04] - |D| - C:\Users\Pierre Cardoso\AppData\Roaming\ZHP

¤¤¤¤¤¤¤¤¤¤ | C:\Users\Pierre Cardoso\AppData\Local

[09/07/2010 12:00:48] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Adobe
[05/11/2012 19:31:42] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Apple
[01/07/2010 22:12:37] - |D| - C:\Users\Pierre Cardoso\AppData\Local\ATI
[25/12/2010 04:37:29] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Boss Media
[22/03/2011 14:02:27] - |D| - C:\Users\Pierre Cardoso\AppData\Local\CPN
[01/07/2010 23:20:33] - |D| - C:\Users\Pierre Cardoso\AppData\Local\CyberLink
[01/07/2010 22:03:40] - |SHD| - C:\Users\Pierre Cardoso\AppData\Local\Dados de aplicativos
[13/07/2010 14:34:29] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Diagnostics
[09/02/2013 22:15:34] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Downloaded Installations
[31/12/2010 13:41:15] - |D| - C:\Users\Pierre Cardoso\AppData\Local\ElevatedDiagnostics
[14/05/2014 20:16:13] - |SHD| - C:\Users\Pierre Cardoso\AppData\Local\EmieSiteList
[14/05/2014 20:16:13] - |SHD| - C:\Users\Pierre Cardoso\AppData\Local\EmieUserList
[18/07/2012 21:18:55] - |D| - C:\Users\Pierre Cardoso\AppData\Local\European Bus Simulator 2012
[18/10/2011 19:29:32] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Facebook
[07/05/2013 20:20:22] - |D| - C:\Users\Pierre Cardoso\AppData\Local\FullTiltPoker
[15/07/2013 19:33:38] - |D| - C:\Users\Pierre Cardoso\AppData\Local\GAS Tecnologia
[01/07/2010 22:09:55] - |A| - C:\Users\Pierre Cardoso\AppData\Local\GDIPFONTCACHEV1.DAT
[22/03/2013 13:00:33] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Google
[01/07/2010 22:09:54] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Hewlett-Packard
[01/07/2010 22:03:40] - |SHD| - C:\Users\Pierre Cardoso\AppData\Local\Histórico
[10/03/2011 23:03:19] - |D| - C:\Users\Pierre Cardoso\AppData\Local\HP
[16/06/2014 11:49:03] - |AH| - C:\Users\Pierre Cardoso\AppData\Local\IconCache.db
[26/02/2012 14:06:38] - |D| - C:\Users\Pierre Cardoso\AppData\Local\IsolatedStorage
[14/06/2012 16:26:32] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Macromedia
[01/07/2010 22:03:40] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Microsoft
[01/07/2010 23:46:38] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Microsoft Games
[09/07/2010 10:51:36] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Microsoft Help
[06/07/2010 23:38:14] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Mozilla
[15/12/2010 21:55:45] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Nokia
[15/12/2010 21:56:07] - |D| - C:\Users\Pierre Cardoso\AppData\Local\NokiaAccount
[01/07/2010 23:20:32] - |D| - C:\Users\Pierre Cardoso\AppData\Local\PowerCinema
[18/04/2013 20:18:17] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Programs
[29/05/2012 21:56:21] - |A| - C:\Users\Pierre Cardoso\AppData\Local\recently-used.xbel
[06/06/2013 23:21:53] - |A| - C:\Users\Pierre Cardoso\AppData\Local\Resmon.ResmonCfg
[30/05/2012 06:01:10] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Secunia PSI
[09/07/2010 10:54:05] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Seven Zip
[09/11/2012 22:43:01] - |D| - C:\Users\Pierre Cardoso\AppData\Local\SKIDROW
[10/02/2011 23:13:58] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Sports Interactive
[14/06/2014 09:53:04] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Temp
[01/07/2010 22:03:40] - |SHD| - C:\Users\Pierre Cardoso\AppData\Local\Temporary Internet Files
[12/09/2010 14:16:02] - |A| - C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00293_CROP.0
[12/09/2010 14:16:02] - |A| - C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00293_CROP.JPG
[12/09/2010 14:19:32] - |A| - C:\Users\Pierre Cardoso\AppData\Local\tmpDSC00310.JPG
[09/12/2011 20:24:54] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Ubisoft Game Launcher
[24/06/2012 01:09:19] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Unity
[01/07/2010 22:11:17] - |D| - C:\Users\Pierre Cardoso\AppData\Local\VirtualStore
[20/10/2010 20:40:21] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Windows Live
[20/10/2010 20:51:16] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Windows Live Writer
[12/05/2011 10:07:17] - |D| - C:\Users\Pierre Cardoso\AppData\Local\Xenocode

¤¤¤¤¤¤¤¤¤¤ | C:\ProgramData

[30/07/2011 03:51:00] - |D| - C:\ProgramData\!SASCORE
[17/06/2014 18:48:17] - |A| - C:\ProgramData\1403041697.4728.bin
[17/06/2014 18:48:20] - |A| - C:\ProgramData\1403041697.4800.bin
[17/06/2014 18:48:21] - |A| - C:\ProgramData\1403041697.4824.bin
[17/06/2014 18:48:37] - |A| - C:\ProgramData\1403041697.4916.bin
[17/06/2014 18:49:34] - |A| - C:\ProgramData\1403041697.5016.bin
[17/06/2014 18:49:34] - |A| - C:\ProgramData\1403041697.5020.bin
[17/06/2014 18:49:34] - |A| - C:\ProgramData\1403041697.5024.bin
[17/06/2014 18:50:41] - |A| - C:\ProgramData\1403041837.2896.bin
[17/06/2014 18:50:54] - |A| - C:\ProgramData\1403041837.3808.bin
[17/06/2014 18:50:41] - |A| - C:\ProgramData\1403041837.4408.bin
[17/06/2014 18:50:37] - |A| - C:\ProgramData\1403041837.4564.bin
[17/06/2014 18:50:54] - |A| - C:\ProgramData\1403041837.4704.bin
[17/06/2014 18:50:54] - |A| - C:\ProgramData\1403041837.4708.bin
[17/06/2014 18:50:50] - |A| - C:\ProgramData\1403041837.956.bin
[17/06/2014 18:51:37] - |A| - C:\ProgramData\1403041892.1356.bin
[17/06/2014 18:51:52] - |A| - C:\ProgramData\1403041892.2820.bin
[17/06/2014 18:51:52] - |A| - C:\ProgramData\1403041892.3412.bin
[17/06/2014 18:51:49] - |A| - C:\ProgramData\1403041892.4100.bin
[17/06/2014 18:51:32] - |A| - C:\ProgramData\1403041892.4604.bin
[17/06/2014 18:51:52] - |A| - C:\ProgramData\1403041892.4816.bin
[17/06/2014 18:51:36] - |A| - C:\ProgramData\1403041892.5044.bin
[17/06/2014 18:53:15] - |A| - C:\ProgramData\1403041985.2732.bin
[17/06/2014 18:53:18] - |A| - C:\ProgramData\1403041985.3592.bin
[17/06/2014 18:53:05] - |A| - C:\ProgramData\1403041985.4464.bin
[17/06/2014 18:53:07] - |A| - C:\ProgramData\1403041985.4752.bin
[17/06/2014 18:53:18] - |A| - C:\ProgramData\1403041985.4760.bin
[17/06/2014 18:53:18] - |A| - C:\ProgramData\1403041985.5000.bin
[17/06/2014 18:53:09] - |A| - C:\ProgramData\1403041985.5104.bin
[09/07/2010 11:34:24] - |D| - C:\ProgramData\Adobe
[05/11/2012 19:31:40] - |D| - C:\ProgramData\Apple
[28/05/2013 21:55:02] - |D| - C:\ProgramData\Apple Computer
[14/07/2009 02:08:56] - |SHD| - C:\ProgramData\Application Data
[24/11/2013 18:03:37] - |D| - C:\ProgramData\Applications
[19/10/2013 14:45:35] - |D| - C:\ProgramData\BlueStacksSetup
[25/12/2010 04:37:29] - |D| - C:\ProgramData\Boss Media
[21/03/2012 19:09:16] - |HD| - C:\ProgramData\Common Files
[05/01/2010 15:54:11] - |D| - C:\ProgramData\CyberLink
[01/07/2010 22:03:31] - |SHD| - C:\ProgramData\Dados de aplicativos
[08/07/2010 22:01:49] - |D| - C:\ProgramData\DAEMON Tools Lite
[14/07/2009 02:08:56] - |SHD| - C:\ProgramData\Desktop
[01/07/2010 22:03:31] - |SHD| - C:\ProgramData\Documentos
[14/07/2009 02:08:56] - |SHD| - C:\ProgramData\Documents
[09/02/2013 22:16:55] - |D| - C:\ProgramData\Electronic Arts
[14/07/2009 02:08:56] - |SHD| - C:\ProgramData\Favorites
[01/07/2010 22:03:31] - |SHD| - C:\ProgramData\Favoritos
[11/08/2011 13:45:42] - |D| - C:\ProgramData\gas
[15/07/2013 19:33:38] - |D| - C:\ProgramData\GAS Tecnologia
[07/07/2010 19:19:47] - |D| - C:\ProgramData\GbPlugin
[05/01/2010 15:59:27] - |D| - C:\ProgramData\Hewlett-Packard
[10/03/2011 23:06:40] - |D| - C:\ProgramData\HP
[10/03/2011 23:07:02] - |D| - C:\ProgramData\HP Photo Creations
[28/08/2010 14:31:03] - |D| - C:\ProgramData\Installations
[06/02/2012 22:36:29] - |D| - C:\ProgramData\Kaspersky Lab
[30/05/2012 17:30:20] - |D| - C:\ProgramData\KONAMI
[21/06/2013 02:06:13] - |D| - C:\ProgramData\Licenses
[07/07/2010 23:05:47] - |D| - C:\ProgramData\Malwarebytes
[01/07/2010 22:03:31] - |SHD| - C:\ProgramData\Menu Iniciar
[14/07/2009 00:20:08] - |SD| - C:\ProgramData\Microsoft
[09/07/2010 10:51:31] - |D| - C:\ProgramData\Microsoft Help
[09/06/2013 12:58:25] - |D| - C:\ProgramData\Microsoft OneDrive
[01/07/2010 22:03:31] - |SHD| - C:\ProgramData\Modelos
[02/05/2012 05:46:46] - |D| - C:\ProgramData\Mozilla
[11/07/2012 21:53:10] - |D| - C:\ProgramData\Nokia
[15/12/2010 21:50:19] - |D| - C:\ProgramData\NokiaInstallerCache
[26/02/2012 14:05:55] - |D| - C:\ProgramData\NokiaMusic
[05/01/2010 16:15:53] - |D| - C:\ProgramData\Norton
[05/01/2010 16:15:41] - |D| - C:\ProgramData\NortonInstaller
[11/11/2013 01:17:06] - |D| - C:\ProgramData\NVIDIA
[07/11/2013 22:00:19] - |D| - C:\ProgramData\NVIDIA Corporation
[25/10/2013 00:20:06] - |D| - C:\ProgramData\Oracle
[15/03/2012 18:26:19] - |D| - C:\ProgramData\Origin
[28/08/2010 14:36:25] - |D| - C:\ProgramData\PC Suite
[05/01/2010 16:00:57] - |D| - C:\ProgramData\PC-Doctor for Windows
[09/07/2010 11:59:07] - |D| - C:\ProgramData\pdf995
[07/08/2012 21:50:05] - |D| - C:\ProgramData\Real
[11/09/2013 06:54:09] - |D| - C:\ProgramData\RealNetworks
[02/07/2010 15:25:59] - |D| - C:\ProgramData\Recovery
[14/09/2011 18:32:50] - |D| - C:\ProgramData\Skype
[10/02/2011 23:14:14] - |D| - C:\ProgramData\Sports Interactive
[14/07/2009 02:08:56] - |SHD| - C:\ProgramData\Start Menu
[30/07/2010 14:46:56] - |D| - C:\ProgramData\Sun
[30/07/2011 03:51:02] - |D| - C:\ProgramData\SUPERAntiSpyware.com
[05/01/2010 15:53:42] - |AD| - C:\ProgramData\Temp
[14/07/2009 02:08:56] - |SHD| - C:\ProgramData\Templates
[27/01/2014 22:06:48] - |D| - C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[09/07/2010 10:54:12] - |D| - C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
[05/01/2010 15:50:23] - |HDC| - C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}

[X] : [21604 Ko]

Elementos analisados : 341378 | Infetado : 258

¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤ | 19:52:42 | [54 Ko]

Power Max · Junho 17, 2014

Desative temporariamente seu antivirus para evitar conflitos.

Baixe: < Pre_Scan > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download:

Execute-o da forma indicada nesta postagem:

Tutorial de instalação e execução do Pre_Scan

Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Pre_Scan\Pre_Scan_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).

moicanofacul · Junho 17, 2014

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 04.06.08.2 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 20:43:33

Updated 08/06/2014 | 17.00 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_Script Infos : http://gen-hackman.purforum.com/t49-5-les-switchs-du-script
Pre_scan Feedbacks : http://gen-hackman.purforum.com/f10-pre_scan-feedbacks

[Pierre Cardoso (Administrator)] - [PIERRECARDOSO]
SID = S-1-5-21-3781067526-2966764731-2999422385-1000

Starting up : Normal
System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
ProcessorNameString : Intel® Core i5 CPU 650 @ 3.20GHz
Identifier : Intel64 Family 6 Model 37 Stepping 2

Memory RAM = Total (MB) : 4054 | Free (MB) : 2966
Pagefile = Total (MB) : 8106 | Free (MB) : 6959
Virtual = Total (MB) : 4194 | Free (MB) : 3990

¤¤¤¤¤¤¤¤¤¤ | Components of starting up

C:\Windows\Setup\Scripts\oobe.cmd

¤¤¤¤¤¤¤¤¤¤¤ | Drives

C:\-> [Fixed] | [HP] | Total : 482480 Mo | Free : 367370 Mo -> NTFS
D:\-> [Fixed] | [FACTORY_IMAGE] | Total : 9700 Mo | Free : 1480 Mo -> NTFS
P:\-> [Fixed] | [Pierre Cardoso] | Total : 461580 Mo | Free : 139560 Mo -> NTFS

¤¤¤¤¤¤¤¤¤¤ | Windows updates

No detected update !!!

¤¤¤¤¤¤¤¤¤¤ | Sessions

C:\Windows\system32\config\systemprofile
C:\Windows\ServiceProfiles\LocalService
C:\Windows\ServiceProfiles\NetworkService
C:\Users\Pierre Cardoso
C:\Users\UpdatusUser
C:\Users\UpdatusUser

Registry saved , to restore : C:\Pre_Scan\Save\Scan\ERDNT.exe

stand-by mode deleted !

¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 11.0.9600.17126 (© Microsoft Corporation. Todos os direitos reservados.)
FF : 29.0.1.5239 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 35.0.1916.153 (Copyright 2012 Google Inc.)

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

FlashPlayer ActiveX : 13.0.0.214
FlashPlayer Plugin : 13.0.0.214

¤¤¤¤¤¤¤¤¤¤ | Security

AV :
AS : Windows Defender Enabled
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Auto(2)] = Running
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ | Stopped processes

880 | [Owner : |Parent : 640] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 314.22.) - (8.17.13.1422) = C:\Windows\System32\nvvsvc.exe
904 | [Owner : |Parent : 640] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.1422) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
932 | [Owner : |Parent : 640] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (3.1.6.3) = C:\PROGRA~2\GbPlugin\gbpsv.exe
124 | [Owner : |Parent : 640] - (.AMD - AMD External Events Service Module.) - (6.14.11.1040) = C:\Windows\System32\atiesrxx.exe
1404 | [Owner : |Parent : 640] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1444 | [Owner : SISTEMA |Parent : 124] - (.AMD - AMD External Events Client Module.) - (6.14.11.1040) = C:\Windows\System32\atieclxx.exe
1544 | [Owner : SISTEMA |Parent : 880] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.1422) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1552 | [Owner : SISTEMA |Parent : 880] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 314.22.) - (8.17.13.1422) = C:\Windows\System32\nvvsvc.exe
1712 | [Owner : SISTEMA |Parent : 640] - (.SUPERAntiSpyware.com - Core Service.) - (1.0.0.1066) = C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
1748 | [Owner : SISTEMA |Parent : 640] - (.Hewlett-Packard Company - LightScribe Service.) - (1.18.8.1) = C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1856 | [Owner : SISTEMA |Parent : 640] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
1888 | [Owner : SISTEMA |Parent : 640] - (.Microsoft Corporation - Microsoft SeaPort Search Enhancement Broker.) - (3.0.133.0) = C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1144 | [Owner : SISTEMA |Parent : 640] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1644 | [Owner : SISTEMA |Parent : 640] - (.Intel Corporation - IAStorDataSvc.) - (9.5.0.1037) = C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
2716 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe
2888 | [Owner : Pierre Cardoso |Parent : 640] - (.Microsoft Corporation - Processo de Host para Tarefas do Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
2976 | [Owner : Pierre Cardoso |Parent : 1092] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
1780 | [Owner : Pierre Cardoso |Parent : 2960] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
2872 | [Owner : Pierre Cardoso |Parent : 1780] - (. - SmartMenu.) - (3.1.0.1) = C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2768 | [Owner : Pierre Cardoso |Parent : 1780] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.0.4041.512) = C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
2776 | [Owner : Pierre Cardoso |Parent : 1780] - (.DesktopCal, Inc. - desktopcal Module.) - (1.1.3.1951) = C:\Program Files (x86)\DesktopCal\desktopcal.exe
3012 | [Owner : Pierre Cardoso |Parent : 2788] - (.Hewlett-Packard - hpsysdrv.) - (2.10.0.0) = C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
1776 | [Owner : Pierre Cardoso |Parent : 2788] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
3220 | [Owner : Pierre Cardoso |Parent : 1544] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.1422) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3336 | [Owner : SISTEMA |Parent : 640] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
3476 | [Owner : SERVIÇO DE REDE |Parent : 640] - (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
3768 | [Owner : Pierre Cardoso |Parent : 2976] - (.CyberLink - CyberLink MediaLibray Service.) - (4.3.3318.0) = C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
1656 | [Owner : Pierre Cardoso |Parent : 1780] - (.Mozilla Corporation - Firefox.) - (29.0.1.5239) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1304 | [Owner : Pierre Cardoso |Parent : 1656] - (.Mozilla Corporation - Plugin Container for Firefox.) - (29.0.1.5239) = C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1192 | [Owner : SISTEMA |Parent : 640] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (7.2.45.3) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
5048 | [Owner : Pierre Cardoso |Parent : 820] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
4496 | [Owner : Pierre Cardoso |Parent : 820] - (.Intel Corporation - igfxsrvc Module.) - (7.15.10.2119) = C:\Windows\System32\igfxsrvc.exe

¤¤¤¤¤¤¤¤¤¤ | Running processes

360 | [Owner : SISTEMA |Parent : 4] - (.Microsoft Corporation - Gerenciador de Sessão do Windows.) - (6.1.7601.18229) = C:\Windows\System32\smss.exe
516 | [Owner : SISTEMA |Parent : 508] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
576 | [Owner : SISTEMA |Parent : 508] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe
600 | [Owner : SISTEMA |Parent : 584] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
640 | [Owner : SISTEMA |Parent : 576] - (.Microsoft Corporation - Aplicativo de serviços e controle.) - (6.1.7600.16385) = C:\Windows\System32\services.exe
668 | [Owner : SISTEMA |Parent : 576] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18443) = C:\Windows\System32\lsass.exe
676 | [Owner : SISTEMA |Parent : 576] - (.Microsoft Corporation - Serviço do Gerenciador de Sessão Local.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe
712 | [Owner : SISTEMA |Parent : 584] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) - (6.1.7601.18409) = C:\Windows\System32\winlogon.exe
820 | [Owner : SISTEMA |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
988 | [Owner : SERVIÇO DE REDE |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
660 | [Owner : SERVIÇO LOCAL |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
760 | [Owner : SISTEMA |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1052 | [Owner : SERVIÇO LOCAL |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1092 | [Owner : SISTEMA |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1204 | [Owner : SISTEMA |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1292 | [Owner : SERVIÇO DE REDE |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1480 | [Owner : SERVIÇO LOCAL |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
2004 | [Owner : SISTEMA |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
2672 | [Owner : SERVIÇO DE REDE |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
2984 | [Owner : Pierre Cardoso |Parent : 760] - (.Microsoft Corporation - Gerenciador de Janelas da Área de Trabalho.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe
3808 | [Owner : SERVIÇO LOCAL |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
3960 | [Owner : SERVIÇO LOCAL |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
3668 | [Owner : SISTEMA |Parent : 640] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
2964 | [Owner : Pierre Cardoso |Parent : 1780] - (. - .) - (0.0.0.0) = C:\Users\Pierre Cardoso\Desktop\Pre_Scan.exe
3208 | [Owner : Pierre Cardoso |Parent : 820] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe
3860 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe
4760 | [Owner : SISTEMA |Parent : 640] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (3.1.6.3) = C:\PROGRA~2\GbPlugin\gbpsv.exe
4712 | [Owner : SISTEMA |Parent : 640] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
4880 | [Owner : SISTEMA |Parent : 4712] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2576 | [Owner : SERVIÇO DE REDE |Parent : 640] - (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
920 | [Owner : SISTEMA |Parent : 640] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
3672 | [Owner : SISTEMA |Parent : 640] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
4372 | [Owner : SISTEMA |Parent : 640] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (7.2.45.3) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

¤¤¤¤¤¤¤¤¤¤ | Winlogon user : OK !

¤¤¤¤¤¤¤¤¤¤ | Winlogon machine

Modified : [64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0
Modified : [32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0
Repaired : [64][HKLM | Winlogon]|[userinit] : Userinit.exe, -> C:\Windows\SysWOW64\userinit.exe,

¤¤¤¤¤¤¤¤¤¤ | Associations

Repaired : [64][HKLM\Software\Classes\Folder\shell\open\command] : C:\Windows\Explorer.exe -> C:\Windows\Explorer.exe

¤

Repaired : [64][HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\open\command] : "C:\Program Files\Mozilla Firefox\Firefox.exe" -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
Repaired : [64][HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\safemode\command] : "C:\Program Files\Mozilla Firefox\Firefox.exe" -safe-mode -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" -safe-mode
Repaired : [64][HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : "C:\Program Files\Internet Explorer\iexplore.exe" -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Repaired : [64][HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command] : "C:\Program Files\Google\Chrome\Application\chrome.exe" -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
Repaired : [64][HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s
Repaired : [32][HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤¤¤¤¤¤¤¤¤¤ | Registry

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\policies\Explorer]|[NoDriveTypeAutoRun] : 0 -> 145
Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktop] : 1 -> 0
Repaired : [HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0
Repaired : [HKU\S-1-5-21-3781067526-2966764731-2999422385-1000\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoDriveTypeAutoRun] : 0 -> 145

¤¤¤¤¤¤¤¤¤¤ | Access to the registry and to the administrator of the tasks

¤¤¤¤¤¤¤¤¤¤ | SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !

¤

Safeboot Minimal Subkeys : O.K !

¤

Safeboot Network Subkeys : O.K !

¤¤¤¤¤¤¤¤¤¤ | IFEO

¤¤¤¤¤¤¤¤¤¤ | Mountpoints2

¤¤¤¤¤¤¤¤¤¤ | Windows

[64][HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]|[] : @SYS:DoesNotExist
[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

Winsrv : OK !

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] :

[HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] :
[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0
[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0

¤¤¤¤¤¤¤¤¤¤ | Security center

[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{003e0278-eca8-4bb8-a256-3689ca1c2600}]|[Autostart] : C:\Windows\system32\shell32.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{3BF043EF-A974-49B3-8322-B853CF1E5EC5}]|[Autostart] : C:\Windows\System32\SndVolSSO.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{68ddbb56-9d1d-4fd9-89c5-c0da2a625392}]|[Autostart] : C:\Windows\system32\stobject.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{7007ACCF-3202-11D1-AAD2-00805FC1270E}]|[Autostart] : C:\Windows\System32\netshell.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{7849596a-48ea-486e-8937-a2a3009f31a9}]|[Autostart] : C:\Windows\system32\shell32.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}]|[No 'Autostart'] : C:\Windows\System32\hcproviders.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}]|[No 'Autostart'] : C:\Windows\System32\hcproviders.dll C:\Windows\System32\hcproviders.dll
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{A1607060-5D4C-467a-B711-2B59A6F25957}]|[Autostart] : C:\Windows\System32\AltTab.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}]|[Autostart] : C:\Windows\system32\wpdshserviceobj.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{C2796011-81BA-4148-8FCA-C6643245113F}]|[Autostart] : C:\Windows\System32\pnidui.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{DA67B8AD-E81B-4c70-9B91-B417B5E33527}]|[Autostart] : C:\Windows\System32\srchadmin.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{EF4D1E1A-1C87-4AA8-8934-E68E4367468D}]|[Autostart] : C:\Windows\SysWOW64\shdocvw.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F08C5AC2-E722-4116-ADB7-CE41B527994B}]|[Autostart] : C:\Windows\SysWOW64\bthprops.cpl [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F20487CC-FC04-4B1E-863F-D9801796130B}]|[Autostart] : C:\Windows\System32\SyncCenter.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]|[Autostart] : C:\Windows\System32\Actioncenter.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{fbeb8a05-beee-4442-804e-409d6c4515e9}]|[Autostart] : C:\Windows\system32\shell32.dll [ok]
[64][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{ff363bfe-4941-4179-a81c-f3f1ca72d820}]|[Autostart] : C:\Windows\System32\hgcpl.dll [ok]

¤¤¤¤¤¤¤¤¤¤ | Correction of the services

Repaired : [Compbatt] : 3 -> 0
Repaired : [agp440] : 3 -> 2
Repaired : [bits] : 3 -> 2
Repaired : [EapHost] : 3 -> 2
Repaired : [Wlansvc] : 3 -> 2
Repaired : [sharedAccess] : 4 -> 2
Repaired : [wudfsvc] : 3 -> 2
Repaired : [WerSvc] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Users browser settings : OK

Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://www.google.com/ -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://www.google.com/ -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\AboutURLs]|[Tabs] : http://www.google.com/ -> res://ieframe.dll/tabswelcome.htm
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\AboutURLs]|[Tabs] : http://www.google.com/ -> res://ieframe.dll/tabswelcome.htm
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[start Page] : http://www.google.com/ -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[start Page] : http://www.google.com/ -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896

¤

Hijack.Internet : OK

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\Windows\System32\Drivers\etc\hosts : Cleaned

¤¤¤¤¤¤¤¤¤¤ | reparsepoint

¤¤¤¤¤¤¤¤¤¤ | Detection of offsets

¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

Deleted : C:\$Recycle.bin\S-1-5-20
Deleted : C:\$Recycle.bin\S-1-5-18
Deleted : C:\$Recycle.bin\S-1-5-21-3781067526-2966764731-2999422385-1000

Moved to quarantine successfully : C:\Windows\system32\System32
Moved to quarantine successfully : C:\install.exe
Moved to quarantine successfully : C:\msdia80.dll
Moved to quarantine successfully : C:\Users\Pierre Cardoso\AppData\Local\microsoft\windows\WebCacheLock.dat
Moved to quarantine successfully : C:\Windows\assembly\tmp\
Moved to quarantine successfully : C:\Users\Pierre Cardoso\AppData\LocalLow\Sun\Java\Deployment\cache\

¤¤¤¤¤¤¤¤¤¤ | ADS

Prefetch -> cleaned

D:\ : Vaccinated (Vaccin created by Usbfix)

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Drive D:] : Hidden : 10 | Restored : 10
~ [Drive P:] : Hidden : 350 | Restored : 350
~ [Drive C:] : Hidden : 2 | Restored : 2
~ [Program Files] : Hidden : 8 | Restored : 8
~ [users] : Hidden : 4 | Restored : 4
~ [Documents] : Hidden : 3 | Restored : 3
~ [Desktop] : Hidden : 1 | Restored : 1
~ [searches] : Hidden : 2 | Restored : 2
~ [Windows] : Hidden : 40 | Restored : 40
~ [start Menu | Programs | Startup] : Hidden : 1 | Restored : 1
~ [Libraries] : Hidden : 54 | Restored : 54

¤¤¤¤¤¤¤¤¤¤ | Control of the partitions

Disk: 0 Size=954G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 07-NTFS 100M Yes No 2,048 204,800
1 1 07-NTFS 482G No No 206,848 988,123,136
2 2 0F-EXTEND 462G No No 988,329,984 945,315,840
3 3 07-NTFS 9.7G No No 933,645,824 19,875,840

¤¤¤¤¤¤¤¤¤¤

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1
[HKLM64 | Winlogon] | AutoRestartShell : 0 -> 1

End : 20:53:21

Standby-mode restored
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 354

Power Max · Junho 18, 2014

Como está o PC?

moicanofacul · Junho 18, 2014

O erro na hora de instalar o Bitdefender continua..

Arquivado

[Arquivado] Será que é vírus?

Recommended Posts

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

moicanofacul 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

moicanofacul 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

moicanofacul 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

moicanofacul 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

moicanofacul 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

moicanofacul 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

moicanofacul 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

moicanofacul 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

moicanofacul 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Power Max 54

Compartilhar este post

Link para o post

Compartilhar em outros sites

moicanofacul 0