Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Mário Monteiro

[Resolvido] "Hot Deals!" pop-up ads

Recommended Posts

Comecou a surgir diversos popups "Hot Deals!" com propagandas diversas em todas as paginas que navego

 

Fiz umas pesquisas e parece ser algum Malware

 

Gostaria de saber como remover completamente

 

Obrigado

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:56:09, on 22/07/2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.17126)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: NetCrawl - {769a91da-209f-47fe-88b9-b0321b0982c8} - C:\Program Files (x86)\NetCrawl\NetCrawlbho.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe

O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe

O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Update NetCrawl - Unknown owner - C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe

O23 - Service: Util NetCrawl - Unknown owner - C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 11259 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Olá Mário.

 

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

 

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

 

Remova adwares e toolbars maliciosas com o Adwcleaner

 

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v3.216 - Relatório criado 22/07/2014 às 16:34:12

# Atualizado 17/07/2014 por Xplode

# Sistema Operacional : Windows 8.1 Single Language (64 bits)

# Usuário : Mario - MARIO

# Executando de : C:\Users\Mario\Desktop\AdwCleaner.exe

# Opção : Limpar

 

***** [ Serviços ] *****

 

[#] Serviço Deletada : Update NetCrawl

[#] Serviço Deletada : Util NetCrawl

 

***** [ Arquivos / Pastas ] *****

 

Pasta Deletada : C:\ProgramData\baidu

[!] Pasta Deletada : C:\Program Files (x86)\NetCrawl

Pasta Deletada : C:\Users\Mario\AppData\Local\Funmoods

Pasta Deletada : C:\Users\Mario\AppData\Local\Temp\NetCrawl

Pasta Deletada : C:\Users\Mario\AppData\Roaming\baidu

Pasta Deletada : C:\Users\Public\Documents\baidu

Arquivo Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk

Arquivo Deletada : C:\Users\Mario\AppData\Local\funmoods-speeddial.crx

Arquivo Deletada : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\9kjqzfga.default\user.js

Arquivo Deletada : C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

Arquivo Deletada : C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

 

***** [ Atalhos ] *****

 

 

***** [ Registro ] *****

 

Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{769A91DA-209F-47FE-88B9-B0321B0982C8}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769A91DA-209F-47FE-88B9-B0321B0982C8}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{769A91DA-209F-47FE-88B9-B0321B0982C8}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Chave Deletedo : HKCU\Software\Funmoods

Chave Deletedo : HKCU\Software\InstallCore

Chave Deletedo : HKCU\Software\NetCrawl

Chave Deletedo : HKLM\Software\NetCrawl

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetCrawl

 

***** [ Navegadores ] *****

 

-\\ Internet Explorer v11.0.9600.17126

 

 

-\\ Mozilla Firefox v30.0 (pt-BR)

 

[ Arquivo : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\9kjqzfga.default\prefs.js ]

 

 

-\\ Google Chrome v36.0.1985.125

 

[ Arquivo : C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deletedo [Extension] : bbjciahceamgodcoidkjpchnokgfpphh

Deletedo [Extension] : cjpglkicenollcignonpgiafdgfeehoj

 

*************************

 

AdwCleaner[R0].txt - [3815 octets] - [22/07/2014 16:33:24]

AdwCleaner[s0].txt - [3509 octets] - [22/07/2014 16:34:12]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3569 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus para evitar conflitos.

 

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

:seta: Para executá-lo corretamente siga as dicas deste tutorial:

 

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

 

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok

 

Só terei acesso ao computador novamente amanha

 

Assim que chegar em casa faço os procedimentos solicitados

Compartilhar este post


Link para o post
Compartilhar em outros sites

Zoek.exe v5.0.0.0 Updated 24-07-2014

Tool run by Mario on 24/07/2014 at 8:49:14,59.

Microsoft Windows 8.1 Single Language 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Mario\Desktop\zoek.exe [scan all users] [script inserted]

 

==== System Restore Info ======================

 

24/07/2014 08:52:01 Zoek.exe System Restore Point Created Succesfully.

 

==== Reset Hosts File ======================

 

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

 

127.0.0.1 localhost

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== FireFox Fix ======================

 

Deleted from C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\9kjqzfga.default\prefs.js:

user_pref("browser.startup.homepage", "http://forum.imasters.com.br/forum/113-bolao-imasters/");

 

Added to C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\9kjqzfga.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\NetCrawl deleted

C:\Users\Mario\AppData\Local\funmoods_2.3.8.crx deleted

C:\Users\Mario\Searches deleted

C:\windows\SysNative\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

"C:\Windows\Installer\a5c1e52.msi" deleted

 

==== Firefox Extensions ======================

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

 

==== Chrome Look ======================

 

Google Docs - Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

AdBlock - Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Google Mail Checker - Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff

Google Wallet - Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{C53F04B8-6BFE-422A-AE11-904A293C87E6} Unknown Url="Not_Found"

 

==== Reset Google Chrome ======================

 

C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-3056077811-389232429-1466393426-1002\Software\Microsoft\Internet Explorer\SearchScopes\{C53F04B8-6BFE-422A-AE11-904A293C87E6} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== shortcuts in Users Start Menu ======================

 

C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\Mario's Nexus.lnk - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7UI.exe 1c:66:aa:e3:6e:c9

C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Mario\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm

C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt

C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -

C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

 

==== shortcuts in All Users Start Menu ======================

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\My Dell\My Dell.lnk - C:\Program Files\My Dell\pcdlauncher.exe -lloc dsc

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\My Dell\PC Checkup.lnk - C:\Program Files\My Dell\pcdlauncher.exe -startingpage pccheckup -lloc pccheckup

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Desinstalar hao123.lnk - C:\Users\Mario\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe -uninstall

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee Internet Security.lnk - C:\Program Files (x86)\mcafee.com\agent\mcagent.exe /desktopicon /platui

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe /design

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

 

==== shortcuts in Quick Launch ======================

 

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -

C:\Users\Mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Mario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

 

==== Reset IE Proxy ======================

 

Value(s) before fix:

"ProxyEnable"=dword:00000000

 

Value(s) after fix:

"ProxyEnable"=dword:00000000

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Mario\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Mario\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

C:\Users\Mario\AppData\Local\Mozilla\Firefox\Profiles\9kjqzfga.default\Cache emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=15 folders=4 1588059 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Mario\AppData\Local\Temp will be emptied at reboot

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Mario\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on 24/07/2014 at 9:13:44,02 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

 

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

 

Tutorial do Junkware Removal Tool

 

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8.1 Single Language x64

Ran by Mario on 24/07/2014 at 12:06:32,31

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 24/07/2014 at 12:12:32,29

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Faça o download do < ZHPDiag > < NicolasCoolman.jpg> ( ... de Nicolas Coolman )

 

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

 

2aa105k.jpg

 

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

 

Tutorial de instalação e execução do aplicativo ZHPDiag

 

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

~ Relatório do ZHPDiag v2014.7.24.108 - Nicolas Coolman (24/07/2014)

~ Iniciado por Mario (25/07/2014 10:08:02)

~ Endereço do Website : http://nicolascoolman.fr

~ Endereço do Webforum : http://forum.nicolascoolman.fr

~ Tradução pelo utilizador

~ Estatuto da versão : Versão atualizada.

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Activate by user

 

 

---\\ Navegadores Internet

MSIE: Internet Explorer v11.0.9600.17207

MFIE: Mozilla Firefox 30.0

GCIE: Google Chrome v36.0.1985.125 (Defaut)

 

---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 8.1 Single Language, 64-bit (Build 9600)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

 

---\\ Softwares de proteçao do sistema

McAfee Internet Security v12.8.958

Windows Defender W8 (Deactivate)

 

---\\ Softwares d'optimização do sistema

 

---\\ Softwares de partilha do PeerToPeer (P2P)

 

---\\ Monitoramento dos softwares

Java 7 Update 60

 

---\\ Informações sobre o sistema

~ Processor: Intel64 Family 6 Model 69 Stepping 1, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 8096 MB (70% free)

System Restore: Activé (Enable)

System drive C: has 786 GB (85%) free of 921 GB

 

---\\ Modo de conexão ao sistema

~ Computer Name: MARIO

~ User Name: Mario

~ All Users Names: Mario, HomeGroupUser$, Convidado, Administrador,

~ Unselected Option: 045,061,O62,065,066,080,O82,089

Logged in as Administrator

 

---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\Mario\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Mario\AppData\Roaming\

~ %Desktop% : C:\Users\Mario\Desktop\

~ %Favorites% : C:\Users\Mario\Favorites\

~ %LocalAppData% : C:\Users\Mario\AppData\Local\

~ %StartMenu% : C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

 

---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 786 Go of 921 Go)

D: CD-ROM drive (Not Inserted)

 

 

 

---\\ Estado do Centro de Segurança do Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

~ Security Center: 44 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Pesquisa particular de ficheiros genéricos

[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]

[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]

[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]

[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/02/2014 - 06:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]

[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/12/2013 - 05:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]

[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]

[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]

[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]

[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]

[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]

[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]

[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]

[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.08/04/2014 - 01:05:00.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]

[MD5.0696F66E4D423793951A60562F794D14] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.02/04/2014 - 23:23:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]

[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]

[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]

[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]

[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]

[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.22/08/2013 - 20:00:55.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]

[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]

[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]

~ Generic Processes: Scanned in 00mn 00s

 

 

 

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes images (My Pictures) : 1/12729

~ Mes musiques (My Musics) : 1/18133

~ Mes Favoris (My Favorites) : 1/5

~ Mes Documents (My Documents) : 1/2467

~ Mon Bureau (My Desktop) : 2/6

~ Menu demarrer (Programs) : 1/27

~ Hidden Files: Scanned in 00mn 21s

 

 

 

---\\ Processos lançados

[MD5.436A83E5555A8449B9BFBE1AAB314654] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072] [PID.5052]

[MD5.2F03C763EE0DFB4DE56176737DEFB2E2] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [21184] [PID.5444]

[MD5.5B672B6FA8986959988032DA24480748] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056] [PID.5168]

[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java™ Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.6076]

[MD5.EABAB863E4451B22CA44A4919E59D2B8] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144] [PID.1444]

[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592] [PID.4156]

[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.76]

[MD5.80E04F074334739C96E1C08C331FB82D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8080384] [PID.3200]

~ Processes Running: Scanned in 00mn 00s

 

 

 

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)

G2 - GCE: Preference [user Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)

G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

 

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 16 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)

P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll

~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

 

 

 

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 19

 

 

 

---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

O4 - HKLM\..\Run: [RtHDVBg_PushButton] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

O4 - HKLM\..\Run: [iAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe

O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (.not file.)

O4 - HKLM\..\Run: [shadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll

O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe

O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation

O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java™ Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation

O4 - HKLM\..\policies\Explorer\Run: [btvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

O4 - HKUS\S-1-5-21-3056077811-389232429-1466393426-1002\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe

~ Application: Scanned in 00mn 00s

 

 

 

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll (.not file.)

O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll (.not file.)

~ IE Extra Buttons: Scanned in 00mn 00s

 

 

 

---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{6DA0FAEC-E254-4929-BAE4-93CA177C4BC3}: DhcpNameServer = 187.122.254.44 187.122.254.48 201.6.4.116

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF16F01B-B021-474E-A42B-4D2DB25CEB2F}: DhcpNameServer = 10.42.0.251 10.42.0.252

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF16F01B-B021-474E-A42B-4D2DB25CEB2F}: DhcpDomain = vcp.amer.dell.com

O17 - HKLM\System\CS1\Services\Tcpip\..\{6DA0FAEC-E254-4929-BAE4-93CA177C4BC3}: DhcpNameServer = 187.122.254.44 187.122.254.48 201.6.4.116

O17 - HKLM\System\CS1\Services\Tcpip\..\{DF16F01B-B021-474E-A42B-4D2DB25CEB2F}: DhcpNameServer = 10.42.0.251 10.42.0.252

O17 - HKLM\System\CS1\Services\Tcpip\..\{DF16F01B-B021-474E-A42B-4D2DB25CEB2F}: DhcpDomain = vcp.amer.dell.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.122.254.44 187.122.254.48 201.6.4.116

~ Domain: Scanned in 00mn 00s

 

 

 

---\\ Protocolo adicional (018)

O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --

O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

 

 

 

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

~ Winlogon: Scanned in 00mn 00s

 

 

 

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 337.) - C:\Windows\system32\nvinitx.dll

~ AppInit DLL: Scanned in 00mn 00s

 

 

 

---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: AtherosSvc (AtherosSvc) . (.Windows ® Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

~ Services: 21 Legitimates Filtered in 00mn 05s

 

 

 

---\\ Tarefas planificadas automaticamente (039)

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1074]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1078]

~ Scheduled Task: 10 Legitimates Filtered in 00mn 05s

 

 

 

---\\ Drivers lançados ao arranque do sistema (041)

O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)

O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)

O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)

O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)

O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)

O41 - Driver: ({6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64) . (. - .) - C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys (.not file.)

~ Drivers: 46 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Software instalados (042)

O42 - Logiciel: Buzzdock - (.Alactro LLC.) [HKLM][64Bits] -- {ac225167-00fc-452d-94c5-bb93600e7d9a}

~ Logic: 25 Legitimates Filtered in 00mn 00s

 

 

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\Baidu Security]

[HKCU\Software\SuperDownloads.com.br]

[HKLM\Software\Baidu Security]

[HKLM\Software\Wow6432Node\Baidu Security]

[HKLM\Software\Wow6432Node\NetCrawl] =>PUP.NetCrawl

~ Key Software: 176 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 02/07/2014 - 16:46:30 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687

O43 - CFD: 04/07/2014 - 14:34:26 - [0] ----D C:\ProgramData\Baidu Security

O43 - CFD: 30/06/2014 - 17:36:04 - [0] ----D C:\Users\Mario\AppData\Local\PackageStaging

~ Program Folder: 122 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.7968D1770F454E71A91238340545CAA5] - 18/07/2014 - 22:17:35 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [159030]

O44 - LFC:[MD5.6A9C51E0C2FC6AC10C263E470293FFEB] - 18/07/2014 - 22:17:35 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [775938]

O44 - LFC:[MD5.CAE181E358C657C42905DABFDB3C2F34] - 22/07/2014 - 16:34:27 ---A- . (...) -- C:\Windows\win.ini [301]

O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 24/07/2014 - 08:49:01 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]

O44 - LFC:[MD5.A11548B9660F3E29990495F09DCA9C9A] - 24/07/2014 - 09:13:44 ---A- . (...) -- C:\zoek-results.log [16818]

~ Files: 15 Legitimates Filtered in 00mn 02s

 

 

 

---\\ Operações e funções ao arranque do Windows Explorer (046)

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

~ ShellExecuteHooks: Scanned in 00mn 00s

 

 

 

---\\ Negação do serviço (Local Security Authority) (048)

~ LSA: 3 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)

O51 - MPSK:{df9f5bf8-0094-11e4-8252-9cd21eeb0c20}\AutoRun\command. (...) -- E:\SETUP.exe (.not file.)

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1

~ MWPS: 22 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows ® Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]

O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]

~ Drivers: 66 Legitimates Filtered in 00mn 01s

 

 

 

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}

~ ADS: Scanned in 00mn 00s

 

 

 

---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Search Tracing Registry Key (O100)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NetCrawl_RASAPI32 =>PUP.NetCrawl

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NetCrawl_RASMANCS =>PUP.NetCrawl

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASAPI32 =>PUP.NetCrawl

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASMANCS =>PUP.NetCrawl

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilNetCrawl_RASAPI32 =>PUP.NetCrawl

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilNetCrawl_RASMANCS =>PUP.NetCrawl

~ BTK: 41 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Demand 04/11/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe

SS - | Auto 30/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 30/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 11/05/2013 822232 | (Intel® Capability Licensing Service TCP IP Interface) . (.Intel® Corporation.) - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

SS - | Demand 24/07/2013 334608 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe

SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe

SS - | Disabled 30/07/2013 328928 | (McOobeSv2) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

SS - | Demand 06/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 17/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

SR - | Auto 04/09/2013 312448 | (AtherosSvc) . (.Windows ® Win 7 DDK provider.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

SR - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

SR - | Auto 11/05/2013 733696 | (Intel® Capability Licensing Service Interface) . (.Intel® Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe

SR - | Auto 03/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

SR - | Auto 03/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

SR - | Auto 25/04/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe

SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

SR - | Auto 18/03/2014 1041192 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

SR - | Auto 03/04/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

SR - | Auto 03/04/2014 189912 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe

SR - | Auto 29/05/2014 1631008 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

SR - | Auto 29/05/2014 21055432 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

SR - | Auto 19/05/2014 927520 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SR - | Auto 30/07/2013 253776 | (RichVideo) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

SR - | Auto 16/10/2013 289496 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

SR - | Auto 04/04/2014 1915920 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe

SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe

SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe

SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

~ Services: Scanned in 00mn 06s

 

 

 

---\\ Scâner Aditional (088)

Database Version : 13026 - (24/07/2014)

Clés trouvées (Keys found) : 0

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 1

 

[HKLM\Software\Wow6432Node\NetCrawl] =>PUP.NetCrawl^

~ Additionnel Scan: 219571 Items scanned in 00mn 19s

 

 

 

---\\ Informações complémentaires do módulos

~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)

~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)

~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Chave do registo Shell MountPoints2 (MPKS) (O51)

~ AMI: 4 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Sumário das deteções encontradas na sua estação

http://nicolascoolman.fr/pup-netcrawl =>PUP.NetCrawl

~ MSI: 1 link(s) detected in 00mn 00s

 

 

 

~ 550 Legitimates filtered by white list

End of the scan (427 lines in 01mn 18s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
________________________________________________________________________

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014

Fichier d'export Registre :

Run by Mario at 25/07/2014 12:19:31

High Elevated Privileges : OK

Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

 

Reciclagem vazia (00mn 06s)

Reparação de atalhos do navegador

 

========== Chaves do Registo ==========

ELIMINÉ Driver Key: Bfilter

ELIMINÉ Driver Key: Bfmon

ELIMINÉ Driver Key: Bnbase

ELIMINÉ Driver Key: Bndef

ELIMINÉ Driver Key: Bprotect

ELIMINÉ Driver Key: {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64

ELIMINÉ: HKCU\Software\Baidu Security

ELIMINÉ:* HKLM\Software\Baidu Security

ELIMINÉ: HKLM\Software\Wow6432Node\NetCrawl

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NetCrawl_RASAPI32

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NetCrawl_RASMANCS

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASAPI32

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASMANCS

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilNetCrawl_RASAPI32

ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilNetCrawl_RASMANCS

 

========== Valores do Registo ==========

ELIMINÉ RunValue: Nvtmru

 

========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia

 

========== Ficheiros ==========

ELIMINÉ Temporários windows (445) (48.032.769 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

 

========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso

 

 

========== Recapitulativo ==========

15 : Chaves do Registo

1 : Valores do Registo

1 : Pastas

2 : Ficheiros

1 : Restauração Sistema

 

 

End of clean in 00mn 37s

 

========== Caminho do ficheiro do relatório ==========

C:\Users\Mario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 25/07/2014 12:19:38 [1720]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra novamente o ( ZHPDiag )

 

ZHPDiag_Pergaminho2_zps6e758639.jpg

 

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

 

ZHPDiag_Pesquisar_zps3acb0f25.jpg

 

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

 

zhpdia11.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

~ Relatório do ZHPDiag v2014.7.24.108 - Nicolas Coolman (24/07/2014)

~ Iniciado por Mario (25/07/2014 12:39:36)

~ Endereço do Website : http://nicolascoolman.fr

~ Endereço do Webforum : http://forum.nicolascoolman.fr

~ Tradução pelo utilizador

~ Estatuto da versão : Versão atualizada.

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Activate by user

 

 

---\\ Navegadores Internet

MSIE: Internet Explorer v11.0.9600.17207

MFIE: Mozilla Firefox 30.0

GCIE: Google Chrome v36.0.1985.125 (Defaut)

 

---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 8.1 Single Language, 64-bit (Build 9600)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

 

---\\ Softwares de proteçao do sistema

McAfee Internet Security v12.8.958

Windows Defender W8 (Deactivate)

 

---\\ Softwares d'optimização do sistema

CCleaner v4.16

 

---\\ Softwares de partilha do PeerToPeer (P2P)

 

---\\ Monitoramento dos softwares

Java 7 Update 60

 

---\\ Informações sobre o sistema

~ Processor: Intel64 Family 6 Model 69 Stepping 1, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 8096 MB (74% free)

System Restore: Activé (Enable)

System drive C: has 795 GB (86%) free of 921 GB

 

---\\ Modo de conexão ao sistema

~ Computer Name: MARIO

~ User Name: Mario

~ All Users Names: Mario, HomeGroupUser$, Convidado, Administrador,

~ Unselected Option: 045,061,O62,065,066,080,O82,089

Logged in as Administrator

 

---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\Mario\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Mario\AppData\Roaming\

~ %Desktop% : C:\Users\Mario\Desktop\

~ %Favorites% : C:\Users\Mario\Favorites\

~ %LocalAppData% : C:\Users\Mario\AppData\Local\

~ %StartMenu% : C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

 

---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 795 Go of 921 Go)

D: CD-ROM drive (Not Inserted)

 

 

 

---\\ Estado do Centro de Segurança do Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

~ Security Center: 44 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Pesquisa particular de ficheiros genéricos

[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]

[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]

[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]

[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/02/2014 - 06:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]

[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/12/2013 - 05:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]

[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]

[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]

[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]

[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]

[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]

[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]

[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]

[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.08/04/2014 - 01:05:00.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]

[MD5.0696F66E4D423793951A60562F794D14] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.02/04/2014 - 23:23:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]

[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]

[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]

[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]

[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]

[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.22/08/2013 - 20:00:55.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]

[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]

[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]

~ Generic Processes: Scanned in 00mn 01s

 

 

 

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes images (My Pictures) : 1/12729

~ Mes musiques (My Musics) : 1/18133

~ Mes Favoris (My Favorites) : 1/5

~ Mes Documents (My Documents) : 1/2467

~ Mon Bureau (My Desktop) : 2/8

~ Menu demarrer (Programs) : 1/27

~ Hidden Files: Scanned in 00mn 22s

 

 

 

---\\ Processos lançados

[MD5.436A83E5555A8449B9BFBE1AAB314654] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072] [PID.4756]

[MD5.2F03C763EE0DFB4DE56176737DEFB2E2] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [21184] [PID.3916]

[MD5.5B672B6FA8986959988032DA24480748] - (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056] [PID.5152]

[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java™ Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896] [PID.4388]

[MD5.EABAB863E4451B22CA44A4919E59D2B8] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144] [PID.6860]

[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592] [PID.4644]

[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.4276]

[MD5.80E04F074334739C96E1C08C331FB82D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8080384] [PID.5792]

~ Processes Running: Scanned in 00mn 00s

 

 

 

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)

G2 - GCE: Preference [user Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)

G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

 

---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s

 

 

 

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)

P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll

~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

 

 

 

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 19

 

 

 

---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

O4 - HKLM\..\Run: [RtHDVBg_PushButton] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

O4 - HKLM\..\Run: [iAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe

O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- c:\Program Files\Dell\QuickSet\QuickSet.exe

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [shadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll

O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe

O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation

O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java™ Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation

O4 - HKLM\..\policies\Explorer\Run: [btvStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

O4 - HKUS\S-1-5-21-3056077811-389232429-1466393426-1002\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe

~ Application: Scanned in 00mn 00s

 

 

 

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll (.not file.)

O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll (.not file.)

~ IE Extra Buttons: Scanned in 00mn 00s

 

 

 

---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{6DA0FAEC-E254-4929-BAE4-93CA177C4BC3}: DhcpNameServer = 187.122.254.44 187.122.254.48 201.6.4.116

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF16F01B-B021-474E-A42B-4D2DB25CEB2F}: DhcpNameServer = 10.42.0.251 10.42.0.252

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF16F01B-B021-474E-A42B-4D2DB25CEB2F}: DhcpDomain = vcp.amer.dell.com

O17 - HKLM\System\CS1\Services\Tcpip\..\{6DA0FAEC-E254-4929-BAE4-93CA177C4BC3}: DhcpNameServer = 187.122.254.44 187.122.254.48 201.6.4.116

O17 - HKLM\System\CS1\Services\Tcpip\..\{DF16F01B-B021-474E-A42B-4D2DB25CEB2F}: DhcpNameServer = 10.42.0.251 10.42.0.252

O17 - HKLM\System\CS1\Services\Tcpip\..\{DF16F01B-B021-474E-A42B-4D2DB25CEB2F}: DhcpDomain = vcp.amer.dell.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.122.254.44 187.122.254.48 201.6.4.116

~ Domain: Scanned in 00mn 00s

 

 

 

---\\ Protocolo adicional (018)

O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --

O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

 

 

 

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

~ Winlogon: Scanned in 00mn 00s

 

 

 

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 337.) - C:\Windows\system32\nvinitx.dll

~ AppInit DLL: Scanned in 00mn 00s

 

 

 

---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: AtherosSvc (AtherosSvc) . (.Windows ® Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

~ Services: 21 Legitimates Filtered in 00mn 04s

 

 

 

---\\ Tarefas planificadas automaticamente (039)

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1074]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1078]

~ Scheduled Task: 10 Legitimates Filtered in 00mn 02s

 

 

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\SuperDownloads.com.br]

~ Key Software: 173 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 30/06/2014 - 17:36:04 - [0] ----D C:\Users\Mario\AppData\Local\PackageStaging

~ Program Folder: 120 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.CAE181E358C657C42905DABFDB3C2F34] - 22/07/2014 - 16:34:27 ---A- . (...) -- C:\Windows\win.ini [301]

O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 24/07/2014 - 08:49:01 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]

O44 - LFC:[MD5.A11548B9660F3E29990495F09DCA9C9A] - 24/07/2014 - 09:13:44 ---A- . (...) -- C:\zoek-results.log [16818]

O44 - LFC:[MD5.7968D1770F454E71A91238340545CAA5] - 25/07/2014 - 12:14:53 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [159030]

O44 - LFC:[MD5.6A9C51E0C2FC6AC10C263E470293FFEB] - 25/07/2014 - 12:14:53 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [775938]

~ Files: 12 Legitimates Filtered in 01mn 58s

 

 

 

---\\ Operações e funções ao arranque do Windows Explorer (046)

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

~ ShellExecuteHooks: Scanned in 00mn 00s

 

 

 

---\\ Negação do serviço (Local Security Authority) (048)

~ LSA: 3 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)

O51 - MPSK:{df9f5bf8-0094-11e4-8252-9cd21eeb0c20}\AutoRun\command. (...) -- E:\SETUP.exe (.not file.)

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1

~ MWPS: 22 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows ® Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]

O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]

~ Drivers: 66 Legitimates Filtered in 00mn 05s

 

 

 

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}

~ ADS: Scanned in 00mn 00s

 

 

 

---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Demand 04/11/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe

SS - | Auto 30/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 30/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 11/05/2013 822232 | (Intel® Capability Licensing Service TCP IP Interface) . (.Intel® Corporation.) - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

SS - | Demand 24/07/2013 334608 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe

SS - | Demand 02/08/2013 602944 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe

SS - | Disabled 30/07/2013 328928 | (McOobeSv2) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

SS - | Demand 06/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 17/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

SR - | Auto 04/09/2013 312448 | (AtherosSvc) . (.Windows ® Win 7 DDK provider.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

SR - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

SR - | Auto 11/05/2013 733696 | (Intel® Capability Licensing Service Interface) . (.Intel® Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe

SR - | Auto 03/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

SR - | Auto 03/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

SR - | Auto 25/04/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe

SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

SR - | Auto 18/03/2014 1041192 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

SR - | Auto 03/04/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

SR - | Auto 03/04/2014 189912 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe

SR - | Auto 29/05/2014 1631008 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

SR - | Auto 29/05/2014 21055432 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

SR - | Auto 19/05/2014 927520 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SR - | Auto 30/07/2013 253776 | (RichVideo) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

SR - | Auto 16/10/2013 289496 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

SR - | Auto 04/04/2014 1915920 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe

SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe

SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe

SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

~ Services: Scanned in 00mn 09s

 

 

 

---\\ Scâner Aditional (088)

Database Version : 13026 - (24/07/2014)

Clés trouvées (Keys found) : 0

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 0

 

~ Additionnel Scan: 219265 Items scanned in 00mn 25s

 

 

 

---\\ Informações complémentaires do módulos

~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)

~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)

~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Chave do registo Shell MountPoints2 (MPKS) (O51)

~ AMI: 4 Legitimates Filtered in 00mn 00s

 

 

 

~ 530 Legitimates filtered by white list

End of the scan (386 lines in 03mn 37s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não vi mais as propagandas

 

Aparentemente está tudo certo

 

Muito obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Fico feliz que o problema tenha sido resolvido.

:seta: Só para finalizar siga estes tutoriais abaixo, por gentileza:

Excluindo erros e otimizando seu PC com o CCleaner

Elimine arquivos inúteis de seu PC com o PureRa
_______________________________________________________________________________________________________________________

:seta: Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial.
_______________________________________________________________________________________________________________________

:thumbsup: Foi um prazer ajudar.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.