Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Bom dia
Acredito que fui infectado
Recentemente todos os meus navegadores parassaram sem nenhuma ação minha a receber uma pagina de busca ( http://www.searchnu.com/414 ) como pagina inicial
Além disso o meu navegador padrão ( Google Chrome ) passou a ter um comportamento inadequado o que me levou a reinstala-lo só que o mesmo não funciona mais
Abaixo o log do HijackThis
>
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:41:40, on 24/05/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\HijackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\PROGRA~1\GbPlugin\gbiehisg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} (GbPluginObj Class) - https://www5.infoseg.gov.br/Install/GbPluginIsg.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginIsg - C:\PROGRA~1\GbPlugin\gbiehIsg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe--
End of file - 10316 bytes
Agradeço antecipadamente
>
*** [serviços] ***
*** [Arquivos/Pastas] ***
Arquivo Removido : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Arquivo Removido : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Arquivo Removido : C:\Users\Mário Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\ldnkfl42.default\searchplugins\Search_Results.xml
Pasta Removido : C:\Program Files\AVG Secure Search
Pasta Removido : C:\Program Files\FreeRIP3
Pasta Removido : C:\ProgramData\Ask
Pasta Removido : C:\ProgramData\AVG Secure Search
Pasta Removido : C:\ProgramData\boost_interprocess
Pasta Removido : C:\ProgramData\FreeRIP
Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Pasta Removido : C:\Users\Mário Monteiro\AppData\Local\AVG Secure Search
Pasta Removido : C:\Users\Mário Monteiro\AppData\LocalLow\AskToolbar
Pasta Removido : C:\Users\Mário Monteiro\AppData\LocalLow\AVG Secure Search
Pasta Removido : C:\Users\Mário Monteiro\AppData\LocalLow\Searchqutoolbar
Pasta Removido : C:\Users\Mário Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\ldnkfl42.default\Searchqutoolbar
Pasta Removido : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Removido Durante o reboot : C:\Program Files\Common Files\AVG Secure Search
Removido Durante o reboot : C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Removido Durante o reboot : C:\Program Files\Searchqu Toolbar
*** [Registro] ***
Chave Removida : HKCU\Software\AVG Secure Search
Chave Removida : HKCU\Software\DataMngr
Chave Removida : HKCU\Software\DataMngr_Toolbar
Chave Removida : HKCU\Software\IGearSettings
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Chave Removida : HKCU\Software\YahooPartnerToolbar
Chave Removida : HKLM\Software\AskToolbar
Chave Removida : HKLM\Software\AVG Secure Search
Chave Removida : HKLM\Software\AVG Security Toolbar
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Chave Removida : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Chave Removida : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Chave Removida : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Chave Removida : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Chave Removida : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Chave Removida : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Chave Removida : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Chave Removida : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Chave Removida : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Removida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Removida : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Chave Removida : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Chave Removida : HKLM\Software\Conduit
Chave Removida : HKLM\Software\DataMngr
Chave Removida : HKLM\Software\Freeze.com
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Chave Removida : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Removida : HKLM\Software\SearchquMediabarTb
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
*** [Navegadores] ***
-\\ Internet Explorer v9.0.8112.16483
[OK] Registro está limpo.
-\\ Mozilla Firefox v20.0.1 (pt-BR)
Arquivo : C:\Users\Mário Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\ldnkfl42.default\prefs.js
Removida : user_pref("browser.search.defaultenginename", "Search Results");
Removida : user_pref("browser.search.order.1", "Search Results");
Removida : user_pref("browser.search.selectedEngine", "Search Results");
Removida : user_pref("extensions.toolbar@ask.com.install-event-fired", true);Removida : user_pref("extensions.twitternotifier.configuration", "{\"config\":{\"photo_size_limit\":3145728,\"m[...]
Removida : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");
-\\ Google Chrome v [impossível ler a versão]
Arquivo : C:\Users\Mário Monteiro\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Arquivo está limpo.
-\\ Opera v10.61.3484.0
Arquivo : C:\Users\Mário Monteiro\AppData\Roaming\Opera\Opera\operaprefs.ini
Removida : Home URL=hxxp://www.searchnu.com/414
*************************
AdwCleaner[s1].txt - [13868 octets] - [24/05/2013 14:12:25]
########## EOF - C:\AdwCleaner[s1].txt - [13929 octets] ##########
Boa Tarde! Mário Monteiro
|- Apesar de AdwCleaner ter removido o hijacker,siga com ZHPDiag e poste seu log.
A+
-----------------
Não Localizei o Botão UAC então vai sem está configuração o proximo relatorio
O botão com a seta azul não funcionou então usei a segunda opção
Gerou este link para o relatorio
Boa Tarde! Mário Monteiro
|- Desinstale: < Ad-Aware v9.0.0 >
-/-
|- Baixe: < http://thisisudax.org/downloads/JRT.exe'>/applications/core/interface/imageproxy/imageproxy.php?img=http://i48.tinypic.com/1268r49.png&key=be85c7a026af0cb092d2f868777759c6b4bd667a01f00e36e91558a667424520" alt="1268r49.png" /> > ( ... de Thisisu )
|- Salve-o no desktop!
|- Para Windows 7,clique direito em JRT.exe e execute-o como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )
-/-
|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a http://windows.microsoft.com/pt-BR/windows-vista/Turn-User-Account-Control-on-or-off'>UAC.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPFix_silent_zps532d2db6.jpg&key=e3bca71d24a0067fad1910903f2d756650c2d526a3a3b4495f41f8a5e073328a" alt="ZHPFix_silent_zps532d2db6.jpg" />
|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Daily 1)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Daily 2)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Daily 3)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Daily 4)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [{0F7CAEBF-8342-4FCC-AF8D-D2A2C5C49C65}] (...) -- C:\Users\Mário Monteiro\Downloads\sp41377.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{46982475-050F-4048-A677-34246CCC59BB}] (...) -- C:\Users\Mário Monteiro\Downloads\plugin-letras-wmp0.9.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{595C0B4B-5D6A-4FE5-8297-A90EDF0BB56E}] (...) -- C:\Users\Mário Monteiro\Documents\Programas\Kit Seguran‡a\CFP_Setup_English_2.4.17.183.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8D0F1681-484A-4477-A663-1A0F099B5DE0}] (...) -- C:\Users\Mário Monteiro\Downloads\eMule0.49c-Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AA554D45-691D-4B6E-B288-C218508EFA84}] (...) -- C:\Users\Mário Monteiro\Documents\Pasta de trocas do Bluetooth\hot\bf2008.exe (.not file.) [0]
[MD5.4B817450226F93C31ADD5BCC27FED27A] - (.AVG Secure Search - ToolbarU Application.) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984] [PID.3492]
B1 - OSP: search.ini [Mário Monteiro] URL=http://dts.search-results.com/sr?src=opb&appid=0&systemid=414&sr=0&q=%s
SR - | Auto 22/05/2013 1015984 | (vToolbarUpdater15.2.0) . (.AVG Secure Search.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
O20 - AppInit_DLLs: . (...) - C:\Program Files\SEARCH~1\Datamngr\datamngr.dll (.not file.)
O23 - Service: (vToolbarUpdater15.2.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- Ad-Aware
O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
O43 - CFD: 24/05/2013 - 14:12:33 - [18,317] ----D C:\Program Files\Searchqu Toolbar
O44 - LFC:[MD5.F92BE0F20A0DC71FFD0D56AC7A04CA61] - 24/05/2013 - 14:13:03 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [262]
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 22/05/2013 - 18:25:15 ---A- . (...) -- C:\Windows\System32\DOErrors.log [52]
O64 - Services: CurCS - ??\??\???? - Unknown owner (Lbd) .(...) - LEGACY_LBD
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo! Search) - http://br.search.yahoo.com
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}]
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: Modified
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF]
[HKLM\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}]
C:\Program Files\YouTube Downloader
C:\Program Files\Searchqu Toolbar
C:\Program Files\Common Files\AVG Secure Search
hostfix
proxyfix
emptytemp
emptyclsid
emptyflash
firewallraz
sysrestore
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />
|- Clique no menu,"Paste ClipBoard".
http://imgbox.com/acerMAbC'>/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acerMAbC.jpg&key=8f6573385f94e5beff1160ce0a8e6778a7b84bd7dbdcfdd2ee7c4058d85bf88a" alt="acerMAbC.jpg" />
|- Clique "GO" -> Oui.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />
|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt
A+
Vou postando por partes aqui
O Adware está meio que imortal aqui o exclui na marra não sei se deu 100% certo
Sobre o resto vou começar com o primeiro log
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista Home Premium x86
Ran by M rio Monteiro on 24/05/2013 at 20:25:48,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\M rio Monteiro\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files\searchqu toolbar"
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{04CFAE81-A8DA-4F8A-86D3-A3DD89BFE503}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{067F4001-60AF-4DCA-99D7-202AEC7F8397}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{09680409-7705-4AC2-B1B6-8855E0141E4E}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{0B7F510C-C40F-489F-A92D-F21DD8150030}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{0E72F785-6E12-4791-B44D-EA326F205E60}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{18E041FD-C1FD-4E79-B085-D68BB9C88BBB}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{192C9C8E-EA4C-4E3C-832F-D3E06C3EC525}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{196BCDC9-9D28-461F-8545-06F177C2BA9F}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{1BCC7F54-BF60-4C3E-98B1-3BE4502ED7EF}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{1CB0AC7B-9ADF-44D0-BF43-C1C9F54C3D72}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{228BC100-08A2-4000-8DFF-C666A63390F6}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{24F89298-2715-4BFD-9E61-FBC0B33B8231}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{29BC759E-6FDC-4E62-82B2-D8903ECC19EC}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{29C58A6C-A75A-47F1-9253-E986EDD50096}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{2A2D0965-839B-45D4-925C-F55A9F80B023}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{2A51E311-2D33-46EB-AA7E-80B846484AF7}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{30F69449-D69A-463C-A597-918E1FAC15E0}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{314F0611-C0BE-4F7D-A5D3-761B8EF50E3E}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{35D75E12-A1E0-4627-813D-EDA7B996E852}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{3DB5B7D2-ADFB-4768-AC45-250FD74B5F1B}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{42E6AF67-6CAC-4DF8-A472-3EF3844CA5E4}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{45C17F0E-A152-4A71-A9FA-839A0AA70501}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{48D9813D-0E4B-4576-86D7-21DE1420D6B5}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{49B866A8-4520-4DCD-9791-A8496E4B566A}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{4D4153DC-80B7-4C89-A727-3AC744A760E6}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{4FBEC65E-36C7-4C80-B535-11B58BF743EC}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{502C51D2-B479-4462-9DAB-B3C0E32665AB}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{503091CC-7512-4B12-9194-43B332143213}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{5122D7EE-D069-47F5-8224-314C68C484A0}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{523085E0-C517-4FF5-BBF1-3A29945A3A46}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{54F9DFB6-D9A1-4F34-A6D1-42ABCDAC70A3}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{55D32E1C-3B7C-4A6B-B694-39001409D187}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{5A060F99-A213-405C-A0FF-3A8D4C5FD865}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{5A7121B9-DB37-4236-9B67-C8C932E30031}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{5DAA9249-B8D7-4EA4-B1CF-9D402172E995}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{5F1108A9-D5AC-452D-B51E-FE6E1291B344}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{607FEF56-4F18-41A6-BBA2-EAC16E7D73F1}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{67D5DAA5-B9F0-4367-9B5E-C25301F7581F}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{69A896D0-A9E1-4FCD-A3A2-6305E8E7AE6C}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{69DA36FE-7BCC-4434-8416-88A34BD1DB83}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{707BB194-FE4F-4EC2-82D8-A45F70B2411B}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{727D9F6C-274B-4F3F-AC63-2A390A947AFB}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{761CC11D-6EF1-4F21-A08A-33EC41BC8836}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{762DE37D-EDFF-4897-8178-B783C31FDE72}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{7663445D-1A96-470C-BA92-964FBE499127}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{7DC4A834-405B-4DA9-926A-6D48DA6843CF}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{8361489F-B6AF-48E2-8D96-5C7395C99CB1}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{86A7D7E2-76B9-4FF4-B77A-35BB1588DF79}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{8936F8FE-94F1-4185-807F-5AA32F57B72E}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{8BA4B748-88B7-4F82-A81C-F5BCBD7151A3}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{8D78A15A-7E11-4014-9E51-5382DDC076C8}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{8F205BD0-6148-4CAA-B110-47B276C5D878}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{8F687299-F372-4C8F-9393-48BB0B8BFAB5}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{91556FBD-DF43-4AB5-843F-D6F963F82972}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{9174B570-B5F6-4F91-8477-258255668048}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{935ECEF0-67CA-46AC-8737-325011BAA744}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{948281F5-45CB-471E-B3E3-09637C2EA786}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{99FCFA80-F86B-43DC-A587-A6E6E3E6C5BC}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{9BE28E57-D414-44AF-9863-98F8BB62C4CF}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{9D6D2512-E72C-4EED-9AC6-F9EE47A79D33}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{9FF552C4-C424-46A2-B04F-A57DA4F9145D}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{A0959354-6D8E-4483-9F5D-43AC5E6CF8A4}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{A14C7AA4-B838-456C-BC94-6E25A965A59F}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{A2A52AC9-EFFA-432D-B7D4-6C910759B5DB}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{A6A89B73-A8B9-4C1D-82D8-92A38B5DBA81}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{A96A7462-8310-4A2D-9CD6-8F552C266BA9}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{AEEEFD08-3C8A-4A3D-BEC1-2D634987BB57}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{AF4E7177-471E-48DE-BF62-16506A61BD53}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{B049FBFF-64CF-465A-9E05-B71C6CE3A807}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{B21216A5-7401-4CF4-B3D0-6BC45934795B}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{B35B4CE9-6A2B-4137-97E9-CFF121AA8FD6}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{B686A087-15CF-42D4-8734-0DC66948A273}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{CD629F59-9DA3-4881-8F96-66426E0DEF80}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{CF095614-6E01-4FA5-BD1F-A3D061954120}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{CF628766-15C0-45DD-82D9-DDB223BF5B9C}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{D12606A5-1560-4892-8B7F-DB063AB3A31D}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{D1720DE8-351A-4F75-A56D-CF731B5C85D0}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{D5399482-B0D6-4865-8AEA-199276F32D57}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{D86582A0-E7E0-49C5-B21C-A277F5FDAEDF}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{DDDEA7EB-7D3C-476D-815F-05B619EC6FCA}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E03B86B7-1472-4E23-8A4E-5F3BC47462B3}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E1088099-7526-4472-985C-28E3CE52E419}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E10E4C6B-9086-42E2-BC90-8A0DD29858D0}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E173D9B6-417E-4B11-9792-B3A8C70436C2}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E18E389E-5E1D-4FBA-9BFE-DFEFBE0C6034}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E49C0415-48AD-4CBB-A2C6-AE8E7AA284B1}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E96C483F-CD4F-4FFF-8E38-383DB01779D3}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{EBD876F4-DD6A-440F-88C6-E0E8E67793AF}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{ED0BE9CF-DBEF-4D24-906A-FE1904F6D907}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{F588961D-7A33-404B-9DDB-A90F8A74C4CE}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{F7947796-6AA0-4E2A-BB0C-C1E861EBB067}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{F9B1A4CB-BBBF-490D-AA36-87834868073A}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{FBA67787-4C40-4DFE-9424-21B2474CC243}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{FE605BCE-1995-4C87-B13D-CBE67F4842AD}
Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{FFFB6CBF-FB40-4658-BDAD-3D9C19B5391E}
~~~ FireFox
Failed to delete: [Folder] "C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}"
Emptied folder: C:\Users\M rio Monteiro\AppData\Roaming\mozilla\firefox\profiles\ldnkfl42.default\minidumps [137 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/05/2013 at 20:28:49,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
O outro relatorio
>
Rapport de ZHPFix 2013.5.24.2 par Nicolas Coolman, Update du 24/05/2013
Fichier d'export Registre :
Run by Mário Monteiro at 24/05/2013 20:35:34
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Recycle Files Deleted
========== Software ==========
NOT FOUND Software Key: Ad-Aware
NOT FOUND Uninstall Process: c:\programdata\{2162ccc0-3a5f-4887-b51f-ce5f195b3620}\ad-aware90install.exe
========== Memory Process ==========
DELETE on Reboot Memory Process: C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
========== Registry Key ==========
DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}]
DELETED Key: Service: vToolbarUpdater15.2.0
NOT FOUND Key: Service: vToolbarUpdater15.2.0
ERROR Key: Service Legacy: LEGACY_LBD
DELETED Key: SearchScopes :{DECA3892-BA8F-44b8-A993-A466AD694AE4}
NOT FOUND Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
ERROR Key****: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
DELETED Key: HKLM\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
========== Registry Value ==========
NOT FOUND Value Key: FirewallOverride
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (None) : {E080A850-AB58-4734-8950-567006A78C7C}
DELETED FirewallRaz (Public) : {2DB9F67B-59B8-4232-876E-C7E726A92880}
DELETED FirewallRaz (Public) : {4F62596B-6B9A-440E-80CC-30C82001B6BB}
========== Registry Data Items ==========
REMOVED AppInit: \Program Files\SEARCH~1\Datamngr\datamngr.dll
========== Browser Profiles ==========
DELETED Opera Search Page: http://dts.search-results.com/sr?src=opb&appid=0&systemid=414&sr=0&q=%s
========== Repertory ==========
No Empty CLSID Directories
DELETED Flash Cookies
========== File ==========
DELETED File: c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\toolbarupdater.exe
NOT FOUND File: \program files\search~1\datamngr\datamngr.dll
NOT FOUND File: c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\toolbarupdater.exe
DELETED File: c:\windows\deleteonreboot.bat
DELETED File: c:\windows\system32\doerrors.log
NOT FOUND Folder/File: c:\program files\searchqu toolbar
DELETED Window Temporary
DELETED Flash Cookies
========== Hosts file ==========
Hosts File not cleaned (Please Deactivate your Antivirus)
========== Task ==========
DELETED Task: Ad-Aware Update (Daily 1)
DELETED Task: Ad-Aware Update (Daily 2)
DELETED Task: Ad-Aware Update (Daily 3)
DELETED Task: Ad-Aware Update (Daily 4)
DELETED Task: Ad-Aware Update (Weekly)DELETED Task: {0F7CAEBF-8342-4FCC-AF8D-D2A2C5C49C65}
DELETED Task: {46982475-050F-4048-A677-34246CCC59BB}
DELETED Task: {595C0B4B-5D6A-4FE5-8297-A90EDF0BB56E}
DELETED Task: {8D0F1681-484A-4477-A663-1A0F099B5DE0}
DELETED Task: {AA554D45-691D-4B6E-B288-C218508EFA84}
========== Restoration ==========
Restore System Point created succefully
========== Summary ==========
1 : Memory Process
8 : Registry Key
12 : Registry Value
1 : Registry Data Items
2 : Repertory
8 : File
2 : Software
1 : Browser Profiles
1 : Hosts file
10 : Task
1 : Restoration
End of clean in 01mn 16s
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 24/05/2013 20:35:34 [3639]
Bom Dia! Mário Monteiro
>
/applications/core/interface/imageproxy/imageproxy.php?img=http://forum.imasters.com.br/public/style_images/imasters-2011/snapback.png&key=6c4595d94bb1086600237aa9845db775ed272665f16a239c5c53fcdbbbb6a3c3" alt="snapback.png" /> : Mário Monteiro, em 24/05/2013, disse:
Além disso o meu navegador padrão ( Google Chrome ) passou a ter um comportamento inadequado o que me levou a reinstala-lo só que o mesmo não funciona mais
|- Desinstale o Chrome,com o RevoUninstaller,no modo Avançado.
-/-
|- Baixe: < Revo Uninstaller >
|- Salve-o no desktop.
|- Instale o utilitário e verifique se na tela principal aparece o programa a ser desinstalado.
|- No seu caso,o Google Chrome.
|- Selecione-o e clique em Desinstalar.
|- Para maiores detalhes,leia o < Tutorial >
-/-
< Comodo Dragon >
|- Baixe e instale este navegador! ( Comodo Dragon )
|- Relate o resultado desta experiência,ao substituir seu navegador Chrome,pelo Comodo Dragon.
|- Ps: Verás que o mesmo foi construído tendo por base a engine do Chrome e apresentando,como diferencial,a segurança imposta pela Comodo.
|- Ps: Cuidado ao importar configurações de outros navegadores,durante sua instalação.
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i44.tinypic.com/331oifp.png&key=fcad0478e14636700bb766245fedff7f764d6e0195351797c0e1ab72934d78e6" alt="331oifp.png" /> > ( ... by Old Timer )
|- Salve-o no desktop ou C:\.
|- Duplo-clique em OTS.exe.
|- Ps: Para Windows Vista ou 7,dê clique direito e execute OTS.exe como administrador.
|- Na opção "Additional Scans",clique em "Extras".
|- Marque as caixinhas:
[] Reg - NetSvcs
[] File - Lop Check
/applications/core/interface/imageproxy/imageproxy.php?img=http://i286.photobucket.com/albums/ll83/mcristinna/64bitscan.png&key=bb930c4777d4df8bdf97c83c503f27f38aee8edb1dd2c5f0c16ae9f112f517be" alt="64bitscan.png" />
|- Para SO 64 bits,marque a caixinha!
|- Em "Basic Scans",marque as caixinhas:
[] Use Company Name Whitelist
[] Skip Microsoft Files
|- Verifique: /applications/core/interface/imageproxy/imageproxy.php?img=http://i44.tinypic.com/250ii3s.png&key=220c88c537da331db8d2d91588f8ee40fb89d926eae7b2328f77b0caa0637226" alt="250ii3s.png" /> & /applications/core/interface/imageproxy/imageproxy.php?img=http://i43.tinypic.com/n19ytt.png&key=9af9c765610d7447fca8af2ec98f7f59c910b356ed6037a4e58b0049401ff51b" alt="n19ytt.png" />
%systemdrive%\.
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\. /90
%programfiles%\.
%localappdata%\*.exe
%localappdata%\*.txt
%localappdata%\*.ini
%localappdata%\*.dll
%localappdata%\*.dat
%userprofile%\*.exe
%userprofile%\*.txt
%userprofile%\*.ini
%userprofile%\*.dll
%userprofile%\*.dat /30
%appdata%\.
%systemroot%\system32\tasks\.
%windir%\tasks\.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/OTS_CustomScans.jpg&key=380aa0a74d5a8040902c14adba79fb15e5943d5436baaaff1051b8861166384b" alt="OTS_CustomScans.jpg" />
|- Copie e cole estas informações que estão no Code,para o campo "Custom Scans".
|- À seguir,clique em /applications/core/interface/imageproxy/imageproxy.php?img=http://i41.tinypic.com/2lasxtt.png&key=d7a264dfc3d064d2dacf8f5dc7ca6802693c680aebb1b13c4505002e84b61c85" alt="2lasxtt.png" />
|- Ao concluir,abrir-se-á o Bloco de Notas,com o relatório. ( OTS.txt )
|- Poste-o em sua resposta!
|- Acesse para isso! ( cjoint.com ou myfile.tk )
Abs!
Só desinstalando o chrome com o revo e reinstalando ele voltou ao normal
O que devo fazer dos demais procedimentos?
>
Só desinstalando o chrome com o revo e reinstalando ele voltou ao normal
O que devo fazer dos demais procedimentos?
Olá! Mario Monteiro
|- Caso repare,ainda,a ação do browser hijacker nos navegadores,poste o log da ferramenta OTS.
A+
Gerou este link
Boa Tarde! Mário Monteiro
|- Não detectei a presença do malware.
########
|- Abra a ferramenta OTS.
[Unregister Dlls]
[Files/Folders - Modified Within 30 Days]
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Mário Monteiro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
NY -> {1FD91A9C-410C-4090-BBCC-55D3450EF433} -> C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
[Files - No Company Name]
NY -> PhysicalDisk0_MBR.bin -> C:\PhysicalDisk0_MBR.bin
NY -> ZHPFix.lnk -> C:\Users\Public\Desktop\ZHPFix.lnk
NY -> ZHPDiag.lnk -> C:\Users\Public\Desktop\ZHPDiag.lnk
NY -> MBRCheck.lnk -> C:\Users\Public\Desktop\MBRCheck.lnk
NY -> adwcleaner.exe -> C:\Users\Mário Monteiro\Desktop\adwcleaner.exe
[Custom Scans]
YY -> AdwCleaner[S1].txt -> C:\AdwCleaner[S1].txt
YY -> ComboFix.txt -> C:\ComboFix.txt
[Alternate Data Streams]
NY -> @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0CE7F3C9
[empty temp folders]
[reboot]
|- Cole estas informações que estão no Code,para o campo: "Paste Fix Here"
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/OTS_RunFix.jpg&key=748aeb7148600d575912c17ea09a93e07507846ce9814810a92df046d745c699" alt="OTS_RunFix.jpg" />
|- Clique em Run Fix --> Aguarde!
|- Terminando,poste o relatório: C:\_OTS\MovedFiles\OTS.txt
|- Tudo Ok?
Abs!
>
All Processes Killed
[Files/Folders - Modified Within 30 Days]
C:\Users\Mário Monteiro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} moved successfully.
[Files - No Company Name]
C:\PhysicalDisk0_MBR.bin moved successfully.
C:\Users\Public\Desktop\ZHPFix.lnk moved successfully.
C:\Users\Public\Desktop\ZHPDiag.lnk moved successfully.
C:\Users\Public\Desktop\MBRCheck.lnk moved successfully.
C:\Users\Mário Monteiro\Desktop\adwcleaner.exe moved successfully.
[Custom Scans]
C:\AdwCleaner[s1].txt moved successfully.
C:\ComboFix.txt moved successfully.
[Alternate Data Streams]
ADS C:\ProgramData\TEMP:0CE7F3C9 deleted successfully.
File not found!
[empty temp folders]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mário Monteiro
->Temp folder emptied: 439347 bytes
->Temporary Internet Files folder emptied: 2901729 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 216549894 bytes
->Google Chrome cache emptied: 18915943 bytes
->Apple Safari cache emptied: 57344 bytes
->Opera cache emptied: 4773594 bytes
->Flash cache emptied: 548 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 529278 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 1519723538 bytes
Total Files Cleaned = 1.682,00 mb
< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 05252013_135538
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Boa Tarde! Mário Monteiro
|- Remova as ferramentas empregadas e pontos de restauração,com o DelFix.
-/-
|- Baixe: |DelFix| ( ... de Xplode )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/DelFix_SetaVerde.jpg&key=a562af283f81224b0096f109e2c85fcde8abae0d109a59c91160b5f99a23e243" alt="DelFix_SetaVerde.jpg" />
|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".
|- Caso queira poste o relatório!
|- Tudo Ok?
Abs!
>
~ Removing disinfection tools ...
Deleted : C:\JRT
Deleted : C:\USBFix
Deleted : C:\_OTS
Deleted : C:\ZHP
Deleted : C:\Program Files\ZHPDiag
Deleted : C:\Users\Mário Monteiro\Desktop\JRT.exe
Deleted : C:\Users\Mário Monteiro\Desktop\JRT.txt
Deleted : C:\Users\Mário Monteiro\Desktop\HiJackThis.exe
Deleted : C:\Users\Mário Monteiro\Desktop\OTS.exe
Deleted : C:\Users\Mário Monteiro\Desktop\OTS.Txt
Deleted : C:\Users\Mário Monteiro\Desktop\ZHPDiag.txt
Deleted : C:\Users\Mário Monteiro\Desktop\ZHPDiag2.exe
Deleted : C:\Users\Mário Monteiro\Desktop\ZHPFixReport.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Classes\.cfxxe
Deleted : HKLM\SOFTWARE\Classes\cfxxefile
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
~ Cleaning system restore ...
Deleted : RP #1541 [MANUAL | 05/23/2013 13:22:37]
Deleted : RP #1543 [P | 05/24/2013 23:34:55]
Deleted : RP #1544 [Ponto de Verificação Agendado | 05/25/2013 16:48:41]
New restore point created !
########## - EOF - ##########
Boa Tarde! Mário Monteiro
|- Caso tenha problemas de lentidão,otimize o PC com o JetClean + JetBoost.
#######
|- Baixe: < JetClean 1.3.0 Final > ( ... by BlueSprig )
|- Salve-o em Arquivos de programas. ( jetclean-setup.exe )
|- Instale o software e na guia "1-Click",escolha a opção "Registry Clean".
|- Vá em "Scan Now" e escolha: Shut down PC after Repair
|- Ou escolhendo a opção "Repair",sem o reboot do PC.
< JetBoost >
|- À seguir,tente melhorar a performance com o JetBoost.
|- Tudo Ok?
A+
Muito obrigado DigRam
A principio está tudo otimo
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Bom Dia! Mário Monteiro
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/adwcleaner_logo.jpg&key=e2bde0dd8c13fd52e18ca6fc88e8f2d73040a387059f8bc22a53202f0de6f95f" alt="adwcleaner_logo.jpg" /> > ( ... par Xplode )
|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tlcharger.jpg&key=2319bbcd35144166c25768473f26c7f193a7ab5036b9479bd1465d8257d6f6b2" alt="AdwCleaner_Tlcharger.jpg" /> >
|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />
|- Ps: Dê início ao scan,clicando em "Remover". < /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abpXmu2U.jpg&key=ba3ca278ff9701ebe84a46dc01caabecb05660294243097bd9cdadad470fa662" alt="abpXmu2U.jpg" /> >
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acuDr4Nb.jpg&key=492da95813cfa0b62258768d3d470b9ceb78ca09dae770ecd9b6708eee1aab5e" alt="acuDr4Nb.jpg" />
|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt
-/-
|- Baixe: < ZHPDiag2 > ( ... de Nicolas Coolman )
|- Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag2.jpg&key=178ad18b812c89ff002c2f7a6a9d26b7ea0a5b5c562a6b193a3cfe4a954dd513" alt="ZHPDiag2.jpg" />
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Installation.jpg&key=96a003c16d3f0c4253ed9d913f8dbccdccf05e2d319057541335ce11db36eedb" alt="ZHPDiag_Installation.jpg" />
|- Confirme todos os passos,ao instalar ZHPDiag.
|- Conclua a instalação,clicando em "Termine".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_MBRCheck.jpg&key=422695ace691aac35aeb3c90e3a6a983cfe4bf8e09e8b7c24f682693d9ed8b14" alt="ZHPDiag_MBRCheck.jpg" />
|- Para Windows Vista,Windows 7 e 8,clique OK ao acionar ZHPDiag Setup.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i72.servimg.com/u/f72/11/05/93/83/zhpdia11.png&key=4cc0a90f5e878eee4809d3b0074944cc8b05d4532bee1e0d1b4cb77ac1fae4f0" alt="zhpdia11.png" />
|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:
|- <1> MBRCheck
|- <2> ZHPDiag2
|- <3> ZHPFix
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_cones.jpg&key=28df64f28f8eccaf2ff09c97b834aecbbd25cab9f58be4d67df683b802f5731a" alt="ZHPDiag_cones.jpg" />
|- Clique no ícone do pergaminho. ( ZHPScript )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Update.jpg&key=023d5cefa9a24da0bb233d6c3e9cfa2c6e9791d4b2e637615413003efcd1974c" alt="ZHPDiag_Update.jpg" />
|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )
|- Habilite todas as opções de diagnóstico,clicando em "Options".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_All.jpg&key=3039b3237721774c7ab0d572b8e334e5c59ce98a6435f488397e0b5452ea4640" alt="ZHPDiag_All.jpg" />
|- Clique em All.
|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.
|- /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_30days.jpg&key=4e2e7f7c08dde47e5d0f7001510ca78ffc8d42a4df5b5c0087e1aee884192fea" alt="ZHPDiag_30days.jpg" />
|- Clique em "Calendar" e escolha 30 dias!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPDiag_UAC.jpg&key=f03b919472ff9f0d8a3597cdd2980adb445695813761dfe0f41961f0b4893a7b" alt="ZHPDiag_UAC.jpg" />
|- Clique no botão UAC,para desabilitar essa proteção.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Lupa.jpg&key=8c7d977ff17da07a9b2472916401a7cf33c310788cb5a2891a5ebdc78642cd4e" alt="ZHPDiag_Lupa.jpg" />
|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )
|- Ao concluir,clique em "Save Report".
|- Salve-o em um local conveniente! ( ZHPDiag.txt )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i72.servimg.com/u/f72/11/05/93/83/zhpdia14.png&key=8b269d618fb3b9a6eba9afc9a3986e0960954ff91267fc9678ad00a0e3d22bb9" alt="zhpdia14.png" /> << Log
|- Ps: Não poste,diretamente,esse arquivo texto.
|- Envie-o à Pjjoint.malekal,clicando na seta azul! < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pjjoint-1.jpg&key=e6b4e6e3b19c50d6f2496ead0bcc87ac5ce8da02d5c381929fc5543e68ca06b0" alt="ZHPDiag_Pjjoint-1.jpg" /> >
|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> << Link!
|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abmdaZsE.jpg&key=433ccdd2cd040bd965a0b2bee3887132a2fd78ca8d607165658bf45467e220f0" alt="abmdaZsE.jpg" /> << Link!
|- Maiores informações: < |Link| >
A+