[Resolvido] Firefox fecha e redireciona direto para o IE

[Rurick Lodder 0]

Bom dia,

 

estou tendo um problema no meu notebook, o q acontece é q quando tento acessar o e-mail usando o firefox o mesmo fecha e me redireciona para o IE o qual me da um alerta de site mal intencionado, já passei o Malwarebytes Anti-Malware e não resolveu, por isso vim buscar a ajuda de vcs do forum.

 

segue relatório do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:42:46, on 22/04/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17689)

Boot mode: Normal

Running processes:

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Diebold\Warsaw\core.exe

C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Diebold - Warsaw] C:\Program Files (x86)\Diebold\Warsaw\core.exe

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ELIPE] regsvr32.exe /s "C:\Users\Zé\AppData\Roaming\img.jpg" #lou4rfadb

O4 - HKCU\..\Run: [felipepc] regsvr32 /s "C:\Users\Zé\AppData\Roaming\\FELIPE-PC.jpg"

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O15 - Trusted Zone: bankline.itau.com.br

O15 - Trusted Zone: clickbanking.itau.com.br

O15 - Trusted Zone: guardiao.itau.com.br

O15 - Trusted Zone: www.itau.com.br

O15 - Trusted Zone: http://www.itau.com.br

O15 - Trusted Zone: *.itau.com.br

O15 - Trusted Zone: http://www.itaupersonnalite.com.br

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files (x86)\Diebold\Warsaw\core.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9788 bytes

[caedurodrigues 19]

Bom dia Rurick, poste também o log do Malwarebytes que você mencionou.

 

• Baixe: <> (...par Xplode)

• Ou aqui >>AdwCleaner<<

• Salve-a na sua Desktop (área de trabalho).

• Feche todos os programas e navegadores de internet abertos.

• Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:

• Clique em Examinar, para iniciar o escaneamento!

• Ao término, clique em limpar

• Copie o log ou clique "Relatório".

• Poste: >>C:\AdwCleaner\AdwCleaner [s0].txt<<

 

• Baixe:<> <(...by Oleg N. Scherbakov)>

• Salve-o no desktop!

• Desabilite seu antivírus!

• Para Windows 7, clique direito em JRT.exe e execute-o como

• Aguarde a conclusão e poste o relatório. ( JRT.txt )

Um grande abraço. :thumbsup:

 

[Rurick Lodder 0]

boa tarde,

 

segue os logs

 

 

 

Malwarebytes

---------------------------

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 21/04/2015

Scan Time: 23:28:22

Logfile: Malwarebytes anti-malware.txt

Administrator: Yes

Version: 2.00.4.1028

Malware Database: v2015.04.21.07

Rootkit Database: v2015.04.21.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Zé

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 428907

Time Elapsed: 11 min, 50 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 53

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickProcessLauncherMachine, Quarantined, [9f9c422db1d9bd79b909e76e4db8857b],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickProcessLauncherMachine.1.0, Quarantined, [8caf4629305af640239f2a2bf80d0000],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoCreateAsync, Quarantined, [73c892ddef9b41f53b88361fb74e629e],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoCreateAsync.1.0, Quarantined, [271478f77f0bc76f546f2e271ee7fe02],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreClass, Quarantined, [85b6bcb35e2c62d47d461a3bad587a86],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreClass.1, Quarantined, [a695115e0e7c50e6ffc458fd09fcf010],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreMachineClass, Quarantined, [cb7072fd206ace68893af75e8f76aa56],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreMachineClass.1, Quarantined, [c37896d9008a7bbbc7fc9cb940c59967],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CredentialDialogMachine, Quarantined, [cf6cbdb24b3f54e2358e04517a8bc53b],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CredentialDialogMachine.1.0, Quarantined, [e05be689beccaa8c6e55f16438cdf10f],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine, Quarantined, [49f2036c503aaf871ba86de8e91c5fa1],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [fc3f5b140d7d72c4fec563f2937247b9],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback, Quarantined, [5edd6d02e5a5ef474380df767b8a12ee],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [8dae85eae3a76bcbe4df3421d92cb848],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc, Quarantined, [e5562a4591f90d298b38c88db15435cb],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [ea5179f62565b482566daaabfb0a05fb],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.ProcessLauncher, Quarantined, [85b60768fc8eaa8c6b5801542dd85ca4],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.ProcessLauncher.1.0, Quarantined, [d7646a05fe8c3006d5ee163f4cb9a957],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3COMClassService, Quarantined, [ea513f3095f57db9e0e398bdd2334cb4],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3COMClassService.1.0, Quarantined, [63d84c233c4e6acc12b181d41aeb27d9],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachine, Quarantined, [5edd3e319cee8ea822a10352e421fd03],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachine.1.0, Quarantined, [95a6a7c87a10b383d0f3e86d91749f61],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback, Quarantined, [cb70343bdcaed4628e351045669f38c8],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback.1.0, Quarantined, [16251a55791166d0556ed08513f2b947],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebSvc, Quarantined, [ee4d016e3b4fa88e843f7bdae1246d93],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebSvc.1.0, Quarantined, [8caf5b1492f850e64a79173edf2619e7],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickProcessLauncherMachine, Quarantined, [d962511ec1c99c9aa022aca9c93cdc24],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickProcessLauncherMachine.1.0, Quarantined, [a19a5e11becc86b0a61c4d087392629e],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoCreateAsync, Quarantined, [c279036ce6a467cf378c3124d82d837d],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoCreateAsync.1.0, Quarantined, [bb80e18e315954e2b2113124f70eb34d],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreClass, Quarantined, [d06b2f405d2dac8af4cf85d060a51fe1],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreClass.1, Quarantined, [67d4eb84afdb989ef3d095c0ed1819e7],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreMachineClass, Quarantined, [79c2afc0b9d15dd9e0e33b1aa1649f61],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreMachineClass.1, Quarantined, [61daff7016740630f8cb3d18fd0802fe],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CredentialDialogMachine, Quarantined, [b883cfa095f569cd09ba0550b253d62a],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CredentialDialogMachine.1.0, Quarantined, [1d1ec7a89febd264368d4312c34221df],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine, Quarantined, [102b59162e5ca591596a193ca2634ab6],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [0734b3bc0585c5715e65b4a1e71edc24],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback, Quarantined, [2e0d650acebcdd5908bb3a1bb74e619f],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [62d93f303a50082ed1f2c1948580b749],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc, Quarantined, [87b49fd02961d561f7ccc095fe072ed2],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [93a81956b2d8d165d2f1d184a0659d63],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.ProcessLauncher, Quarantined, [1b205817b2d8a195a221b2a3709556aa],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.ProcessLauncher.1.0, Quarantined, [75c62748692186b010b3e4716a9b06fa],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3COMClassService, Quarantined, [4af14c23305a5cda883b3b1aed18728e],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3COMClassService.1.0, Quarantined, [e457f47b29612115ad163b1a4fb6847c],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachine, Quarantined, [57e4125d23677cba91325ef716efcf31],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachine.1.0, Quarantined, [59e2adc29deda6901ba85df84eb731cf],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback, Quarantined, [85b6145b02881d19bd06aca954b1f30d],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback.1.0, Quarantined, [1526e8875c2ebb7b299a59fc5ca91ae6],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebSvc, Quarantined, [3cff70ff3d4d9f97bc0766ef07fedb25],

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebSvc.1.0, Quarantined, [53e8c0af9ded89adcaf9bb9a040104fc],

PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3432371790-2485287615-4210118418-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [1a21a5ca83072f0799983192f40f7987],

Registry Values: 1

PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3432371790-2485287615-4210118418-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, Firefox, Quarantined, [1a21a5ca83072f0799983192f40f7987]

Registry Data: 0

(No malicious items detected)

Folders: 1

PUP.Optional.FramedDisplay.A, C:\Users\Felipe\AppData\Local\Temp\Framed Display, Quarantined, [23186c03c5c52a0c79cb4977877c6997],

Files: 1

PUP.Optional.Browser.A, C:\ProgramData\Browser\prompt.exe.config, Quarantined, [1f1c0a650783af87226e371fe81d9b65],

Physical Sectors: 0

(No malicious items detected)

(end)

------------------------------

AdwCleaner

-----------------------------

# AdwCleaner v4.202 - Relatório criado 23/04/2015 às 15:25:39

# Atualizado 23/04/2015 por Xplode

# Base de dados : 2015-04-23.2 [servidor]

# Sistema operacional : Windows 7 Enterprise Service Pack 1 (x64)

# Usuário : Zé - FELIPE-PC

# Executando de : C:\Users\Zé\Desktop\limpeza virus\adwcleaner_4.202.exe

# Opção : Verificar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gagcbogmgkaogoadfcoicjdojbmkegao_0.localstorage

Arquivo Encontrado : C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage

Arquivo Encontrado : C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal

Arquivo Encontrado : C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_br.ask.com_0.localstorage

Arquivo Encontrado : C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_br.ask.com_0.localstorage-journal

Arquivo Encontrado : C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\srf5csci.default\user.js

Arquivo Encontrado : C:\Users\Zé\AppData\Roaming\Mozilla\Firefox\Profiles\ohdsrojd.default\user.js

Arquivo Encontrado : C:\Windows\System32\roboot64.exe

Pasta Encontrado : C:\Program Files (x86)\globalUpdate

Pasta Encontrado : C:\ProgramData\Ask

Pasta Encontrado : C:\ProgramData\baidu

Pasta Encontrado : C:\ProgramData\Browser

Pasta Encontrado : C:\Users\Felipe\AppData\Roaming\baidu

Pasta Encontrado : C:\Users\Felipe\AppData\Roaming\Systweak

Pasta Encontrado : C:\Users\Zé\AppData\Local\globalUpdate

Pasta Encontrado : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\speed browser

***** [ Tarefas agendadas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Encontrado : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Chave Encontrado : HKCU\Software\AppDataLow\Software\Framed Display

Chave Encontrado : HKCU\Software\BI

Chave Encontrado : HKCU\Software\BoBrowser

Chave Encontrado : HKCU\Software\GlobalUpdate

Chave Encontrado : HKCU\Software\Optimizer Pro

Chave Encontrado : [x64] HKCU\Software\BI

Chave Encontrado : [x64] HKCU\Software\BoBrowser

Chave Encontrado : [x64] HKCU\Software\GlobalUpdate

Chave Encontrado : [x64] HKCU\Software\Optimizer Pro

Chave Encontrado : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Chave Encontrado : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Chave Encontrado : HKLM\SOFTWARE\Baidu

Chave Encontrado : HKLM\SOFTWARE\Clara

Chave Encontrado : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Chave Encontrado : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}

Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Chave Encontrado : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

Chave Encontrado : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

Chave Encontrado : HKLM\SOFTWARE\e4fad717-b28e-429a-ba31-c0165b8e5f8f

Chave Encontrado : HKLM\SOFTWARE\GlobalUpdate

Chave Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Chave Encontrado : HKLM\SOFTWARE\SpeedBrowser

Chave Encontrado : HKLM\SOFTWARE\systweak

Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Chave Encontrado : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Mozilla Firefox v37.0.1 (x86 pt-BR)

[ohdsrojd.default] - Linha Encontrado : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");

[ohdsrojd.default] - Linha Encontrado : user_pref("extensions.crossrider.bic", "1493f4b4660604267edb3c9e025e29b8");

[ohdsrojd.default] - Linha Encontrado : user_pref("extensions.quick_start.enable_search1", false);

[ohdsrojd.default] - Linha Encontrado : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true);

-\\ Google Chrome v42.0.2311.90

[C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [search Provider] : hxxp://www.softonic.com.br/s/{searchTerms}

[C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

[C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [search Provider] : hxxp://www8.hp.com/br/pt/hp-search/search-results.html?cc=br〈=pt&charset=utf-8&qp=url%3Ah41131.www4.hp.com%2Fbr%2Fpt+url%3ANEW+URL+GOES+HERE&hpn=Inicio&hpa=hxxp%3A%2F%2Fwww.hp.com%2Fcountry%2Fbr%2Fpt%2Fcontact_us.html&hps=Inicio&hpr=hxxp%3A%2F%2Fh41131.www4.hp.com%2Fbr%2Fpt&cat=&qt={searchTerms}&search=

[C:\Users\Tereza\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

[C:\Users\Zé\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [7942 bytes] - [23/04/2015 15:25:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8001 bytes] ##########

----------------------------

JRT

---------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.6.1 (04.23.2015:1)

OS: Windows 7 Enterprise x64

Ran by Z‚ on 23/04/2015 at 15:34:50,26

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\baidu security

~~~ FireFox

Emptied folder: C:\Users\Z‚\AppData\Roaming\mozilla\firefox\profiles\ohdsrojd.default\minidumps [9 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 23/04/2015 at 15:38:42,78

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---------------------------

[caedurodrigues 19]

Boa noite Rurick, você utilizou o AdwCleaner na Opção : Verificar. Excecute novamente o AdwCleaner e clique em limpar depois poste novamente o relatório. Após utilizar o AdwCleaner realize o procedimento abaixo:

 

• Baixe: <ZHPDiag ><> ( ...Nicolas Coolman)

• Salve-o no Disco local (C ou D).

• Desabilite seu antivírus, e execute ZHPDiag.exe para instalar.

• Execute o ícone do pergaminho!

• Clique na opção "COMPLETA" e aguarde a conclusão.

• Clique OK e,ao concluir, poste o relatório! ( ZHPDiag.txt )

• Obs: O relatório por ser extenso deve ser postado em um desses sites:

• Acesse: <>

• Ou acesse:<>

• Maiores informações:<Link> << Hospedagem !

Um grande abraço. :thumbsup:

 

 

 

[Rurick Lodder 0]

boa tarde,

 

segue logs

 

AdwCleaner

--------------------------------------------

http://wikisend.com/download/469340/AdwCleaner[s1].txt

--------------------------------------------

 

ZHPDiag

--------------------------------------------

http://wikisend.com/download/893286/ZHPDiag.txt

--------------------------------------------

[caedurodrigues 19]

Boa noite Rurick,

 

• Execute este script na ferramenta ZHPFix.

• Copie estas informações que estão em vermelho para o Bloco de notas.

• Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.

• À seguir, minimize o Bloco de notas.

Script ZHPFix

SysRestore

O4 - GS\QuickLaunch [Felipe]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.sweet-page.com =>PUP.SweetPage

O4 - GS\TaskBar [Felipe]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com =>PUP.SweetPage

O4 - GS\Program [Felipe]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com =>PUP.SweetPage

O4 - GS\SystemTools [Felipe]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com =>PUP.SweetPage

[MD5.00000000000000000000000000000000] [APT] [{017226F4-86FF-45D2-975D-27977A1C9B52}] (...) -- C:\Users\Zé\AppData\Local\Temp\Rar$DIa0.504\2§ Via De Boleto Pendente.cpl" (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{31F6ED14-C99C-4C47-A7F2-0FC7CCB12794}] (...) -- C:\ProgramData\Meteoroids\uninstall.exe (.not file.) [0] =>PUP.Meteoroids

[HKLM\Software\Baidu Security]

[HKLM\Software\Wow6432Node\Baidu Security]

O43 - CFD: 21/10/2014 - 00:12:29 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804

O43 - CFD: 24/04/2015 - 12:11:07 - [] ----D C:\ProgramData\boost_interprocess

O44 - LFC:[MD5.C51B2D6C54BB33659A7DA97AA0E03061] - 25/04/2015 - 12:21:13 ---A- . (...) -- C:\Windows\System32\AutoKMS.log [111175] =>Trojan.AutoKMS

O51 - MPSK:{4030e76d-adc3-11e1-bba0-001060d01362}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)

O51 - MPSK:{5dc369ea-bb72-11e3-a36d-001060d01362}\AutoRun\command. (...) -- E:\LGAutoRun.exe (.not file.)

O51 - MPSK:{c36c401c-ada2-11e1-b595-001060d01362}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)

O61 - LFC: 19/04/2015 - 12:46:10 ---A- . (...) -- C:\Users\Zé\AppData\Local\Temp\jrt\chrome.bat [13832]

O61 - LFC: 19/04/2015 - 12:46:11 ---A- . (...) -- C:\Users\Zé\AppData\Local\Temp\jrt\TDL4.bat [1192]

O61 - LFC: 19/04/2015 - 12:46:11 ---A- . (...) -- C:\Users\Zé\AppData\Local\Temp\jrt\delfolders.bat [1771]

O61 - LFC: 19/04/2015 - 12:46:11 ---A- . (...) -- C:\Users\Zé\AppData\Local\Temp\jrt\firefox.bat [153581]

O61 - LFC: 19/04/2015 - 12:46:11 ---A- . (...) -- C:\Users\Zé\AppData\Local\Temp\jrt\iexplore.bat [30974]

O61 - LFC: 19/04/2015 - 12:46:11 ---A- . (...) -- C:\Users\Zé\AppData\Local\Temp\jrt\medfos.bat [18357]

O61 - LFC: 19/04/2015 - 12:46:11 ---A- . (...) -- C:\Users\Zé\AppData\Local\Temp\jrt\runvalues.bat [7921]

O61 - LFC: 19/04/2015 - 12:46:11 ---A- . (...) -- C:\Users\Zé\AppData\Local\Temp\jrt\searchlnk.bat [9459]

O61 - LFC: 19/04/2015 - 12:46:11 ---A- . (...) -- C:\Users\Zé\AppData\Local\Temp\jrt\surfvox.bat [1162]

O61 - LFC: 22/04/2015 - 12:46:10 ---A- . (...) -- C:\Users\Zé\AppData\Local\Temp\jrt\ask.bat [21096]

O61 - LFC: 23/04/2015 - 12:46:11 ---A- . (...) -- C:\Users\Zé\AppData\Local\Temp\Quarantine.exe [606208]

O61 - LFC: 23/04/2015 - 12:46:11 ---A- . (...) -- C:\Users\Zé\AppData\Local\Temp\jrt\get.bat [17667]

O61 - LFC: 23/04/2015 - 12:46:11 ---A- . (...) -- C:\Users\Zé\AppData\Local\Temp\jrt\misc.bat [123294]

C:\Windows\AutoKMS.exe =>Trojan.Keygen

EmptyClsid

FirewallRaz

EmptyPrefetch

EmptyTemp

EmptyFlash

• Abra a ferramenta ZHPFix. <>

• Clique em IMPORTAÇÃO > OK

• Clique "GO".

• Poste o Relatório!

Um grande abraço. :thumbsup:

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

[Rurick Lodder 0]

boa noite,

 

segue relatório

 

Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015

Fichier d'export Registre :

Run by Zé at 26/04/2015 19:50:32

High Elevated Privileges : OK

Windows 7 Enterprise Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 14s)

Prefetcher vazio

========== Processo memória ==========

ELIMINÉ: Memory Process: C:\Windows\AutoKMS.exe

========== Chaves do Registo ==========

ELIMINÉ:* HKLM\Software\Baidu Security

ELIMINÉ CLSID MPSK: {4030e76d-adc3-11e1-bba0-001060d01362}

ELIMINÉ CLSID MPSK: {5dc369ea-bb72-11e3-a36d-001060d01362}

ELIMINÉ CLSID MPSK: {c36c401c-ada2-11e1-b595-001060d01362}

========== Valores do Registo ==========

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia

ELIMINÉ Temporários windows (38)

ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========

ELIMINÉ: c:\users\zé\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk (http://www.sweet-page.com)

CRIADO: C:\Users\Zé\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

ELIMINÉ: c:\users\zé\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk (http://www.sweet-page.com)

CRIADO: C:\Users\Zé\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

ELIMINÉ: c:\users\zé\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk (http://www.sweet-page.com)

CRIADO: C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

ELIMINÉ: c:\users\zé\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\internet explorer (no add-ons).lnk (http://www.sweet-page.com)

CRIADO: C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

ELIMINA REINICIAR: c:\windows\system32\autokms.log

ELIMINÉ: c:\users\zé\appdata\local\temp\jrt\chrome.bat

ELIMINÉ: c:\users\zé\appdata\local\temp\jrt\tdl4.bat

ELIMINÉ: c:\users\zé\appdata\local\temp\jrt\delfolders.bat

ELIMINÉ: c:\users\zé\appdata\local\temp\jrt\firefox.bat

ELIMINÉ: c:\users\zé\appdata\local\temp\jrt\iexplore.bat

ELIMINÉ: c:\users\zé\appdata\local\temp\jrt\medfos.bat

ELIMINÉ: c:\users\zé\appdata\local\temp\jrt\runvalues.bat

ELIMINÉ: c:\users\zé\appdata\local\temp\jrt\searchlnk.bat

ELIMINÉ: c:\users\zé\appdata\local\temp\jrt\surfvox.bat

ELIMINÉ: c:\users\zé\appdata\local\temp\jrt\ask.bat

ELIMINÉ: c:\users\zé\appdata\local\temp\quarantine.exe

ELIMINÉ: c:\users\zé\appdata\local\temp\jrt\get.bat

ELIMINÉ: c:\users\zé\appdata\local\temp\jrt\misc.bat

ELIMINÉ Temporários windows (389) (53.770.468 octets)

ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========

ELIMINÉ: {017226F4-86FF-45D2-975D-27977A1C9B52}

ELIMINÉ: {31F6ED14-C99C-4C47-A7F2-0FC7CCB12794}

========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========

1 : Processo memória

4 : Chaves do Registo

2 : Valores do Registo

3 : Pastas

24 : Ficheiros

2 : Tarefa planificada

1 : Restauração Sistema

End of clean in 01mn 12s

========== Caminho do ficheiro do relatório ==========

C:\Users\Zé\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/04/2015 19:50:47 [3381]

boa noite,

 

segue relatório

 

Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015

Fichier d'export Registre :

Run by Zé at 26/04/2015 19:50:32

High Elevated Privileges : OK

Windows 7 Enterprise Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 14s)

Prefetcher vazio

========== Processo memória ==========

ELIMINÉ: Memory Process: C:\Windows\AutoKMS.exe

===%2

[caedurodrigues 19]

Boa noite Rurick, informe como está o PC.

• Baixe:<zoek.exe> (...by Smeenk)

• Salve na sua Desktop (Área de trabalho) !

• Execute o arquivo Zoek.exe.

• Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em

• Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!

createsrpoint;

iedefaults;

ffdefaults;

firefoxlook;

ielook;

shortcutfix;

autoclean;

emptyalltemp;

ipconfig /flushdns;b

emptyfolderscheck;delete

• Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.

• Clique , aguarde o scan. Ao final abrirá o bloco de notas com o relatório.

• Uma cópia também será salva no seu disco local com o nome zoek-results.txt.

• Anexe o zoek-results.txt na sua próxima resposta.

Um grande abraço. :thumbsup:

[Rurick Lodder 0]

boa tarde,

 

não fiz nova tentativa de acessar o e-mail nesta maquina para não correr o risco de ter problemas com senhas.

 

segue relatório do zoek

 

Zoek.exe v5.0.0.0 Updated 23-04-2015

Tool run by Z‚ on 27/04/2015 at 11:36:24,47.

Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Z28DA~1\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

27/04/2015 11:38:40 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\FreeTime deleted successfully

C:\Program Files\Google deleted successfully

C:\Users\Z28DA~1\AppData\Local\Opera Software deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1412E334-D596-4F68-B096-927E90F2332F} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16777BAC-D4-40DF-9921-185F52D924B4} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16F4419F-FBB9-4A82-B9B1-92F0FF3C9D30} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C976081-F5D7-4BDC-84BD-158674615528} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D42B519-E1C-4EE9-8240-D5358C48A0A5} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F92D687-E6A-4EDB-89A5-9E7422CF3D80} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{225A978-3F08-44A9-B27D-7DFB6E87E9C} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A126229-C263-440E-877A-2D6801B29BA} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E5139AF-E8B5-45E2-ACE0-37927DD2B9E6} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E5CB4A2-BF7E-4593-A7B0-E93B950583E} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31910274-2292-49F5-AB95-D4845B75ED8} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3345C651-7A9A-4359-B3CF-E0999B923E3F} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33516755-FE3A-425B-A68A-1731EF9EA} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{341893CC-813D-42B9-9170-C3F378EB94B3} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39FA3767-15B5-4277-88BA-A0141788EA82} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EF77AD5-48F5-4D0F-B012-812E986A634} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F78CB8-3ACE-4389-9421-FB4489C7E716} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{404E9103-4FA5-4371-8E54-7EEF8F37BFA} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B62602C-62F0-4845-B796-DF0D2249184} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C42F721-3EC1-49B3-948A-25EDDA82F298} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C5D2FA6-6CC8-4D23-9793-4843565550E5} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F970C9C-E9E5-49EF-B576-429C63353C9A} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{517620F1-632C-40FE-8326-8E345529E52} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51AEC174-2098-42AF-95B0-B673F94B674} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52C835DD-AE07-4CB6-AD48-9EAADB81A297} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{554F263D-127F-4991-AC9-4CD82CA113D} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A18DD26-50D6-4517-AB83-67BB2A17CFCE} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D428443-F65-45A9-AEE3-F0976CD753CC} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6200A13F-668A-4677-A139-58A83D069DE} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65753121-D249-4607-886A-3B80FEAA24C4} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66CE332F-9DE8-4EC2-89F4-E87CFAA585BD} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68744D17-D4DF-4D0C-BE81-9F772F55428} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6a80085a-e676-473f-b51b-da2159d6dbc9} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B8034DE-3E16-48F9-ACF5-BD69593D9624} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C65A133-EAF0-41A4-A55C-6EDCE8293845} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73770112-a91d-4e0f-a40d-83517f0f5463} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{762389F3-DBA0-46DA-9ACD-DDDBBAD6CFBC} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78982224-FB47-4F88-8889-B2B152134A4} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{805DD7C1-44C0-4357-A366-BD122ADA6F5} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{849095AA-307D-45EC-9B7D-BBE3CD6D4B9E} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B80A395-3EE7-4E93-8445-4AD2537F3E9} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8BBC3AC1-DF16-4377-AD22-7AA56048E637} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DCDF92D-A88D-470E-80D4-9BC84B29B043} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{936DD095-15F3-483A-8715-59506F7DB4E1} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{947F4A1D-B46F-4EB4-A451-BE186D30BA4} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95D79495-8736-41DC-97B-21F643AB4F24} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{995CF595-A579-4651-97A5-139D9C98633F} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{996DC4D0-A8AE-406F-88AA-EA73B7239497} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C2A1A1-5F17-4C05-A638-C5A2DC92561D} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D3734C1-8F1B-4451-A2F2-FEF9FE1EBA7C} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FFE0BFD-63C-42E2-AB92-5DA867BE2E31} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A38EA9A-6FC5-4E31-B9A6-985F222D7FE9} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4B443C7-EA63-42B1-B539-186885443CB3} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6FD9A4B-872-4425-B7B7-E24B2B2C9BCA} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7767AE-80FA-4009-84EF-EA9A196A9AF4} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA7C835F-B37-4A40-9BEA-3B4D5993485} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABBB66A8-1DC9-40C0-944-DA0C017C312} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2099AB0-2AEE-4348-BBF6-66E252DD2E3F} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4DA4425-5C8F-4367-A7DC-5689E11A9DB1} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B60CEFD0-7D78-4758-B99D-7E79256BCC4} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC469B96-F21D-4BB4-A6C3-75D4D3102EC} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C25A7C6C-5D2E-4C8D-8A29-D3B36BC96C0} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C750D83A-9B0-4251-9436-F52524461FB8} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAF8C90-E14A-447D-BE35-90E612E92828} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3FC0AC9-9D72-42D6-AA1F-AB6636487D8} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5EA469C-B8BE-438C-907A-37F56EAC574A} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D62E375-826F-45DE-93A-BC2294148252} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D74EC1C1-CE90-4CB9-A3BA-3494B99EDFE2} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D75BAE27-434D-4D0D-88EF-8DFEAB4DF1C} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7B03B47-7B1F-4C68-98B7-10ADE655637C} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7FDC5E9-1996-43F7-A1D1-E788A8AAEAA6} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D919E140-D58-4E08-9713-2626131BD3} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC17722D-94E-4770-9B21-3C3D95453EB} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCDEBDE0-25EC-4A47-9BA4-71DDE87CE95} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF5137A1-F3A-4CDA-A232-B7403D62F98D} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A418DD-F1A0-4473-9244-EF74F0EEAD31} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE1DA90-4667-4880-8C49-CA9D81AEB065} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF48B66-F467-4AEB-9560-E7FA7C573C66} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F073550D-92A1-4EF0-8E1A-66B1D3C7EDC3} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4CC0E5F-369B-4583-8ED7-D3B5E1D48FC9} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F60F9E21-D9DB-4E60-84FE-1571271AD058} deleted successfully

HKEY_USERS\S-1-5-21-3432371790-2485287615-4210118418-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE4520CC-F56D-4B05-848-37BB7C8DC28B} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6a80085a-e676-473f-b51b-da2159d6dbc9} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73770112-a91d-4e0f-a40d-83517f0f5463} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\srf5csci.default\prefs.js:

user_pref("browser.search.selectedEngine", "sweet-page");

Added to C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\srf5csci.default\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Tereza\AppData\Roaming\Mozilla\Firefox\Profiles\f5gq6et5.default\prefs.js:

Added to C:\Users\Tereza\AppData\Roaming\Mozilla\Firefox\Profiles\f5gq6et5.default\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Z28DA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ohdsrojd.default\prefs.js:

user_pref("browser.startup.homepage", "www.terra.com.br");

Added to C:\Users\Z28DA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ohdsrojd.default\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\srf5csci.default

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_042015_1157_.backup

ProfilePath: C:\Users\Tereza\AppData\Roaming\Mozilla\Firefox\Profiles\f5gq6et5.default

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_042015_1157_.backup

ProfilePath: C:\Users\Z28DA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ohdsrojd.default

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_042015_1157_.backup

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\FreeTime not found

C:\PROGRA~3\TspfknoYNbX deleted

C:\PROGRA~3\Package Cache deleted

C:\windows\SysNative\GroupPolicy\Machine deleted

C:\windows\SysNative\GroupPolicy\User deleted

C:\windows\SysNative\GroupPolicy\gpt.ini deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\srf5csci.default

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Tereza\AppData\Roaming\Mozilla\Firefox\Profiles\f5gq6et5.default

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Z28DA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ohdsrojd.default

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Z‚\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [26/03/2015 14:31]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Z28DA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ohdsrojd.default

- Undetermined - C:\Users\Zé\AppData\Local\GAS Tecnologia\GBBD\uni\xpi

- Undetermined - C:\Users\Zé\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Chromium Look ======================

Google Chrome Version: 42.0.2311.90 (Latest Stable version: 42.0.2311.90) [z-db]

AdBlock - Tereza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Bookmark Manager - Z28DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik

Chrome Hotword Shared Module - Z28DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Chromium Fix ======================

C:\Users\Tereza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully

C:\Users\Tereza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.terra.com.br_0.localstorage deleted successfully

C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.terra.com.br_0.localstorage-journal deleted successfully

C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.mlstatic.com_0.localstorage deleted successfully

C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.mlstatic.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== shortcuts on Users Desktops ======================

C:\Users\Felipe\Desktop\Continue PhotoScape Installation.lnk - C:\Users\Felipe\AppData\Local\Temp\ICReinstall_photoscape-363-baixaki-32-bits (1).exe /RR

C:\Users\Felipe\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe

C:\Users\Felipe\Desktop\musica tereza\Vídeos - Atalho.lnk -

C:\Users\Z28DA~1\Desktop\HiJackThis.lnk - C:\Users\Zé\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\Z28DA~1\Desktop\LAUDO - PPRA - 2014 - Atalho.lnk - E:\ZZBACKUP\F 2014-08-21 15;55;41\Ze\LAUDOS AMBIENTAIS\LAUDO - PPRA - 2014

C:\Users\Z28DA~1\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

C:\Users\Z28DA~1\Desktop\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe

C:\Users\Z28DA~1\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

C:\Users\Z28DA~1\Desktop\PLASPET FISPQs - JAN-14 - Atalho.lnk - E:\ZZBACKUP\F 2014-08-21 15;55;41\Ze\LAUDOS AMBIENTAIS\LAUDO - PPRA - 2014\1 - JAN - 14\PLASPET FISPQs - JAN-14

C:\Users\Z28DA~1\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe

C:\Users\Z28DA~1\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

C:\Users\Z28DA~1\Desktop\Zé Machado\VOTORANTIM ENERGIA - OUT-14\Desktop.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

C:\Users\Public\Desktop\Ajuda do PlayMemories Home.lnk - C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe /Help

C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\Comprar suprimentos - HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\hpqDTSS.exe

C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Users\Public\Desktop\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe -Start UDCDevicePage

C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Public\Desktop\PlayMemories Home.lnk - C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe

C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -

C:\Users\Zé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk -

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Uninstall Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab about

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab update

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab about

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Felipe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Felipe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Felipe\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Felipe\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Tereza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Tereza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Z28DA~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Z28DA~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Felipe\AppData\Local\Mozilla\Firefox\Profiles\srf5csci.default\cache2 emptied successfully

C:\Users\Tereza\AppData\Local\Mozilla\Firefox\Profiles\f5gq6et5.default\cache2 emptied successfully

C:\Users\Z28DA~1\AppData\Local\Mozilla\Firefox\Profiles\ohdsrojd.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Tereza\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Z28DA~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=26 folders=12 10007948 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Felipe\AppData\Local\Temp will be emptied at reboot

C:\Users\Tereza\AppData\Local\Temp emptied successfully

C:\Users\Z28DA~1\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Z28DA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Felipe\AppData\Local\Temp\Deployment" not found

==== EOF on 27/04/2015 at 12:06:32,79 ======================

[caedurodrigues 19]

Boa tarde Rurick,

• Baixe:<> <(...by Farbar)>

• Ou aqui:<Farbar Recovery Scan Tool 64-bits>

• Salve-a na Área de trabalho !

• Execute a ferramenta ! Clique "Yes" >> "Scan".

• Verifique se as caixinhas em "Whitelist" estão assinaladas.

• Em "Optional Scan",deixe marcada a checkbox "Addition.txt".

• Será gerado o relatório! (FRST.txt)

• Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.

• Acesse: <>

• Ou acesse:<>

• Maiores informações:<Link> << Hospedagem !

ATENÇÃO: para o correto funcionamento da ferramenta, ela tem de estar diretamente na área de trabalho, não pode ficar em uma pasta.

[Rurick Lodder 0]

boa tarde,

 

segue relatórios

 

FRST

http://wikisend.com/download/447200/FRST.txt

 

Addition

http://wikisend.com/download/587326/Addition.txt

[caedurodrigues 19]

Bom dia Rurick,

• Copie estas informações que estão em vermelho,para o Bloco de Notas.

• Salve-a com o nome fixlist.txt

• Salve-a no mesmo local em que se encontra a FRST

start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]

GroupPolicyUsers\S-1-5-21-3432371790-2485287615-4210118418-1004\User: Group Policy restriction detected <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3432371790-2485287615-4210118418-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2014-07-17]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-07-17]

S2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [X]

U3 asyxvdev; C:\Windows\System32\Drivers\asyxvdev.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

C:\Windows\Tasks\EUBB.job => C:\Users\Zýÿ\AppData\Roaming\EUBB.exe <==== ATTENTION

C:\Windows\Tasks\VRMB.job => C:\Users\Zýÿ\AppData\Roaming\VRMB.exe <==== ATTENTION

HOSTS:

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

emptytemp:

end

• Execute FRST/FRST64 >> Clique "Fix". << Aguarde!

• Poste o relatório! (Fixlog.txt)

Um grande abraço.

Informe como está o PC.

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

[Rurick Lodder 0]

boa tarde

 

o computador esta melhor inclusive oum probleminha q estava tendo com o chrome foi resolvido nesse meio tempo

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01

Ran by Zé at 2015-04-28 14:03:45 Run:1

Running from C:\Users\Zé\Desktop

Loaded Profiles: Zé (Available profiles: Felipe & Tereza & Zé)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]

GroupPolicyUsers\S-1-5-21-3432371790-2485287615-4210118418-1004\User: Group Policy restriction detected <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3432371790-2485287615-4210118418-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2014-07-17]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-07-17]

S2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [X]

U3 asyxvdev; C:\Windows\System32\Drivers\asyxvdev.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

C:\Windows\Tasks\EUBB.job => C:\Users\Zýÿ\AppData\Roaming\EUBB.exe <==== ATTENTION

C:\Windows\Tasks\VRMB.job => C:\Users\Zýÿ\AppData\Roaming\VRMB.exe <==== ATTENTION

HOSTS:

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

emptytemp:

end

*****************

Processes closed successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3432371790-2485287615-4210118418-1004\User => Moved successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKU\S-1-5-21-3432371790-2485287615-4210118418-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.

HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.

C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml => Moved successfully.

C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml => Moved successfully.

Warsaw Technology => Service deleted successfully.

asyxvdev => Service not found.

VGPU => Service deleted successfully.

"C:\Windows\Tasks\EUBB.job => C:\Users\Zýÿ\AppData\Roaming\EUBB.exe <==== ATTENTION" => File/Directory not found.

"C:\Windows\Tasks\VRMB.job => C:\Users\Zýÿ\AppData\Roaming\VRMB.exe <==== ATTENTION" => File/Directory not found.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{8AAF0BFE-E237-44E7-B92F-5153E8140D26} canceled.

1 out of 1 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Configura��o de IP do Windows

Libera��o do Cache do DNS Resolver bem-sucedida.

========= End of CMD: =========

EmptyTemp: => Removed 411.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog 14:04:30 ====

[caedurodrigues 19]

Boa noite Rurick,

vamos fazer um check em certos serviços, atualizações e programas de segurança.

• Baixe: <> (by screen317)

• Salve-a na Dektop (Área de Trabalho)

• Dê um duplo clique para executar o SecurityCheck !

• Na janela que abrirá pressione qualquer tecla para continuar. Aguarde enquanto a ferramenta faz o exame.

• Ao término, abrirá um log, o checkup.txt.

• Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

Um grande abraço. :thumbsup:

[Rurick Lodder 0]

boa noite segue o log

 

Results of screen317's Security Check version 1.00

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Java 8 Update 31

Java version 32-bit out of Date!

Adobe Flash Player 17.0.0.169

Adobe Reader XI

Mozilla Firefox (37.0.2)

Google Chrome (42.0.2311.135)

Google Chrome (42.0.2311.90)

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: =

````````````````````End of Log``````````````````````

[caedurodrigues 19]

Boa noite Rurick,

 

Ainda há algum problema com o PC ? Caso não, siga os passos abaixo para encerrar o tópico.

Agora vamos remover as ferramentas utilizadas na desinfecção.

 

• Baixe: <> (...par Xplode)

• Salve-a na sua área de trabalho.

• Dê dois cliques no delfix.exe para executá-lo.

• Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo delfix.exe,depois clique em:

• Marque as caixinhas, de acordo com a imagem.

• Clique no botão Executar.

• Reinicie o computador!

• Tudo OK ?

Um grande abraço.

[Rurick Lodder 0]

segue o ultimo log

 

# DelFix v1.010 - Logfile created 30/04/2015 at 18:09:05

# Updated 26/04/2015 by Xplode

# Username : Zé - FELIPE-PC

# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST

Deleted : C:\zoek_backup

Deleted : C:\AdwCleaner

Deleted : C:\RegBackup

Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

Deleted : C:\Program Files (x86)\ZHPDiag

Deleted : C:\PhysicalDisk0_MBR.bin

Deleted : C:\zoek-results.log

Deleted : C:\Users\Zé\Desktop\Addition.txt

Deleted : C:\Users\Zé\Desktop\Fixlog.txt

Deleted : C:\Users\Zé\Desktop\FRST.txt

Deleted : C:\Users\Zé\Desktop\FRST64.exe

Deleted : C:\Users\Zé\Desktop\JRT.txt

Deleted : C:\Users\Zé\Desktop\HiJackThis.lnk

Deleted : C:\Users\Zé\Desktop\SecurityCheck.exe

Deleted : C:\Users\Zé\Desktop\ZHPDiag.lnk

Deleted : C:\Users\Zé\Desktop\ZHPDiag.txt

Deleted : C:\Users\Zé\Desktop\ZHPFix.lnk

Deleted : C:\Users\Zé\Desktop\ZHPFixReport.txt

Deleted : C:\Users\Zé\Desktop\zoek.exe

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #201 [Windows Update | 04/04/2015 02:37:33]

Deleted : RP #202 [Windows Update | 04/08/2015 14:25:34]

Deleted : RP #203 [Windows Update | 04/14/2015 14:00:35]

Deleted : RP #204 [Windows Update | 04/18/2015 17:58:05]

Deleted : RP #205 [Windows Update | 04/20/2015 03:17:09]

Deleted : RP #206 [installed HiJackThis | 04/22/2015 04:29:01]

Deleted : RP #207 [Removed HiJackThis | 04/22/2015 04:39:27]

Deleted : RP #208 [installed HiJackThis | 04/22/2015 04:41:14]

Deleted : RP #209 [Windows Update | 04/24/2015 16:08:04]

Deleted : RP #210 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 | 04/24/2015 16:21:47]

Deleted : RP #211 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 | 04/24/2015 16:22:26]

Deleted : RP #212 [ZHPFix Restore System Point | 04/26/2015 22:49:44]

Deleted : RP #213 [zoek.exe restore point | 04/27/2015 14:38:23]

Deleted : RP #214 [Windows Update | 04/28/2015 14:51:52]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

a maquina já esta normal, não esta apresentando nenhuma mensagem de erro mais.

 

obrigado pela ajuda.

[caedurodrigues 19]

Boa noite Rurick, para finalizar.

 

• Cartilha de Segurança > << Link!

• Leia as várias dicas que estão contidas na Cartilha de Segurança e fique livre de infecções!

• Instale a extensão Adblock, para se ver livre das propagandas:

>> Para Google Chrome clique aqui

>> Para Firefox clique aqui

>> Para Internet Explorer: 32 bits clique aqui 64 bits clique aqui

• Previna-se da instalação de PUPs com o Unchecky. << Link!

• Atualize o Java. Versões antigas têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema.

• Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares.

Um grande abraço. :joia:

[Rurick Lodder 0]

boa tarde,

 

obrigado pelas dicas e obrigado pela ajuda.

[caedurodrigues 19]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.