[Arquivado] Movie Mode

[Lshadowx 0]

Desistalei tal porem permanecem ainda propagandas... Se pudessem me ajudar agradeceria.

[DigRam 144]

Boa Noite! Lshadowx

|- Leia a Regra N° 02 e poste o log do HijackThis,conforme está ali orientado.

A+

[Lshadowx 0]

Log na qual foi pedido a seguir:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:22:56, on 26/07/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17207)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe

C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1402419585&from=smt&uid=ST1000DM003-1CH162_Z1D5SFVVXXXXZ1D5SFVV

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL

O2 - BHO: Enhance Net Extension BHO - {DCBF2E0B-B6B5-D35E-B3A4-E49C6C7A5CE9} - C:\Program Files (x86)\Enhance Net Extension\bho32.dll

O4 - HKLM\..\Run: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe

O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET)] "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "BR337FG14V05TY:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [drprotantivirus.exe] C:\Program Files (x86)\exedb\Dr Prot Antivirus\drprotantivirus.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-18\..\Run: [Agente da Carteira Bitdefender] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\Run: [Agente da Carteira Bitdefender] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: 0

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)

O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

O23 - Service: CDrRtll - GenTechnologies Apps, LLC - C:\ProgramData\rPLACE\CDrRtll.exe

O23 - Service: DirectIP - Urautog Software LTDA - C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\DirectIP\DirectIP.exe

O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe

O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: ShopperPro Update (SPBIUpd) - ShopperPro - C:\Program Files\Common Files\ShopperPro\spbiu.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 11924 bytes

[DigRam 144]

Boa Noite! Lshadowx

 

Baixe estas duas ferramentas na ordem estabelecida.

 

|- Baixe: < > ( ... by Oleg N. Scherbakov )

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Para Windows 7,clique direito em JRT.exe e execute-o ...

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução da seguinte forma:

|- Ps: Dê início ao scan,clicando em "Examinar".

|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.

|- Copie o log ou clique "Relatório".

|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

Abs!

 

[Lshadowx 0]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Professional x64

Ran by Gustavo on 26/07/2014 at 20:39:48,77

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26/07/2014 at 20:44:12,56

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[DigRam 144]

Boa Noite! Lshadowx

 

|- Poste,à seguir,o relatório de adwcleaner.

 

Abs!

[Lshadowx 0]

Obg por estar me ajudando e perdendo seu sagrado tempo com minhas burradas. :)

Segue Log:

 

 

# AdwCleaner v3.216 - Relatório criado 26/07/2014 às 20:48:54

# Atualizado 17/07/2014 por Xplode

# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)

# Usuário : Gustavo - USUARIO-PC

# Executando de : C:\Users\Gustavo\Downloads\adwcleaner_3.216.exe

# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : hlnfd

Serviço Deletada : SPBIUpd

[#] Serviço Deletada : SPBIUpdd

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\MovieMode

Pasta Deletada : C:\ProgramData\IObit\Driver Booster

Pasta Deletada : C:\ProgramData\ShopperPro

Pasta Deletada : C:\Program Files (x86)\Enhance Net Extension

Pasta Deletada : C:\Program Files (x86)\IObit\Driver Booster

Pasta Deletada : C:\Users\Cris\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl

Pasta Deletada : C:\Users\Gustavo\AppData\Local\MovieMode

Pasta Deletada : C:\Users\Gustavo\AppData\LocalLow\iWebar

Pasta Deletada : C:\Users\Gustavo\AppData\Roaming\IObit\Driver Booster

Pasta Deletada : C:\Users\Public\Documents\baidu

Pasta Deletada : C:\Users\Public\Documents\Goobzo

Pasta Deletada : C:\Users\Public\Documents\ShopperPro

Pasta Deletada : C:\Users\Public\Documents\YTAHelper

Pasta Deletada : C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmclajginlihohopoeofghddnhpplhom

Arquivo Deletada : C:\Users\Cris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

Arquivo Deletada : C:\Users\Giulia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

Arquivo Deletada : C:\Windows\System32\Tasks\Driver Booster Scan

Arquivo Deletada : C:\Windows\System32\Tasks\Driver Booster Update

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10

Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3

Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9

Chave Deletedo : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DCBF2E0B-B6B5-D35E-B3A4-E49C6C7A5CE9}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DCBF2E0B-B6B5-D35E-B3A4-E49C6C7A5CE9}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DCBF2E0B-B6B5-D35E-B3A4-E49C6C7A5CE9}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DCBF2E0B-B6B5-D35E-B3A4-E49C6C7A5CE9}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}

Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Chave Deletedo : HKCU\Software\GlobalUpdate

Chave Deletedo : HKCU\Software\RegisteredApplicationsEx

Chave Deletedo : HKCU\Software\SaveSense

Chave Deletedo : HKCU\Software\SaveSenseLive

Chave Deletedo : HKCU\Software\AppDataLow\Software\iWebar

Chave Deletedo : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Chave Deletedo : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Chave Deletedo : HKLM\Software\GlobalUpdate

Chave Deletedo : HKLM\Software\iWebar

Chave Deletedo : HKLM\Software\PutLockerDownloader V6.0

Chave Deletedo : HKLM\Software\SaveSenseLive

Chave Deletedo : HKLM\Software\SupDp

Chave Deletedo : HKLM\Software\SupTab

Chave Deletedo : HKLM\Software\supWindowsProtectManger

Chave Deletedo : HKLM\Software\sweet-pageSoftware

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar

Chave Deletedo : [x64] HKLM\SOFTWARE\installedbrowserextensions

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17207

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Google Chrome v31.0.1650.63

*************************

AdwCleaner[R0].txt - [13855 octets] - [03/01/2014 10:01:46]

AdwCleaner[R1].txt - [1465 octets] - [09/02/2014 21:54:19]

AdwCleaner[R2].txt - [7794 octets] - [26/07/2014 20:48:28]

AdwCleaner[s0].txt - [13336 octets] - [03/01/2014 10:02:39]

AdwCleaner[s1].txt - [1466 octets] - [09/02/2014 21:54:44]

AdwCleaner[s2].txt - [6901 octets] - [26/07/2014 20:48:54]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [6961 octets] ##########

[DigRam 144]

Boa Noite! Lshadowx

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < zoek.exe >

|- Salve-o e descompacte-o para o desktop!

|- Estarão disponíveis: zoek.com, zoek.scr, zoek.pif e zoek.exe

|- Desabilite seu antivírus!

|- Para Windows 7,execute zoek.exe como administrador.

shortcutfix;

autoclean;

emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.

|- Clique "Run Script".

Zoek.exe is running now.

Do not start any browser windows, they will be closed automatically.

Please wait! This window will close when finished.

A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o surgimento do relatório.

|- Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.

 

Restart computer, and try again.

 

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.

|- Poste o relatório,que estará em C:\zoek-results.txt <<

Abs!

[Lshadowx 0]

Status: Nenhuma melhora encontrata até agora.

LOG:

Zoek.exe v5.0.0.0 Updated 26-07-2014

Tool run by Gustavo on 26/07/2014 at 22:46:33,77.

Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\Zoek Removedor Extensoes\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-07-27-014557.log 26968 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3734562685-3170740775-3981834493-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Users\Gustavo\Searches deleted

C:\Users\Gustavo\AppData\LocalLow\ADSRemoval deleted

"C:\Users\Gustavo\AppData\Roaming\ANIWZCS{538EC323-0E3D-4D3A-B098-AD605C077557}" deleted

==== Chrome Look ======================

avast Online Security - Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

avast WebRep - Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda

BrowseSmart - Cris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippenodjaoidmkkfdlmdhofiebnpjddb

Docs - Giulia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

avast WebRep - Giulia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.sweet-page.com/?type=hp&ts=1402419585&from=smt&uid=ST1000DM003-1CH162_Z1D5SFVVXXXXZ1D5SFVV"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{33BB0A4E-99AF-4226-BDF6-49120163DE86} sweet-page Url="http://www.sweet-page.com/web/?type=ds&ts=1402419585&from=smt&uid=ST1000DM003-1CH162_Z1D5SFVVXXXXZ1D5SFVV&q={searchTerms}"

==== shortcuts on Users Desktops ======================

C:\Users\Giulia\Desktop\Dr Prot Antivirus.lnk - C:\Program Files (x86)\exedb\Dr Prot Antivirus\drprotantivirus.exe

C:\Users\Giulia\Desktop\FLV Player.lnk - C:\Users\Gustavo\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe

C:\Users\Giulia\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Giulia\Desktop\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe

C:\Users\Gustavo\Desktop\Tudo\Senha.lnk - C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Central de Controle.bat

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Jogos\Craften Terminal\Craften Terminal.lnk - C:\Program Files (x86)\Craften Terminal\Craften Terminal.exe

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Jogos\Craften Terminal\Join our server.lnk -

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\Adobe After Effects CS4.lnk - C:\Program Files (x86)\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\Advanced SystemCare 7.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\Apps.lnk - C:\Users\Public\Libraries\Apps.library-ms

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\Cinema 4D.lnk - C:\Program Files\MAXON\CINEMA 4D R13\CINEMA 4D 64 Bit.exe

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\DIP.exe - Atalho.lnk - C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\DirectIP\DIP.exe

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\Driver Booster.lnk - C:\Program Files (x86)\IObit\Driver Booster\SkipUacExec.exe

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\FL Studio 11.lnk - C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\Fraps.lnk - C:\Fraps\fraps.exe

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\Paint.NET.lnk - C:\Program Files (x86)\Paint.NET\PaintDotNet.exe

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\Rockstar Games Social Club.lnk - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\Start BlueStacks.lnk - C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\C4D\CINEMA 4D.lnk - C:\Program Files\MAXON\CINEMA 4D R13\CINEMA 4D.exe

C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\TvOn\Fraps.lnk - C:\Fraps\fraps.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.3\GameMaker-Studio 1.3 Help.lnk - C:\Users\Gustavo\AppData\Roaming\GameMaker-Studio\5pice.chm

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.3\GameMaker-Studio 1.3 License.lnk - C:\Windows\system32\notepad.exe C:\Users\Gustavo\AppData\Roaming\GameMaker-Studio\License.txt

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.3\GameMaker-Studio 1.3.lnk - C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\GameMaker\GameMaker-Studio.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.3\Uninstall.lnk - C:\Users\Gustavo\Desktop\Tudo\Arquivos - Escreva a senha para abrir a subpasta\Private\Programas\GameMaker\uninstall.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst\LIVE.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst\LIVE\Uninstall.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio\Battlefield 3\Atualizador GameVicio.lnk - C:\Program Files (x86)\GameVicio\Battlefield 3\Atualizador.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio\Battlefield 3\Desinstalar a Tradução.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio\Battlefield 3\Leia-me.lnk - C:\Program Files (x86)\GameVicio\Battlefield 3\notas.html

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio\Battlefield 3\Problemas Técnicos.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio\Battlefield 3\Página GameVicio Brasil®.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hoplon\APB Reloaded\Desinstalar.lnk - C:\Program Files (x86)\Hoplon\APB Reloaded\Desinstalar.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hoplon\APB Reloaded\Screenshot.lnk - C:\Program Files (x86)\Hoplon\APB Reloaded\Media\Screenshots

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hoplon\APB Reloaded\Video.lnk - C:\Program Files (x86)\Hoplon\APB Reloaded\Media\Videos

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXON\CINEMA 4D.lnk - C:\Program Files (x86)\MAXON\CINEMA 4D R13\CINEMA 4D.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter Emergency Startup.lnk - C:\Windows\explorer.exe "C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4.com"

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk - C:\Windows\SysWOW64\msiexec.exe /X {ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Time Stopper\Help.lnk - C:\Program Files (x86)\Time Stopper\Help.url

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Time Stopper\Time Stopper.lnk - C:\Program Files (x86)\Time Stopper\Time Stopper.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Time Stopper\Uninstall Time Stopper.lnk - C:\Program Files (x86)\Time Stopper\uninstall.exe "/U:C:\Program Files (x86)\Time Stopper\Uninstall\uninstall.xml"

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Logs and errors.lnk - C:\Program Files (x86)\WarThunder\.game_logs cd

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Replays.lnk - C:\Program Files (x86)\WarThunder\Replays cd

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Screenshots.lnk - C:\Program Files (x86)\WarThunder\Screenshots cd

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Uninstall War Thunder.lnk - C:\Program Files (x86)\WarThunder\unins000.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk - C:\Program Files (x86)\WarThunder\launcher.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Game Builder\3D Game Builder.lnk - C:\Program Files (x86)\Eternix\3D Game Builder\3DGameBuilder.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Game Builder\Documentação.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Game Builder\Ferramentas\Data Editor.lnk - C:\Program Files (x86)\Eternix\3D Game Builder\Tools\DataEditor.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Game Builder\Ferramentas\MD2 Viewer.lnk - C:\Program Files (x86)\Eternix\3D Game Builder\Tools\MD2Viewer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Game Builder\Ferramentas\MD3 Viewer.lnk - C:\Program Files (x86)\Eternix\3D Game Builder\Tools\MD3Viewer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Game Builder\Ferramentas\Model Viewer.lnk - C:\Program Files (x86)\Eternix\3D Game Builder\Tools\ModelViewer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Game Builder\Ferramentas\Terrain Texture Builder.lnk - C:\Program Files (x86)\Eternix\3D Game Builder\Tools\TerrainTextureBuilder.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Advanced SystemCare 7.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exedb\Dr Prot Antivirus\Dr Prot Antivirus.lnk - C:\Program Files (x86)\exedb\Dr Prot Antivirus\drprotantivirus.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exedb\Dr Prot Antivirus\Live Update.lnk - C:\Program Files (x86)\exedb\Dr Prot Antivirus\exeupdt.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exedb\Dr Prot Antivirus\Remove Dr Prot Antivirus.lnk - C:\Program Files (x86)\exedb\Dr Prot Antivirus\UNWISE.EXE

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\The Sims 2 Ultimate Collection.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk - C:\Windows\SysWOW64\msiexec.exe /i {BDA0EB29-8B31-4BF4-8B05-04AA52340AC4} REMOVE=ALL

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection\Contrato de Licença para Usuário Final da The Sims 2 Ultimate Collection.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection\Suporte Técnico.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection\The Sims 2 Ultimate Collection.lnk - C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\MonoDevelop.lnk - C:\Program Files (x86)\Unity\MonoDevelop\bin\MonoDevelop.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Report a Problem with Unity.lnk - C:\Program Files (x86)\Unity\Editor\UnityBugReporter.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Uninstall Unity.lnk - C:\Program Files (x86)\Unity\Editor\Uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Unity Documentation.lnk - C:\Program Files (x86)\Unity\Editor\Data\Documentation\Documentation.html

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Unity.lnk - C:\Program Files (x86)\Unity\Editor\Unity.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Giulia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Giulia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Giulia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Giulia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe

C:\Users\Giulia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Giulia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Giulia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\Giulia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Start BlueStacks.lnk - C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Cris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Cris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Giulia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gustavo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gustavo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SSVSIM7 will be deleted at reboot

C:\Users\Gustavo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\598ISWAJ will be deleted at reboot

C:\Users\Gustavo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9ZMEHTP will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

==== Empty Temp Folders ======================

C:\Users\Cris\AppData\Local\Temp emptied successfully

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Giulia\AppData\Local\Temp emptied successfully

C:\Users\Gustavo\AppData\Local\Temp will be emptied at reboot

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Gustavo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Gustavo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SSVSIM7" not found

"C:\Users\Gustavo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\598ISWAJ" not found

"C:\Users\Gustavo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9ZMEHTP" not found

==== EOF on 26/07/2014 at 22:59:03,98 ======================

[DigRam 144]

Bom Dia! Lshadowx

|- Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )

|- Salve-o no disco local! ( C ou D )

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag )

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )

|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < >

|- Maiores informações: < |Link| >

A+

[Lshadowx 0]

LOG(Link):http://cjoint.com/data3/3GBnKG3Xa5w.htm

[DigRam 144]

Boa Noite! Lshadowx

|- Desinstale SpyHunter ( Enigma Software Group )

< Crapware.SpyHunter >

|- Informações de Nicolas Coolman sobre o Crapware.SpyHunter.

-/-

|- Execute este script na ferramenta ZHPFix.

|- Copie estas informações que estão em vermelho,para o Bloco de Notas.

|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c

|- À seguir,minimize o Bloco de Notas.

script zhpfix

[MD5.DB576EE5C364337E294BA6F2B6871942] - (.GenTechnologies Apps, LLC - MovieMode Service.) -- C:\ProgramData\rPLACE\CDrRtll.exe [2319216] [PID.1388] =>PUP.MovieMode

[MD5.00000000000000000000000000000000] [APT] [installer_sense] (...) -- C:\Users\Gustavo\AppData\Local\Temp\nsq31A2.tmp\setup.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{9FDE2EA3-FBA3-4A82-817A-50607BB19F9F}] (...) -- C:\Program Files (x86)\PHD-V1.4\Uninstall.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{CD603BF5-CA78-4F60-A5B0-30BE425D2DC6}] (...) -- C:\Users\Gustavo\Downloads\dontlinkthefile_3danalyzer-v236 (1).exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{E91E91EC-49A5-4D14-AF37-8B47718738D9}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0]

O23 - Service: CDrRtll (CDrRtll) . (.GenTechnologies Apps, LLC - MovieMode Service.) - C:\ProgramData\rPLACE\CDrRtll.exe =>PUP.MovieMode

O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys

O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys

O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys

O41 - Driver: ({c047df5e-0fda-4055-b5db-a96a8a34a094}w64) . (. - .) - C:\Windows\System32\drivers\{c047df5e-0fda-4055-b5db-a96a8a34a094}w64.sys (.not file.)

O43 - CFD: 05/12/2013 - 17:11:06 - [] ----D C:\ProgramData\Baidu Security

O43 - CFD: 05/12/2013 - 17:11:12 - [] ----D C:\Users\Gustavo\AppData\Roaming\Baidu Security

O43 - CFD: 26/07/2014 - 21:01:06 - [] ----D C:\Users\Gustavo\AppData\Local\MovieMode =>PUP.MovieMode

O43 - CFD: 25/07/2014 - 12:42:06 - [] ----D C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter

O51 - MPSK:{28237faa-4424-11e3-937f-902b34fdcdb3}\AutoRun\command. (...) -- E:\SETUP.exe (.not file.)

O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]

O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]

O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]

O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER

O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON

O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT

O64 - Services: CurCS - 07/01/2014 - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter

O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (sweet-page) - http://www.sweet-page.com =>PUP.SweetPage

HKLM\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASAPI32 =>Spyware.PutLocker

HKLM\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASMANCS =>Spyware.PutLocker

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BeamriseSetup_RASAPI32 =>Hijacker.Beamrise

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BeamriseSetup_RASMANCS =>Hijacker.Beamrise

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_2810-7318364c_RASAPI32 =>Adware.IMBooster

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_2810-7318364c_RASMANCS =>Adware.IMBooster

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\trolatunt_RASAPI32 =>PUP.Trolatunt

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\trolatunt_RASMANCS =>PUP.Trolatunt

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatetrolatunt_RASAPI32 =>PUP.Trolatunt

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatetrolatunt_RASMANCS =>PUP.Trolatunt

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASAPI32 =>PUP.Melondrea

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASMANCS =>PUP.Melondrea

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application

[HKCU\Software\Baidu Security]

[HKCU\Software\Beamrise] =>Hijacker.Beamrise

[HKCU\Software\BrowseSmart] =>PUP.BrowseSmart

[HKCU\Software\ShopperPro] =>PUP.ShopperPro

[HKLM\Software\ShopperPro] =>PUP.ShopperPro

[HKLM\Software\Wow6432Node\Baidu Security]

[HKLM\Software\Wow6432Node\BrowseSmart] =>PUP.BrowseSmart

[HKLM\Software\Wow6432Node\ShopperPro] =>PUP.ShopperPro

[HKLM\SYSTEM\CurrentControlSet\Services\CDrRtll] =>PUP.MovieMode^

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Time Stopper4.0] =>Adware.TimeStopper

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^

[HKCU\Software\Beamrise] =>Hijacker.Beamrise^

[HKCU\Software\BrowseSmart] =>PUP.BrowseSmart^

[HKCU\Software\ShopperPro] =>PUP.ShopperPro^

[HKLM\Software\ShopperPro] =>PUP.ShopperPro^

[HKLM\Software\Wow6432Node\BrowseSmart] =>PUP.BrowseSmart^

[HKLM\Software\Wow6432Node\ShopperPro] =>PUP.ShopperPro^

C:\ProgramData\rPLACE\CDrRtll.exe

C:\Windows\System32\Drivers\Bfmon.sys

C:\Windows\System32\Drivers\Bprotect.sys

C:\Users\Gustavo\AppData\Local\MovieMode =>PUP.MovieMode^

C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^

C:\Program Files (x86)\Time Stopper =>Adware.TimeStopper

C:\Users\Gustavo\AppData\Local\Installer =>Adware.InstallPedia

EmptyPrefetch

EmptyFlash

EmptyClsid

FirewallRaz

HostFix

Ifeofix

Proxyfix

ShortcutFix

Sysrestore

|- Abra a ferramenta ZHPFix. < >

|- Clique IMPORTAÇÃO >> OK.

|- Clique "GO".

|- Poste o relatório!

A+

[DigRam 144]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.