Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Matheus Winchester

[Resolvido] Malware Movie Mode

Recommended Posts

Ola, alguém poderia me ajudar com um problema que venho enfrentando a dois meses? É um programa que instalei sem querer o MOVIE MODE , já desinstalei , usei ADW CLEANER, entre outros programas mas ele não sai do meu notebook. Fica sempre aparecendo a tela de fundo preto nos videos do youtube e as malditas propagandas fakes na net, se puderem ajudem eu agradeço. Muito obrigado.

 

Att;

 

Matheus Silva

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá.

 

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que está em C:\AdwCleaner\AdwCleaner[s0].txtpara que possamos analisá-lo

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não consegui anexar aqui na resposta, mas aqui vai o relatório por escrito igual como está lá. obrigado pela ajuda:

# AdwCleaner v3.215 - Relatório criado 09/07/2014 às 02:57:09
# Atualizado 09/07/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : Evandro - MATHEUS-NOTE
# Executando de : C:\Users\Evandro\Desktop\adwcleaner_3.215.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : MovieMode
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\MovieMode
Pasta Deletada : C:\Users\Evandro\AppData\Local\MovieMode
Arquivo Deletada : C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Deletedo : HKCU\Software\AppDataLow\Software\DynConIE
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16457
-\\ Mozilla Firefox v28.0 (pt-BR)
[ Arquivo : C:\Users\Evandro\AppData\Roaming\Mozilla\Firefox\Profiles\bdchftos.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ Arquivo : C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R10].txt - [1461 octets] - [09/07/2014 01:55:59]
AdwCleaner[R11].txt - [2083 octets] - [09/07/2014 02:54:36]
AdwCleaner[R9].txt - [1333 octets] - [08/07/2014 00:45:18]
AdwCleaner[s10].txt - [1514 octets] - [09/07/2014 01:59:01]
AdwCleaner[s11].txt - [1856 octets] - [09/07/2014 02:57:09]
AdwCleaner[s8].txt - [1265 octets] - [08/07/2014 00:36:55]
AdwCleaner[s9].txt - [1385 octets] - [08/07/2014 00:47:24]
########## EOF - C:\AdwCleaner\AdwCleaner[s11].txt - [2037 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus para evitar conflitos.

 

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

:seta: Para executá-lo corretamente siga as dicas deste tutorial:

 

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

 

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ainda persiste o problema, mas segue o log:

 

Zoek.exe v5.0.0.0 Updated 11-July-2014
Tool run by Evandro on 12/07/2014 at 0:27:46,22.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Evandro\Desktop\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
12/07/2014 00:32:03 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1922861562-4234703113-2337408972-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Evandro\AppData\Roaming\Mozilla\Firefox\Profiles\bdchftos.default\prefs.js:
Added to C:\Users\Evandro\AppData\Roaming\Mozilla\Firefox\Profiles\bdchftos.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\Users\Evandro\.android deleted
C:\PROGRA~2\Probit Software deleted
C:\Users\Evandro\AppData\Roaming\System.Data.SQLite.dll deleted
C:\Users\Evandro\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Evandro\AppData\Local\nsa72E9.tmp deleted
C:\Users\Evandro\AppData\Local\CRE deleted
C:\Users\Evandro\Searches deleted
C:\Windows\Launcher.exe deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Users\Evandro\AppData\Roaming\cprecover.exe deleted
"C:\Users\Evandro\AppData\Roaming\EXECUTED" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"qoaafh@eoa-.net"="C:\Users\Evandro\AppData\Roaming\Mozilla\Firefox\Profiles\xoncbs30.default\extensions\qoaafh@eoa-.net" []
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Evandro\AppData\Roaming\Mozilla\Firefox\Profiles\bdchftos.default
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Evandro\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
2BF85B6162528E0635DD8D632EB975C8 - C:\Users\Evandro\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll - Facebook Desktop
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[05/07/2014 17:29]
mlkikmimdmmkcokjpbhmlphimiefgeol - C:\Users\Evandro\AppData\Local\CRE\mlkikmimdmmkcokjpbhmlphimiefgeol.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
mlkikmimdmmkcokjpbhmlphimiefgeol - C:\Users\Evandro\AppData\Local\CRE\mlkikmimdmmkcokjpbhmlphimiefgeol.crx[]
Google Docs - Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Supernatural Blue - Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhjocmohehcpkkpibpnlcjclcikjccc
avast Online Security - Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"newtab"="about:tabs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"newtab"="about:tabs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Start Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
"Start Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\yxrhjoqk@yuihka.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ojiexwjj@x-a.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\0_3wavc@ei-etgauyii.org deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\qoaafh@eoa-.net deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\Evandro\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Evandro\Desktop\LG P705 (Optimus L7) - SnapPea.lnk - C:\Program Files (x86)\WandouLabs\wandoujia2.exe -device=bae218050c7f4c45a0f47b0f719a48d8d9f02831 --from=desktop_remenber
C:\Users\Evandro\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Evandro\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Users\Evandro\Documents\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Evandro\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - C:\Users\Evandro\Documents\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk - C:\Users\Evandro\Documents\DAEMON Tools Lite\DT.gadget
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - C:\Users\Evandro\Documents\DAEMON Tools Lite\SPTDinst-x64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Evandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{768B8818-6582-23F5-D796-3C1DD5B0F476} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9ECE7F8B-E0D6-6241-F378-2B3E9C062A90} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A4444786-AAF7-41A7-3CD8-9E734DA47A76} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mlkikmimdmmkcokjpbhmlphimiefgeol deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\mlkikmimdmmkcokjpbhmlphimiefgeol deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Evandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Evandro\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Evandro\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Evandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0URHAUOS will be deleted at reboot
C:\Users\Evandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=42 folders=9 9964577 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Evandro\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Evandro\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Evandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Evandro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0URHAUOS" not found
==== EOF on 12/07/2014 at 1:16:02,47 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

 

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

 

Tutorial do Junkware Removal Tool

 

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Problema ainda não resolvido, esse movie mode não sai de jeito nenhum :\ , segue log :

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Evandro on 12/07/2014 at 18:52:31,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1922861562-4234703113-2337408972-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bdutil_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bdutil_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/07/2014 at 19:18:36,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Faça o download do < ZHPDiag > < NicolasCoolman.jpg> ( ... de Nicolas Coolman )

 

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

 

2aa105k.jpg

 

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

 

Tutorial de instalação e execução do aplicativo ZHPDiag

 

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue log :

 

 

~ Relatório do ZHPDiag v2014.7.9.103 - Nicolas Coolman (09/07/2014)
~ Iniciado por Evandro (13/07/2014 03:31:50)
~ Endereço do Website : http://nicolascoolman.fr
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v35.0.1916.153 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1918 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 60 GB (40%) free of 149 GB
---\\ Modo de conexão ao sistema
~ Computer Name: MATHEUS-NOTE
~ User Name: Evandro
~ All Users Names: Evandro, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Evandro\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Evandro\AppData\Roaming\
~ %Desktop% : C:\Users\Evandro\Desktop\
~ %Favorites% : C:\Users\Evandro\Favorites\
~ %LocalAppData% : C:\Users\Evandro\AppData\Local\
~ %StartMenu% : C:\Users\Evandro\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 60 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.5121DB613E10A46A3C5085B479026AA7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.05/01/2013 - 02:13:30.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.31/08/2012 - 15:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/4
~ Mes musiques (My Musics) : 1/1186
~ Mes Videos (My Videos) : 1/8
~ Mes Favoris (My Favorites) : 1/61
~ Mes Documents (My Documents) : 2/193
~ Mon Bureau (My Desktop) : 52/2407
~ Menu demarrer (Programs) : 1/15
~ Hidden Files: Scanned in 00mn 13s
---\\ Processos lançados
[MD5.3433CF435F84B24965A8202118F41A7A] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe [1322832] [PID.2784] =>P2P.BitTorrent
[MD5.27D920B1FD2FC808FBE88A8BBAF53F9C] - (...) -- C:\Users\Evandro\AppData\Roaming\Wandoujia2\Applications\2.69.0.5457\wandoujia_helper.exe [258944] [PID.2008]
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.1908]
[MD5.70998FD1D370D4F600F0CEA1190F229F] - (...) -- C:\Users\Evandro\AppData\Roaming\Wandoujia2\Applications\2.69.0.5457\wandoujia2.exe [243584] [PID.3524]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.1288]
[MD5.736F14A085B0CD73291A1C83B5551A7E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8074752] [PID.2052]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1140]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1688]
[MD5.1A18EBD87AA9FBF6EFE8CFADA08D0275] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304] [PID.1804]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.1940]
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.1972]
[MD5.ABBECBCF1817D1158ED388460CCEE416] - (.GenTechnologies Apps, LLC - MovieMode Service.) -- C:\ProgramData\ilKUPBu\ftRaOydPDw.exe [2315632] [PID.2080] =>PUP.MovieMode
[MD5.53C740150C082AAF3C7D21C1D6A9FF98] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552] [PID.2512]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [user Data\Default] [dhdfnmfeplaifhedhlkpdlneaakejndj] Supernatural Green v.1 (Activé)
G2 - GCE: Preference [user Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [user Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 20 Legitimates Filtered in 00mn 11s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chave orfã
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Evandro]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Evandro]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 04s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Evandro\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] Chave orfã
O4 - HKCU\..\Run: [Tok-Cirrhatus-2223] C:\Users\Evandro\AppData\Local\br5469on.exe (.not file.)
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Users\Evandro\Documents\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [PSafeTray] C:\Program Files (x86)\PSafe\PSafeSysTray.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [PSafeWDS] C:\Program Files (x86)\PSafe\PSafeWDS.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [fst_br_127] Chave orfã
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1922861562-4234703113-2337408972-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Evandro\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1922861562-4234703113-2337408972-1000\..\Run: [Tok-Cirrhatus] Chave orfã
O4 - HKUS\S-1-5-21-1922861562-4234703113-2337408972-1000\..\Run: [Tok-Cirrhatus-2223] C:\Users\Evandro\AppData\Local\br5469on.exe (.not file.)
O4 - HKUS\S-1-5-21-1922861562-4234703113-2337408972-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-1922861562-4234703113-2337408972-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Users\Evandro\Documents\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CC0E14A-E4F0-4D30-9733-C9BC079E65CC}: NameServer = 96.31.89.141,65.111.171.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F1D993-F1BD-4BE9-964D-912B5763A2AB}: NameServer = 96.31.89.141,65.111.171.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CC0E14A-E4F0-4D30-9733-C9BC079E65CC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CC0E14A-E4F0-4D30-9733-C9BC079E65CC}: NameServer = 96.31.89.141,65.111.171.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{D1F1D993-F1BD-4BE9-964D-912B5763A2AB}: NameServer = 96.31.89.141,65.111.171.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CC0E14A-E4F0-4D30-9733-C9BC079E65CC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CC0E14A-E4F0-4D30-9733-C9BC079E65CC}: NameServer = 96.31.89.141,65.111.171.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{D1F1D993-F1BD-4BE9-964D-912B5763A2AB}: NameServer = 96.31.89.141,65.111.171.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CC0E14A-E4F0-4D30-9733-C9BC079E65CC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project - Firebird SQL Server.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: ftRaOydPDw (ftRaOydPDw) . (.GenTechnologies Apps, LLC - MovieMode Service.) - C:\ProgramData\ilKUPBu\ftRaOydPDw.exe =>PUP.MovieMode
O23 - Service: PSafeSVC (PSafeSVC) . (...) - C:\Program Files (x86)\PSafe\PSafesvc.exe (.not file.)
~ Services: 6 Legitimates Filtered in 00mn 18s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [PenWes] (...) -- C:\Program Files (x86)\PenWes\penwes.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3AA84535-EF0E-4C4D-9B83-1362CC9A897C}] (...) -- C:\Users\Evandro\Desktop\brasfoot2012.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4E96E019-E025-4C08-B710-D98F6E95BF41}] (...) -- C:\Users\Evandro\Downloads\ICRTool.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5A369298-B40B-4ED2-9B51-757270A33DAD}] (...) -- C:\Program Files (x86)\MAGICD~1\UNWISE.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5C79DF15-2416-494F-932D-765694364DAF}] (...) -- C:\Users\Evandro\Downloads\red-alert_manager_0.98.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5F228163-596F-4763-8347-86ECACD09B35}] (...) -- C:\Users\Evandro\Desktop\brasfoot2013_.exe (.not file.) [0]
[MD5.64E7FA76F6EE1F9A3FF294E97D1AAB28] [APT] [{71ADD7D8-D9C0-4065-9D89-9BFA904CA200}] (.Software Design.) -- C:\Windows\SDUnInst.exe [86016]
[MD5.00000000000000000000000000000000] [APT] [{73B98DDF-C1CF-4315-A2A6-55159BC527E8}] (...) -- C:\Users\Evandro\Desktop\brasfoot_2013.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A3617D50-3776-430C-84EF-867C99784B23}] (...) -- C:\Users\Evandro\Downloads\creativity_mmfull_baixaki.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AF8ECBC0-F9E7-4919-BCF1-3B9375AA1859}] (...) -- C:\Users\Evandro\Desktop\Atualiza‡Æo BrasileirÆo S‚ries Aé B e C 2012 - Brasfoot 2012.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C70655C5-BA19-47E7-8A77-DAFEBE388E44}] (...) -- E:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CD94CB23-ACF9-4828-9773-7504E901D55D}] (...) -- C:\ProgramData\MovieMode\uninstall.exe (.not file.) [0] =>PUP.MovieMode
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1922861562-4234703113-2337408972-1000Core [914]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1922861562-4234703113-2337408972-1000UA [936]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 29 Legitimates Filtered in 00mn 11s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (360FltOEM) . (.360.cn - 360HipsOEM.) - C:\Windows\System32\DRIVERS\360FltOEM.sys
~ Drivers: 78 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\8.1]
[HKCU\Software\Baidu Security]
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot]
[HKCU\Software\Orolix]
[HKCU\Software\PCDataApp]
[HKCU\Software\Pando Networks]
[HKCU\Software\Spacial]
[HKCU\Software\VISCOM Speaker]
[HKCU\Software\WandouLabs]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Orolix]
[HKLM\Software\Wow6432Node\PCDataApp]
[HKLM\Software\Wow6432Node\Pando Networks]
~ Key Software: 220 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/05/2013 - 20:28:51 - [0] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 12/01/2013 - 21:14:51 - [0] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 27/10/2013 - 17:52:07 - [] ----D C:\Program Files (x86)\WandouLabs
O43 - CFD: 28/06/2014 - 14:30:55 - [] ----D C:\ProgramData\ilKUPBu
O43 - CFD: 01/05/2013 - 18:16:05 - [] ----D C:\Users\Evandro\AppData\Roaming\Baidu Security
O43 - CFD: 13/01/2013 - 16:23:51 - [] ----D C:\Users\Evandro\AppData\Roaming\InternetExplorer9_0Packages
O43 - CFD: 12/07/2014 - 01:17:15 - [] ----D C:\Users\Evandro\AppData\Roaming\Wandoujia2
O43 - CFD: 06/04/2014 - 00:23:29 - [] ----D C:\Users\Evandro\AppData\Roaming\WandoujiaUsbDriver
O43 - CFD: 20/09/2013 - 13:38:33 - [0] ----D C:\Users\Evandro\AppData\Local\Bron.tok-17-20 =>Worm.Brontok
O43 - CFD: 21/09/2013 - 00:01:02 - [0] ----D C:\Users\Evandro\AppData\Local\Bron.tok-17-21 =>Worm.Brontok
O43 - CFD: 20/09/2013 - 13:55:16 - [] ----D C:\Users\Evandro\AppData\Local\Loc.Mail.Bron.Tok =>Worm.Brontok
O43 - CFD: 12/07/2014 - 23:30:41 - [] ----D C:\Users\Evandro\AppData\Local\MovieMode =>PUP.MovieMode
O43 - CFD: 20/09/2013 - 13:46:29 - [0] ----D C:\Users\Evandro\AppData\Local\Ok-SendMail-Bron-tok =>Worm.Brontok
O43 - CFD: 13/01/2014 - 19:51:01 - [] ----D C:\Users\Evandro\AppData\Local\Wandoujia2
~ Program Folder: 143 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.E4ABC023E251D2BB6B98C9FCAF5CF16D] - 05/07/2014 - 17:29:32 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys [44640]
O44 - LFC:[MD5.D95E64416A4A3ED6986E0F474DA934BD] - 05/07/2014 - 17:29:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 12/07/2014 - 00:13:35 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.4576B68A88BB2B69229EB9D9CED1A727] - 12/07/2014 - 01:16:02 ---A- . (...) -- C:\zoek-results.log [30887]
O44 - LFC:[MD5.147E5D9AADE51521E188129673A6A638] - 12/07/2014 - 01:19:49 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146594]
O44 - LFC:[MD5.1D94BA7F95778823A8C4ECE5FB87C833] - 12/07/2014 - 01:19:49 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [703808]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/06/2014 - 12:14:27 ---A- . (...) -- C:\autoexec.bat [0]
~ Files: 26 Legitimates Filtered in 00mn 07s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{f6f1fa60-54e7-11e2-b18d-0017c4371b70}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:10/01/2013 - 17:37:18 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:05/07/2014 - 17:29:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:05/07/2014 - 17:29:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:05/07/2014 - 17:29:32 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys [44640]
O58 - SDL:05/07/2014 - 17:29:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:08/08/2011 - 15:13:12 ---A- . (.SysProgs.org - WinCDEmu virtual CDROM bus.) -- C:\Windows\System32\Drivers\BazisVirtualCDBus.sys [198480]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:28/06/2014 - 14:02:46 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:28/09/2012 - 10:32:56 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [53760]
~ Drivers: 72 Legitimates Filtered in 00mn 07s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 10/01/2013 - C:\Windows\System32\DRIVERS\360FltOEM.sys (360FltOEM) .(.360.cn - 360HipsOEM.) - LEGACY_360FLTOEM
O64 - Services: CurCS - 05/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 85 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Beamrise.PGU3ZXX2HFKW42R4HM37QP4O6U> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Evandro\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.733048FA01ECB4A72701FD3976DBED1A] [sPRF][04/03/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.97263CBF293F6C06650225F35CDE1F9C] [sPRF][28/02/2014] (...) -- C:\Users\Evandro\AppData\Roaming\sqlite3.dll [491732]
[MD5.DB95B03031E66AC45495EDF1D16B8887] [sPRF][09/07/2014] (...) -- C:\Users\Evandro\Desktop\adwcleaner_3.215.exe [1348263]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{062A9E27-BCB7-4291-A53E-CF5359AB88B2}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{15B07CC9-6520-4BF7-96FB-38B9576CE83D}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{DC2430FF-A096-4B8C-91EE-4D253A141B38}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{68EFBA77-AA27-4AD7-A691-A1D3DE1ADC20}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 03s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 1 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BeamriseSetup_RASAPI32 =>Hijacker.Beamrise
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BeamriseSetup_RASMANCS =>Hijacker.Beamrise
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BetterInstaller_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BetterInstaller_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASAPI32 =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASMANCS =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\freeSoftToday_widget_RASAPI32 =>Adware.FreeSoftToday
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\freeSoftToday_widget_RASMANCS =>Adware.FreeSoftToday
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freeven pro 1_RASAPI32 =>PUP.Freeven
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Freeven pro 1_RASMANCS =>PUP.Freeven
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HomeTab_old_RASAPI32 =>PUP.CertifiedToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HomeTab_old_RASMANCS =>PUP.CertifiedToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MediaPlayerplus-codedownloader_RASAPI32 =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MediaPlayerplus-codedownloader_RASMANCS =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MediaPlayerplus-novainstaller_RASAPI32 =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MediaPlayerplus-novainstaller_RASMANCS =>PUP.CrossRider
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Optimizer Elite Max_RASAPI32 =>PUP.OptimizerEliteMax
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Optimizer Elite Max_RASMANCS =>PUP.OptimizerEliteMax
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchYaLatest_RASAPI32 =>Adware.SearchYa
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchYaLatest_RASMANCS =>Adware.SearchYa
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASAPI32 =>Adware.Downware
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VOPackage_RASMANCS =>Adware.Downware
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV2_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdaterV2_RASMANCS =>PUP.Wajam
~ BTK: 593 Legitimates Filtered in 00mn 02s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 10/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/07/1658 0 | (PSafeSVC) . (...) - C:\Program Files (x86)\PSafe\PSafesvc.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 05/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 17/09/2010 98304 | (FirebirdGuardianDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
SR - | Demand 17/09/2010 3735552 | (FirebirdServerDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
SR - | Auto 28/06/2014 2315632 | (ftRaOydPDw) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\ilKUPBu\ftRaOydPDw.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 20s
---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:28/06/2014 - 14:02:46 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]
~ Emulateurs: Scanned in 00mn 20s
---\\ Scâner Aditional (088)
Database Version : 13026 - (09/07/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 2
[HKLM\SYSTEM\CurrentControlSet\Services\ftRaOydPDw] =>PUP.MovieMode^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply] =>PUP.DealPly
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\Evandro\AppData\Local\Bron.tok-17-20 =>Worm.Brontok^
C:\Users\Evandro\AppData\Local\Bron.tok-17-21 =>Worm.Brontok^
C:\Users\Evandro\AppData\Local\Loc.Mail.Bron.Tok =>Worm.Brontok^
C:\Users\Evandro\AppData\Local\MovieMode =>PUP.MovieMode^
C:\Users\Evandro\AppData\Local\Ok-SendMail-Bron-tok =>Worm.Brontok^
C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\ProgramData\ilKUPBu\ftRaOydPDw.exe =>PUP.MovieMode^
~ Additionnel Scan: 219712 Items scanned in 01mn 17s
---\\ Informações complémentaires do módulos
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03))
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 14 link(s) detected in 00mn 00s
~ 758 Legitimates filtered by white list
End of the scan (528 lines in 04mn 05s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.

________________________________________________________________________

 

Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

 

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

 

Copie este relatório e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu não entendo muito disso mas as propagandas pararam so que é não sei se é normal ainda no youtube ficar aquele fundo preto mas segue o log aguardo alguma orientação ou instrução se for preciso, muito obrigado até aqui :) :

 

Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Evandro at 13/07/2014 23:17:40
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 08s)
Reparação de atalhos do navegador
========== Estado dos serviços ==========
360FLTOEM Parado
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: StartMenuInternet: C:\Users\Evandro\AppData\Local\Beamrise\Application\beamrise.exe
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\programdata\ilkupbu\ftraoydpdw.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\360fltoem.sys
ELIMINÉ Temporários windows (2) (714 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
4 : Ficheiros
1 : Estado dos serviços
1 : Restauração Sistema
End of clean in 01mn 15s
========== Caminho do ficheiro do relatório ==========
C:\Users\Evandro\AppData\Roaming\ZHP\ZHPFix[R1].txt - 13/07/2014 23:05:32 [5106]
C:\Users\Evandro\AppData\Roaming\ZHP\ZHPFix[R2].txt - 13/07/2014 23:17:48 [1500]

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Abra novamente o ( ZHPDiag )

 

ZHPDiag_Pergaminho2_zps6e758639.jpg

 

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

 

ZHPDiag_Pesquisar_zps3acb0f25.jpg

 

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

 

zhpdia11.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue :

 

~ Relatório do ZHPDiag v2014.7.13.104 - Nicolas Coolman (13/07/2014)
~ Iniciado por Evandro (13/07/2014 23:54:33)
~ Endereço do Website : http://nicolascoolman.fr
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v35.0.1916.153 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.15
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1918 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 60 GB (40%) free of 149 GB
---\\ Modo de conexão ao sistema
~ Computer Name: MATHEUS-NOTE
~ User Name: Evandro
~ All Users Names: Evandro, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Evandro\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Evandro\AppData\Roaming\
~ %Desktop% : C:\Users\Evandro\Desktop\
~ %Favorites% : C:\Users\Evandro\Favorites\
~ %LocalAppData% : C:\Users\Evandro\AppData\Local\
~ %StartMenu% : C:\Users\Evandro\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 60 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.5121DB613E10A46A3C5085B479026AA7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.05/01/2013 - 02:13:30.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.31/08/2012 - 15:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/4
~ Mes musiques (My Musics) : 1/1186
~ Mes Videos (My Videos) : 1/8
~ Mes Favoris (My Favorites) : 1/61
~ Mes Documents (My Documents) : 2/194
~ Mon Bureau (My Desktop) : 52/2458
~ Menu demarrer (Programs) : 1/14
~ Hidden Files: Scanned in 00mn 14s
---\\ Processos lançados
[MD5.3433CF435F84B24965A8202118F41A7A] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe [1322832] [PID.2172] =>P2P.BitTorrent
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.2540]
[MD5.27D920B1FD2FC808FBE88A8BBAF53F9C] - (...) -- C:\Users\Evandro\AppData\Roaming\Wandoujia2\Applications\2.69.0.5457\wandoujia_helper.exe [258944] [PID.2792]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.3176]
[MD5.67CE28A336E8E0B4F24FD72815C2F3B7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8076288] [PID.3612]
[MD5.73F5C13B431915BAE35254B4E95DFB71] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1136]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1688]
[MD5.1A18EBD87AA9FBF6EFE8CFADA08D0275] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304] [PID.1756]
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.1924]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.1960]
[MD5.53C740150C082AAF3C7D21C1D6A9FF98] - (.Firebird Project - Firebird SQL Server.) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552] [PID.2764]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [user Data\Default] [dhdfnmfeplaifhedhlkpdlneaakejndj] Supernatural Green v.1 (Activé)
G2 - GCE: Preference [user Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [user Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 20 Legitimates Filtered in 00mn 15s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chave orfã
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Evandro]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Evandro]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 04s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CC0E14A-E4F0-4D30-9733-C9BC079E65CC}: NameServer = 96.31.89.141,65.111.171.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F1D993-F1BD-4BE9-964D-912B5763A2AB}: NameServer = 96.31.89.141,65.111.171.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CC0E14A-E4F0-4D30-9733-C9BC079E65CC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CC0E14A-E4F0-4D30-9733-C9BC079E65CC}: NameServer = 96.31.89.141,65.111.171.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{D1F1D993-F1BD-4BE9-964D-912B5763A2AB}: NameServer = 96.31.89.141,65.111.171.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CC0E14A-E4F0-4D30-9733-C9BC079E65CC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CC0E14A-E4F0-4D30-9733-C9BC079E65CC}: NameServer = 96.31.89.141,65.111.171.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{D1F1D993-F1BD-4BE9-964D-912B5763A2AB}: NameServer = 96.31.89.141,65.111.171.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CC0E14A-E4F0-4D30-9733-C9BC079E65CC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) --
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project - Firebird SQL Server.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
~ Services: 5 Legitimates Filtered in 00mn 21s
---\\ Tarefas planificadas automaticamente (039)
[MD5.64E7FA76F6EE1F9A3FF294E97D1AAB28] [APT] [{71ADD7D8-D9C0-4065-9D89-9BFA904CA200}] (.Software Design.) -- C:\Windows\SDUnInst.exe [86016]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1922861562-4234703113-2337408972-1000Core [914]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1922861562-4234703113-2337408972-1000UA [936]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 08s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\8.1]
[HKCU\Software\Brasfoot2013]
[HKCU\Software\Brasfoot]
[HKCU\Software\Spacial]
[HKCU\Software\VISCOM Speaker]
[HKCU\Software\WandouLabs]
[HKCU\Software\superdownloads.com.br]
~ Key Software: 208 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/05/2013 - 20:28:51 - [0] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 12/01/2013 - 21:14:51 - [0] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 27/10/2013 - 17:52:07 - [] ----D C:\Program Files (x86)\WandouLabs
O43 - CFD: 13/01/2013 - 16:23:51 - [] ----D C:\Users\Evandro\AppData\Roaming\InternetExplorer9_0Packages
O43 - CFD: 13/07/2014 - 19:26:04 - [] ----D C:\Users\Evandro\AppData\Roaming\Wandoujia2
O43 - CFD: 06/04/2014 - 00:23:29 - [] ----D C:\Users\Evandro\AppData\Roaming\WandoujiaUsbDriver
O43 - CFD: 13/01/2014 - 19:51:01 - [] ----D C:\Users\Evandro\AppData\Local\Wandoujia2
~ Program Folder: 136 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.E4ABC023E251D2BB6B98C9FCAF5CF16D] - 05/07/2014 - 17:29:32 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys [44640]
O44 - LFC:[MD5.D95E64416A4A3ED6986E0F474DA934BD] - 05/07/2014 - 17:29:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 12/07/2014 - 00:13:35 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.4576B68A88BB2B69229EB9D9CED1A727] - 12/07/2014 - 01:16:02 ---A- . (...) -- C:\zoek-results.log [30887]
O44 - LFC:[MD5.147E5D9AADE51521E188129673A6A638] - 12/07/2014 - 01:19:49 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146594]
O44 - LFC:[MD5.1D94BA7F95778823A8C4ECE5FB87C833] - 12/07/2014 - 01:19:49 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [703808]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/06/2014 - 12:14:27 ---A- . (...) -- C:\autoexec.bat [0]
~ Files: 22 Legitimates Filtered in 00mn 08s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{f6f1fa60-54e7-11e2-b18d-0017c4371b70}\AutoRun\command. (...) -- E:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:10/01/2013 - 17:37:18 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:05/07/2014 - 17:29:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:05/07/2014 - 17:29:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:05/07/2014 - 17:29:32 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys [44640]
O58 - SDL:05/07/2014 - 17:29:49 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [224896] =>.ALWIL Software
O58 - SDL:08/08/2011 - 15:13:12 ---A- . (.SysProgs.org - WinCDEmu virtual CDROM bus.) -- C:\Windows\System32\Drivers\BazisVirtualCDBus.sys [198480]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:28/06/2014 - 14:02:46 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:28/09/2012 - 10:32:56 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [53760]
~ Drivers: 72 Legitimates Filtered in 00mn 13s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 05/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 85 Legitimates Filtered in 00mn 01s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.733048FA01ECB4A72701FD3976DBED1A] [sPRF][04/03/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.97263CBF293F6C06650225F35CDE1F9C] [sPRF][28/02/2014] (...) -- C:\Users\Evandro\AppData\Roaming\sqlite3.dll [491732]
[MD5.DB95B03031E66AC45495EDF1D16B8887] [sPRF][09/07/2014] (...) -- C:\Users\Evandro\Desktop\adwcleaner_3.215.exe [1348263]
~ Files: 5 Legitimates Filtered in 00mn 01s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{062A9E27-BCB7-4291-A53E-CF5359AB88B2}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{15B07CC9-6520-4BF7-96FB-38B9576CE83D}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{DC2430FF-A096-4B8C-91EE-4D253A141B38}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{68EFBA77-AA27-4AD7-A691-A1D3DE1ADC20}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 03s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 571 Legitimates Filtered in 00mn 02s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 10/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 05/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 17/09/2010 98304 | (FirebirdGuardianDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
SR - | Demand 17/09/2010 3735552 | (FirebirdServerDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 20s
---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:28/06/2014 - 14:02:46 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [386680]
~ Emulateurs: Scanned in 00mn 20s
---\\ Scâner Aditional (088)
Database Version : 13026 - (13/07/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
C:\Users\Evandro\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 219354 Items scanned in 01mn 33s
---\\ Informações complémentaires do módulos
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03))
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 723 Legitimates filtered by white list
End of the scan (425 lines in 04mn 18s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Este procedimento abaixo é mais demorado. Se você quiser, pode deixar para fazê-lo amanhã.

 

:seta: Faça o download do Malwarebytes em um destes links abaixo:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

http://downloads.malwarebytes.org/mbam-download.php

 

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

 

Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue Log :

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
Data de Verificação: 14/07/2014
Hora da Verificação: 16:49:18
Logfile: log.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.07.14.10
Rootkit Database: v2014.07.09.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado
OS: Windows 7 Service Pack 1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Evandro
Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 384682
Tempo Decorrido: 2 hr, 48 min, 24 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 0
(No malicious items detected)
Módulos: 0
(No malicious items detected)
Chaves de Registro: 3
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Freeven pro 1.2, Quarantined, [da98653aef8c8ea8c76c6a59e71b32ce],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, Quarantined, [8ae8277883f8a6901b35686d6d959f61],
PUP.Optional.Qone8, HKU\S-1-5-21-1922861562-4234703113-2337408972-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [254dffa073087fb77bd6eb19729224dc],
Valores de Registro: 0
(No malicious items detected)
Dados do Registro: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[92e0237c6714ec4abc98ddc3d82cfc04]
Pastas: 0
(No malicious items detected)
Arquivos: 17
PUP.Hacktool.PasswordViewer, C:\Program Files (x86)\SecurityXploded\FacebookPasswordDecryptor\FacebookPasswordDecryptor.exe, Quarantined, [284ae5baf487c96d4339b95437ca966a],
Adware.MovieMode, C:\Users\Evandro\AppData\Roaming\ZHP\Quarantine\ftraoydpdw.exe.VIR, Quarantined, [5e14554a14675bdba2759ccee31edd23],
Adware.MovieMode, C:\Users\Evandro\AppData\Roaming\ZHP\Quarantine\ilKUPBu.DIR\ilKUPBu\dat\dkXeagsu.exe, Quarantined, [cea4f5aa502b7fb78a8d5218e41d08f8],
PUP.Optional.MovieMode.A, C:\Users\Evandro\AppData\Roaming\ZHP\Quarantine\ilKUPBu.DIR\ilKUPBu\dat\gKtEcHaFaxC.dll, Quarantined, [f37f712eb4c71b1bde8f127f8e7623dd],
Adware.MovieMode, C:\Users\Evandro\AppData\Roaming\ZHP\Quarantine\ilKUPBu.DIR\ilKUPBu\dat\XwVbBMAacl.exe, Quarantined, [83ef712eff7c1620987fb5b58b769d63],
PUP.Optional.OpenCandy, C:\Users\Evandro\Documents\PhotoScape_V3-6-5.exe, Quarantined, [6b07ffa0df9cbc7ad20e7d47e3216e92],
PUP.Optional.Softonic, C:\Users\Evandro\Favorites\SoftonicDownloader_para_zoner-photo-studio.exe, Quarantined, [f082d7c825567bbb7199c547926f60a0],
PUP.Optional.Montera.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchYa!\1.5.25.0\searchyaApp.dll.vir, Quarantined, [b8ba930c4239ba7c4e000a6e4ab7f010],
PUP.Optional.Montera.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchYa!\1.5.25.0\searchyaEng.dll.vir, Quarantined, [660c4659f98277bf84ca1b5d7e83f40c],
PUP.Optional.SearchYa.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchYa!\1.5.25.0\searchyasrv.exe.vir, Quarantined, [7ff3207f285351e52875e6920cf559a7],
PUP.Optional.Montera.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchYa!\1.5.25.0\searchyaTlbr.dll.vir, Quarantined, [98dac8d7cbb06fc7b49aaace639e3cc4],
PUP.Optional.Montera.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchYa!\1.5.25.0\bh\searchya.dll.vir, Quarantined, [0d65e2bd94e7f73f3d111d5ba65b8e72],
PUP.Optional.SilentInstall.A, C:\AdwCleaner\Quarantine\C\ProgramData\saffe saove\uninstall.exe.vir, Quarantined, [284a6b34fd7ee1552c05fc142bd6e917],
PUP.Optional.SilentInstall.A, C:\AdwCleaner\Quarantine\C\ProgramData\saffE save\uninstall.exe.vir, Quarantined, [244e603f780373c33ff2947cea1737c9],
PUP.Optional.DealPly.A, C:\AdwCleaner\Quarantine\C\Users\Evandro\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir, Quarantined, [383a722d156659ddfb457da18779728e],
PUP.Optional.Desk365.A, C:\AdwCleaner\Quarantine\C\Users\Evandro\AppData\Roaming\Desk 365\components\component_libcef_1.963.439.exe.vir, Quarantined, [e092158a453671c5d7ab3b8ade26bb45],
PUP.Optional.MovieMode.A, C:\Windows\SysWOW64\MovieMode.48CA2AEFA22D.dll, Quarantined, [6210ebb4c2b986b00927b318ce34de22],
Physical Sectors: 0
(No malicious items detected)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tá bem melhor, obrigado pela ajuda, não aparecem mais as propagandas, só no youtube mesmo que fica aquele fundo preto quando eu aumento a janela do video, mas n sei se tem alguma importância. Bom mas as propagandas desapareceram e até o note está mais rápido. Se tiver mais alguma dica aceito, se não, muito obrigado pelo tempo seu tempo :) me ajudou muito!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Só para finalizar siga estes tutoriais abaixo, por gentileza:

 

Excluindo erros e otimizando seu PC com o CCleaner

 

Elimine arquivos inúteis de seu PC com o PureRa

_______________________________________________________________________________________________________________________

 

:seta: Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial.

_______________________________________________________________________________________________________________________

 

:) Foi um prazer ajudar. Conte sempre conosco!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.