Bom Dia! Junior Carlos Henrique

|- Desinstale: C:\Program Files\iSafe

-/-

|- Abra o HijackThis.
|- Clique "Do a system scan only".

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: CrossriderApp0033036 - {11111111-1111-1111-1111-110311301136} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - (no file)
O2 - BHO: Search-Results Toolbar - {503e067f-2914-4edd-8432-2d6c52635e23} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {93488930-185C-4CED-AFEB-0FD4930F8423} - (no file)
O2 - BHO: (no name) - {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} - (no file)
O2 - BHO: (no name) - {a6c63b7f-2171-47fa-ab34-e64c4737169d} - (no file)
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - (no file)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: (no name) - {FF103732-4528-4322-AA8B-F7849AB7776B} - (no file)
O3 - Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - (no file)
O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {503e067f-2914-4edd-8432-2d6c52635e23} - (no file)
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~2.EXE
O4 - HKCU\..\Run: [badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
O4 - HKCU\..\Run: [txavnyeipd] wscript.exe //B "C:\Users\JUNIOR~1\AppData\Local\Temp\txavnyeipd.vbs"

|- Marque estas entradas que estão assinaladas em vermelho.
|- Após marcá-las clique "Fix Checked" >> Sim!
|- Reinicie o computador!

-/-

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Logo2_zps580bcd78.jpg&key=71530441ef1621c6398a69f0f5fae6f7f5c87897579baf8487ec306c4e109626" alt="AdwCleaner_Logo2_zps580bcd78.jpg" /> > ( ... par Xplode )

|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tlcharger.jpg&key=2319bbcd35144166c25768473f26c7f193a7ab5036b9479bd1465d8257d6f6b2" alt="AdwCleaner_Tlcharger.jpg" /> >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "http://general-changelog-team.fr/fr/accueil/58-multilangue/securite/214-fausse-alerte-du-filtre-smartscreen-sur-le-telechargement-d-adwcleaner'>SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/advz4z8Y.jpg&key=d014b7c10974863cb53eb98c621165d7bed35f01f9fe6800257605fc7dc58eba" alt="advz4z8Y.jpg" />

|- Ps: Dê início à ferramenta,clicando em "Scan".
|- Clique "Clean",caso fique disponível,para cada guia acessada em "Results".

|- Clique nas setinhas laterais,para ter acesso às guias "Firefox" ou "Chrome". < /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/adegUsFH.jpg&key=ef53dc375b32e51edfe8be3fb665ac1d1d329ed87e36faabbee8595cb37320b8" alt="adegUsFH.jpg" /> >
|- Ao concluir,clique "Report".

< C:\AdwCleaner\AdwCleaner[s0].txt > ou < C:\AdwCleaner\AdwCleaner[s1].txt > ;S2, S3;...

|- Poste todos os relatórios que estarão em C:\AdwCleaner <<

At+

AdwCleaner v3.004 - Relatório criado 21/09/2013 no 12:15:27

Atualizado 15/09/2013 por Xplode

Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)

Usuário : junior e vanessa - JUNIOREVANESSA

Executando de : C:\Users\junior e vanessa\Desktop\adwcleaner.exe

Opção : Examinar

*** [ Serviços ] ***

Serviço Encontrado : DatamngrCoordinator

*** [ Arquivos / Pastas ] ***

Arquivo Encontrado : C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\.autoreg
Arquivo Encontrado : C:\Users\junior e vanessa\AppData\Roaming\speedanalysis.ico
Arquivo Encontrado : C:\Users\junior e vanessa\Desktop\SpeedAnalysis.lnk
Arquivo Encontrado : C:\windows\System32\Tasks\Dealply
Arquivo Encontrado : C:\windows\System32\Tasks\DealPlyUpdate
Arquivo Encontrado : C:\windows\System32\Tasks\Plus-HD-2.2-chromeinstaller
Arquivo Encontrado : C:\windows\System32\Tasks\Plus-HD-2.2-codedownloader
Arquivo Encontrado : C:\windows\System32\Tasks\Plus-HD-2.2-enabler
Arquivo Encontrado : C:\windows\System32\Tasks\Plus-HD-2.2-firefoxinstaller
Arquivo Encontrado : C:\windows\System32\Tasks\Plus-HD-2.2-updater
Arquivo Encontrado : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar
Arquivo Encontrado : C:\windows\Tasks\Dealply.job
Arquivo Encontrado : C:\windows\Tasks\Plus-HD-2.2-chromeinstaller.job
Arquivo Encontrado : C:\windows\Tasks\Plus-HD-2.2-codedownloader.job
Arquivo Encontrado : C:\windows\Tasks\Plus-HD-2.2-enabler.job
Arquivo Encontrado : C:\windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
Arquivo Encontrado : C:\windows\Tasks\Plus-HD-2.2-updater.job
Pasta Encontrado : C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi
Pasta Encontrado : C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Pasta Encontrado : C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\{42e0ced7-806f-4983-af54-92bdeefee519}
Pasta Encontrado : C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\{503E067F-2914-4EDD-8432-2D6C52635E23}
Pasta Encontrado : C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
Pasta Encontrado : C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\toolbar@ask.com
Pasta Encontrado C:\Program Files\Ask.com
Pasta Encontrado C:\Program Files\Common Files\337
Pasta Encontrado C:\Program Files\DealPly
Pasta Encontrado C:\Program Files\Desk 365
Pasta Encontrado C:\Program Files\Plus-HD-2.2
Pasta Encontrado C:\Program Files\Search Results Toolbar
Pasta Encontrado C:\Program Files\SeeSimilar02
Pasta Encontrado C:\Program Files\TornTV.com
Pasta Encontrado C:\ProgramData\Ask
Pasta Encontrado C:\ProgramData\IBUpdaterService
Pasta Encontrado C:\Users\junior e vanessa\AppData\Local\apn
Pasta Encontrado C:\Users\junior e vanessa\AppData\Local\PackageAware
Pasta Encontrado C:\Users\junior e vanessa\AppData\LocalLow\AskToolbar
Pasta Encontrado C:\Users\junior e vanessa\AppData\Roaming\7go
Pasta Encontrado C:\Users\junior e vanessa\AppData\Roaming\DealPly
Pasta Encontrado C:\Users\junior e vanessa\AppData\Roaming\Desk 365
Pasta Encontrado C:\Users\junior e vanessa\AppData\Roaming\file scout
Pasta Encontrado C:\Users\junior e vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Encontrado C:\Users\junior e vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Pasta Encontrado C:\Users\junior e vanessa\AppData\Roaming\SeeSimilar02

*** [ Atalhos ] ***

Atalho Encontrado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&utm_campaign=eXQ&utm_content=sc&from=ild&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX71A81H0903H0903&ts=1378689249 )
Atalho Encontrado : C:\Users\junior e vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&utm_campaign=eXQ&utm_content=sc&from=ild&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX71A81H0903H0903&ts=1378689249 )

*** [ Registro ] ***

Chave Encontrada : HKCU\Software\1ClickDownload
Chave Encontrada : HKCU\Software\APN
Chave Encontrada : HKCU\Software\APN DTX
Chave Encontrada : HKCU\Software\AppDataLow\Software\AskToolbar
Chave Encontrada : HKCU\Software\AppDataLow\Software\Crossrider
Chave Encontrada : HKCU\Software\AppDataLow\Software\Plus-HD-2.2
Chave Encontrada : HKCU\Software\Ask.com
Chave Encontrada : HKCU\Software\DealPly
Chave Encontrada : HKCU\Software\filescout
Chave Encontrada : HKCU\Software\Google\Chrome\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla
Chave Encontrada : HKCU\Software\Imesh
Chave Encontrada : HKCU\Software\imeshtoolbar
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\InstalledBrowserExtensions
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{503E067F-2914-4EDD-8432-2D6C52635E23}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Encontrada : HKLM\Software\APN
Chave Encontrada : HKLM\Software\AskToolbar
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
Chave Encontrada : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO
Chave Encontrada : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO.1
Chave Encontrada : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox
Chave Encontrada : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox.1
Chave Encontrada : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Chave Encontrada : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344304436}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
Chave Encontrada : HKLM\Software\DataMngr
Chave Encontrada : HKLM\Software\DealPly
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi
Chave Encontrada : HKLM\Software\iMeshSRTB
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503E067F-2914-4EDD-8432-2D6C52635E23}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Dealply
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\DealPlyUpdate
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-chromeinstaller
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-codedownloader
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-enabler
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-firefoxinstaller
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-updater
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Scheduled Update for Ask Toolbar
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Dealply
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\DealPlyUpdate
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-chromeinstaller
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-codedownloader
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-enabler
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-firefoxinstaller
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-updater
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Scheduled Update for Ask Toolbar
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-chromeinstaller
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-codedownloader
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-enabler
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-firefoxinstaller
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-updater

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

*** [ Navegadores ] ***

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v23.0.1 (pt-BR)

[ Arquivo : C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\prefs.js ]

Linha encontrada : user_pref("browser.search.defaultengine", "Ask.com");
Linha encontrada : user_pref("extensions.asktb.ff-original-keyword-url", "");
Linha encontrada : user_pref("extensions.crossrider.bic", "1410375d7464e4044ae1774d7453ba0c");
Linha encontrada : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=1158&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=8110203486274026&o=APN10653&q=");

-\\ Google Chrome v29.0.1547.66

[ Arquivo : C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [15361 octets] - [21/09/2013 12:15:27]

AdwCleaner v3.004 - Relatório criado 21/09/2013 no 12:18:49

Atualizado 15/09/2013 por Xplode

Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)

Usuário : junior e vanessa - JUNIOREVANESSA

Executando de : C:\Users\junior e vanessa\Desktop\adwcleaner.exe

Opção : Limpar

*** [ Serviços ] ***

Serviço Deletado : DatamngrCoordinator

*** [ Arquivos / Pastas ] ***

Pasta Deletado : C:\ProgramData\Ask
Pasta Deletado : C:\ProgramData\IBUpdaterService
Pasta Deletado : C:\Program Files\Ask.com
Pasta Deletado : C:\Program Files\DealPly
Pasta Deletado : C:\Program Files\Desk 365
Pasta Deletado : C:\Program Files\Plus-HD-2.2
Pasta Deletado : C:\Program Files\Search Results Toolbar
Pasta Deletado : C:\Program Files\SeeSimilar02
Pasta Deletado : C:\Program Files\TornTV.com
Pasta Deletado : C:\Program Files\Common Files\337
Pasta Deletado : C:\Users\junior e vanessa\AppData\Local\apn
Pasta Deletado : C:\Users\junior e vanessa\AppData\Local\PackageAware
Pasta Deletado : C:\Users\junior e vanessa\AppData\LocalLow\AskToolbar
Pasta Deletado : C:\Users\junior e vanessa\AppData\Roaming\7go
Pasta Deletado : C:\Users\junior e vanessa\AppData\Roaming\DealPly
Pasta Deletado : C:\Users\junior e vanessa\AppData\Roaming\Desk 365
Pasta Deletado : C:\Users\junior e vanessa\AppData\Roaming\file scout
Pasta Deletado : C:\Users\junior e vanessa\AppData\Roaming\SeeSimilar02
Pasta Deletado : C:\Users\junior e vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Deletado : C:\Users\junior e vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Pasta Deletado : C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\{42e0ced7-806f-4983-af54-92bdeefee519}
Pasta Deletado : C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\{503E067F-2914-4EDD-8432-2D6C52635E23}
Pasta Deletado : C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
Pasta Deletado : C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\toolbar@ask.com
Pasta Deletado : C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi
Pasta Deletado : C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Arquivo Deletado : C:\Users\junior e vanessa\AppData\Roaming\speedanalysis.ico
Arquivo Deletado : C:\Users\junior e vanessa\Desktop\SpeedAnalysis.lnk
Arquivo Deletado : C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\.autoreg
Arquivo Deletado : C:\windows\Tasks\Dealply.job
Arquivo Deletado : C:\windows\System32\Tasks\Dealply
Arquivo Deletado : C:\windows\System32\Tasks\DealPlyUpdate
Arquivo Deletado : C:\windows\Tasks\Plus-HD-2.2-chromeinstaller.job
Arquivo Deletado : C:\windows\System32\Tasks\Plus-HD-2.2-chromeinstaller
Arquivo Deletado : C:\windows\Tasks\Plus-HD-2.2-codedownloader.job
Arquivo Deletado : C:\windows\System32\Tasks\Plus-HD-2.2-codedownloader
Arquivo Deletado : C:\windows\Tasks\Plus-HD-2.2-enabler.job
Arquivo Deletado : C:\windows\System32\Tasks\Plus-HD-2.2-enabler
Arquivo Deletado : C:\windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
Arquivo Deletado : C:\windows\System32\Tasks\Plus-HD-2.2-firefoxinstaller
Arquivo Deletado : C:\windows\Tasks\Plus-HD-2.2-updater.job
Arquivo Deletado : C:\windows\System32\Tasks\Plus-HD-2.2-updater
Arquivo Deletado : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar

*** [ Atalhos ] ***

Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\junior e vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

*** [ Registro ] ***

Chave Deleteda : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Chave Deleteda : HKLM\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi
Chave Deleteda : HKCU\Software\Google\Chrome\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77F9D9DB-9E09-45EC-9457-F8C7449361D0}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77F9D9DB-9E09-45EC-9457-F8C7449361D0}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7310C4C1-2B81-414B-83A9-777416AEDF86}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7310C4C1-2B81-414B-83A9-777416AEDF86}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-chromeinstaller
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69EAD3BC-7A82-4AEC-99CF-B5F5D6634EE5}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69EAD3BC-7A82-4AEC-99CF-B5F5D6634EE5}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-codedownloader
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4B68B83-1850-4D8A-8A45-116A115BD288}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D4B68B83-1850-4D8A-8A45-116A115BD288}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-enabler
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF71C6E0-1660-4218-8777-29F2EA7BF275}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF71C6E0-1660-4218-8777-29F2EA7BF275}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-firefoxinstaller
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E17BDC-4F75-4B82-B980-6E565F023148}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3E17BDC-4F75-4B82-B980-6E565F023148}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-updater
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70AE0B70-C9DC-499F-81C2-206D9634322C}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{70AE0B70-C9DC-499F-81C2-206D9634322C}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75EF67F9-5AB1-4F72-BFA0-D1F566445EC1}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75EF67F9-5AB1-4F72-BFA0-D1F566445EC1}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Chave Deleteda : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Chave Deleteda : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Valor Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Valor Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Chave Deleteda : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO
Chave Deleteda : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO.1
Chave Deleteda : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox
Chave Deleteda : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox.1
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344304436}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{503E067F-2914-4EDD-8432-2D6C52635E23}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93488930-185C-4CED-AFEB-0FD4930F8423}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6C63B7F-2171-47FA-AB34-E64C4737169D}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{503E067F-2914-4EDD-8432-2D6C52635E23}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503E067F-2914-4EDD-8432-2D6C52635E23}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Valor Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{503E067F-2914-4EDD-8432-2D6C52635E23}]
Valor Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Chave Deleteda : HKCU\Software\1ClickDownload
Chave Deleteda : HKCU\Software\APN DTX
Chave Deleteda : HKCU\Software\APN
Chave Deleteda : HKCU\Software\Ask.com
Chave Deleteda : HKCU\Software\DealPly
Chave Deleteda : HKCU\Software\filescout
Chave Deleteda : HKCU\Software\Imesh
Chave Deleteda : HKCU\Software\imeshtoolbar
Chave Deleteda : HKCU\Software\InstallCore
Chave Deleteda : HKCU\Software\InstalledBrowserExtensions
Chave Deleteda : HKCU\Software\AppDataLow\Software\AskToolbar
Chave Deleteda : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deleteda : HKCU\Software\AppDataLow\Software\Plus-HD-2.2
Chave Deleteda : HKLM\Software\APN
Chave Deleteda : HKLM\Software\AskToolbar
Chave Deleteda : HKLM\Software\DataMngr
Chave Deleteda : HKLM\Software\DealPly
Chave Deleteda : HKLM\Software\iMeshSRTB
Chave Deleteda : HKLM\Software\Plus-HD-2.2
Chave Deleteda : HKLM\Software\qvo6Software
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\imeshtoolbar
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SeeSimilar02
Produto Deletado : Bing Bar
Produto Deletado : Ask Toolbar

*** [ Navegadores ] ***

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v23.0.1 (pt-BR)

[ Arquivo : C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\prefs.js ]

Linha deletada : user_pref("extensions.crossrider.bic", "1410375d7464e4044ae1774d7453ba0c");
Linha deletada : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=1158&systemid=1&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=8110203486274026&o=APN10653&q=");

-\\ Google Chrome v29.0.1547.66

[ Arquivo : C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [15503 octets] - [21/09/2013 12:15:27]
AdwCleaner[s0].txt - [14920 octets] - [21/09/2013 12:18:49]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14981 octets] ##########

ERREI.... VOU MANDAR DENOVO

Aguardo resposta... obrigado

Boa Noite! Junior Carlos Henrique

|- Baixe: < ZHPDiag2.exe > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" /> > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Execute o ícone do pergaminho. ( ZHPDiag )

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abynh7jv.jpg&key=ee7d09348473b69422ef5ab11ff0d2d086965ec987da7749e85df564d187958c" alt="abynh7jv.jpg" />

|- Clique: "CONFIGURE"

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_Options2_zps5a090bf7.jpg&key=269ede7850f894bdb202345a802babedd4bd051961394ac9c4b64b6e0cabe0fb" alt="ZHPDiag_Options2_zps5a090bf7.jpg" />

|- Clique: "Options" >> "All" >> OK

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_FullAnalysis_zps60157826.jpg&key=9a3e7b46c42cf532cd8868e36df357452e71710372d1c3194e82d5d315a29c4e" alt="ZHPDiag_FullAnalysis_zps60157826.jpg" />

|- Clique: "CONFIGURE" >> "Full Analysis"
|- Aguarde a conclusão!
|- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada.
|- Volte a janela principal da ferramenta.

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/adcYraWj.jpg&key=b2552a4f5897e0c5956bacf7e42705af1284fe6525a19929f57781f15169a5f3" alt="adcYraWj.jpg" />

|- Clique "SEARCH" e aguarde a conclusão!
|- Ou clique "Options" >> "None".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_AdditionalScan_zps21f11520.jpg&key=bcab741827ec6a811f27dcac4f05e08cbb599ed6a4dae592add724dd43cc9ca5" alt="ZHPDiag_AdditionalScan_zps21f11520.jpg" />

|- Marque,apenas,a opção "Additional Scan (O88)".

~ Unselected Option:

O1,039,O40,O41,O42,O43,O44,O45,O46,O47,
O48,O49,O50,O51,O52,O53,O54,O55,O56,O57,
O58,O59,O60,O61,O62,O63,O64,O65,O66,O67,
O68,O69,O80,O81,O82,O83,O84,O85,O86,O87,
O89,O90,O91,O92
####

|- Desta forma,estas opções serão desabilitadas!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i39.servimg.com/u/f39/11/05/93/83/zhpdia11.png&key=cd2bcbee7ecda71a202f64af97b2896faaf1bddc4af00b80af5b456d12007af6" alt="zhpdia11.png" />

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >

|- Maiores informações: < |Link| >

A+

~ Relatório do ZHPDiag v2013.9.22.410 - Nicolas Coolman (22/09/2013)

~ Iniciado por junior e vanessa (22/09/2013 14:25:16)

~ Endereço do Website : http://nicolascoolman.webs.com

~ Tradução pelo utilizador

~ Estatuto da versão :

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet

MSIE: Internet Explorer v10.0.9200.16686 (Defaut)

MFIE: Mozilla Firefox 23.0.1

GCIE: Google Chrome v29.0.1547.76

---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema

avast! Free Antivirus v8.0.1497.0

Trend Micro Titanium v3.00

Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.5 MUI

Java 7 Update 40

---\\ Informações sobre o sistema

~ Processor: x86 Family 20 Model 2 Stepping 0, AuthenticAMD

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 1645 MB (27% free)

System Restore: Activé (Enable)

System drive C: has 78 GB (48%) free of 160 GB

---\\ Modo de conexão ao sistema

~ Computer Name: JUNIOREVANESSA

~ User Name: junior e vanessa

~ All Users Names: junior e vanessa, Convidado, Administrador,

~ Unselected Option: 045,061,O62,065,066,080,O82,089

Logged in as Administrator

---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppData% : C:\Users\junior e vanessa\AppData\Roaming\

~ %Desktop% : C:\Users\junior e vanessa\Desktop\

~ %Favorites% : C:\Users\junior e vanessa\Favorites\

~ %LocalAppData% : C:\Users\junior e vanessa\AppData\Local\

~ %StartMenu% : C:\Users\junior e vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 78 Go of 160 Go)

D: Hard drive, Flash drive, Thumb drive (Free 108 Go of 108 Go)

---\\ Estado do Centro de Segurança do Windows

~ Security Center: 34 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos

[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 01:30:54.) -- C:\Windows\Explorer.exe [2616320]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 21:14:45.) -- C:\Windows\System32\Wininit.exe [96256]

[MD5.535F6263035F2530A62D5D64EF6E73D3] - (.Microsoft Corporation - Internet Extensions para Win32.) (.09/08/2013 - 23:59:10.) -- C:\Windows\System32\wininet.dll [1767936]

[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 02:17:56.) -- C:\Windows\System32\Winlogon.exe [286720]

[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 02:21:26.) -- C:\Windows\System32\sppcomapi.dll [193536]

[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 22:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]

[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]

[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/11/2010 - 22:38:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]

[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.19/11/2010 - 22:42:34.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]

[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.19/11/2010 - 23:59:30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]

[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]

[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 19:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]

[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 22:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]

[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.19/11/2010 - 22:39:46.) -- C:\Windows\system32\Drivers\netBT.sys [187904]

[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 09:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]

[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 19:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]

[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 19:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]

[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 19:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]

[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.19/11/2010 - 22:39:18.) -- C:\Windows\system32\Drivers\tdx.sys [74752]

[MD5.C37AEE5966EB5929E2051AC7409B5730] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.25/02/2011 - 01:40:54.) -- C:\Windows\system32\Drivers\volsnap.sys [246144]

~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes images (My Pictures) : 1/2754

~ Mes Videos (My Videos) : 1/2

~ Mes Favoris (My Favorites) : 1/14

~ Mes Documents (My Documents) : 1/280

~ Mon Bureau (My Desktop) : 1/9972

~ Menu demarrer (Programs) : 1/41

~ Hidden Files: Scanned in 00mn 19s

---\\ Processos lançados

[MD5.C861851A0BBD9903E324487011AA3705] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [299008] [PID.4520]

[MD5.D469FDE5861978C5D43C1B3EC839928B] - (.ASUSTek Computer Inc. - Eee Docking Application.) -- C:\Program Files\Asus\Eee Docking\Eee Docking.exe [419504] [PID.4636]

[MD5.9B75779D13E89CC9F8136206F7F6B51B] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920] [PID.4900]

[MD5.17FB282D98CEE3BECF0AF923A7D7ABD6] - (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe [548744] [PID.5000]

[MD5.D28C5A1411BB0B47E05E0D6AAF896690] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [299008] [PID.5028]

[MD5.1D9B1E9977585CADAEC708A170159D95] - (...) -- C:\ExpressGateUtil\VAWinAgent.exe [45448] [PID.5096]

[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.5344]

[MD5.5376B1AD02DFDB56C46E19E6E9A6DEB9] - (.Copyright 2013 SAMSUNG - Samsung Link Tray Agent.) -- C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [567368] [PID.5432]

[MD5.47F0537DF3B3B86DE297D9D01423C0BF] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\junior e vanessa\AppData\Roaming\uTorrent\uTorrent.exe [1014616] [PID.5492] =>P2P.BitTorrent

[MD5.F109AA109D34F00FA9FD8830DC8891D9] - (.ELAN Microelectronic Corp. - ETD Control Center Helper.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe [1599880] [PID.6032]

[MD5.DF1BBA1168C0AD1D080A1F1B99576A76] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [829392] [PID.4508]

[MD5.37287D98A1BF5D56AA729CEB9B27C6B1] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [770648] [PID.5108]

[MD5.63DCE64797C64FB6110727B993440EA5] - (.Nicolas Coolman - ZHPDiag.) -- C:\ZHPDiag\ZHPDiag.exe [8000512] [PID.4468]

~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Preferences

G1 - GCS: Preference [user Data\Default] http://www.google.com

G0 - GCSP: Preference [user Data\Default][HomePage] about:blank

G2 - GCE: Preference [user Data\Default] [ocdfcabeedcfbaoabffcbecdjdnepgcl] Manheim Media Player (Windows) v.2.0.0.6 (Activé)

~ Google Browser: 10 Legitimates Filtered in 03mn 15s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)

C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\prefs.js

M0 - MFSP: prefs.js [junior e vanessa - jirwyqjf.default] about:blank

M2 - MFEP: prefs.js [junior e vanessa - jirwyqjf.default\{C2C2A16E-2E64-478A-992C-82E136577FCD}] [] New Tab v5.0.0.7281 (..)

P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\junior e vanessa\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll

~ Firefox Browser: 19 Legitimates Filtered in 00mn 01s

---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 1

---\\ Browser Helper Objects do navegador (02)

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll

~ BHO: 20 Legitimates Filtered in 00mn 01s

---\\ Barras do Internet Explorer (03))

O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Chave orfã

~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)

O4 - GS\Desktop [Public]: ASUS Vibe Fun Center.lnk . (.ASUSTeK Computer Inc. - AsusVibe Application.) -- C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe

O4 - GS\Desktop [Public]: ASUS WebStorage.lnk . (.ecareme - AsusWebStorage.) -- C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe

O4 - GS\Desktop [Public]: E-Manual.lnk . (...) -- C:\Program Files\Asus\E-Manual\E-Manual.pdf

O4 - GS\Desktop [Public]: OS Switch.lnk . (.TODO: <Company name> - TODO: <File description>.) -- C:\ExpressGateUtil\OS Switch.exe

O4 - GS\QuickLaunch [junior e vanessa]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\junior e vanessa\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O4 - GS\SendTo [junior e vanessa]: Transferência de Arquivo Bluetooth.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe

O4 - GS\Desktop [junior e vanessa]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\junior e vanessa\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Global Startup: 81 Legitimates Filtered in 00mn 08s

---\\ Aplicações iniciadas por registo & pastas (04)

O4 - GS\Startup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. - AsusVibe Application.) -- C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe

O4 - HKLM\..\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc

O4 - HKLM\..\Run: [HotkeyMon] . (.ASUSTeK Computer Inc. - AsEPCMon.) -- C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe

O4 - HKLM\..\Run: [HotkeyService] . (.ASUSTeK Computer Inc. - Asus Hotkey Service.) -- C:\Program Files\ASUS\HotkeyService\HotkeyService.exe

O4 - HKLM\..\Run: [superHybridEngine] . (.ASUSTeK Computer Inc. - Eee Super Hybrid Engine.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe

O4 - HKLM\..\Run: [LiveUpdate] . (.AsusTek Computer Inc. - Asus EeePC LiveUpdate for Bios, Driver, Sof.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [CapsHook] . (.ASUS - CapsAndNumKeyNotify.) -- C:\Program Files\ASUS\CapsHook\CapsHook.exe

O4 - HKLM\..\Run: [Eee Docking] . (.ASUSTek Computer Inc. - Eee Docking Application.) -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

O4 - HKLM\..\Run: [VizorHtmlDialog.exe] . (.Trend Micro Inc. - Trend Titanium.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe

O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe

O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - VizorShortCut Dynamic Link Library.) -- C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe

O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [ETDWare] . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe

O4 - HKLM\..\Run: [VAWinAgent] . (...) -- C:\ExpressGateUtil\VAWinAgent.exe

O4 - HKLM\..\Run: [ASUSPRP] . (.ASUSTek Computer Inc. - ASUS Product Register Program.) -- C:\Program Files\ASUS\APRP\APRP.exe

O4 - HKLM\..\Run: [ASUSWebStorage] . (.ecareme - AsusWebStorage.) -- C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe

O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe

O4 - HKLM\..\Run: [samsung Link] . (.Copyright 2013 SAMSUNG - Samsung Link Tray Agent.) -- C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation

O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd

O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\junior e vanessa\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

O4 - HKUS\S-1-5-21-2808060103-772981474-2940148740-1001\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd

O4 - HKUS\S-1-5-21-2808060103-772981474-2940148740-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\junior e vanessa\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Application: Scanned in 00mn 01s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)

O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br

~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{7C99FE9F-C2E5-4698-9ACA-5A41E28F573A}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{7C99FE9F-C2E5-4698-9ACA-5A41E28F573A}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{7C99FE9F-C2E5-4698-9ACA-5A41E28F573A}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)

O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll

~ Winlogon: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - AppInit_DLLs: . (...) - C:\ProgramData\Wincert\win32cert.dll

~ AppInit DLL: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: Asus Launcher Service (AsusService) . (...) - C:\windows\system32\AsusService.exe

O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe

O23 - Service: VideAceWindowsService (VideAceWindowsService) . (...) - C:\ExpressGateUtil\VAWinService.exe

~ Services: 11 Legitimates Filtered in 01mn 02s

---\\ Tarefas planificadas automaticamente (039)

[MD5.00000000000000000000000000000000] [APT] [{14AFCB6A-B32B-49D6-A92C-FA405EA8DB31}] (...) -- C:\Program Files\Torntv 2\Uninstall.exe (.not file.) [0] =>Hijacker.TornTV

~ Scheduled Task: 9 Legitimates Filtered in 00mn 22s

---\\ Software instalados (042)

O42 - Logiciel: E-Cam - (.AzureWave.) [HKLM] -- {185AFA7A-F63E-450B-94AA-011CAC18090E}

O42 - Logiciel: Hao123.com - (...) [HKLM] -- Hao123.com

O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1

O42 - Logiciel: Speed Analysis 3 - (.SpeedAnalysis.com.) [HKLM] -- Speed Analysis 3 =>PUP.SpeedAnalysis

~ Logic: 64 Legitimates Filtered in 00mn 03s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\AutoHelpDesk]

[HKCU\Software\GbAs]

[HKLM\Software\E-Cam]

[HKLM\Software\Torntv 2] =>Hijacker.TornTV

~ Key Software: 127 Legitimates Filtered in 00mn 03s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 09/11/2011 - 09:27:38 - [18,787] ----D C:\Program Files\E-Cam

O43 - CFD: 11/09/2013 - 20:24:52 - [2,647] ----D C:\Program Files\Speed Analysis 3 =>PUP.SpeedAnalysis

O43 - CFD: 21/09/2013 - 12:18:51 - [0,031] ----D C:\ProgramData\Datamngr =>PUP.Datamngr

O43 - CFD: 09/11/2011 - 09:27:35 - [0,000] ----D C:\Users\junior e vanessa\AppData\Roaming\E-Cam

O43 - CFD: 21/09/2013 - 11:35:00 - [0,254] ----D C:\Users\junior e vanessa\AppData\Roaming\iSafe =>Trojan.Staser

O43 - CFD: 28/08/2013 - 16:06:49 - [0,121] ----D C:\Users\junior e vanessa\AppData\Roaming\SpeedAnalysis3 =>PUP.SpeedAnalysis

~ 2 Dossiers CLSID vides (CLSID Empty Folders)

~ Program Folder: 152 Legitimates Filtered in 00mn 36s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.53F31C079CC95CF5C2330F1AF35585A8] - 22/09/2013 - 14:30:32 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16160]

O44 - LFC:[MD5.53F31C079CC95CF5C2330F1AF35585A8] - 22/09/2013 - 14:30:32 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16160]

O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 21/09/2013 - 12:38:57 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]

O44 - LFC:[MD5.99AE46902CA8B193DC053CDAA72C8D2B] - 19/09/2013 - 14:47:42 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [1056272]

O44 - LFC:[MD5.C6F069867D8A9B83D1E2DAF4AE3CC543] - 19/09/2013 - 14:47:42 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [1641306]

~ Files: 75 Legitimates Filtered in 00mn 28s

---\\ Operações e funções ao arranque do Windows Explorer (046)

O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehAbn.dll

~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\junior e vanessa\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:[MD5.956C7177DBDA0F02436868AD644CCF31] - 28/06/2010 - 01:24:00 ---A- . (...) -- C:\Windows\System32\Drivers\AsIO.sys [11456]

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 17:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]

~ Drivers: 16 Legitimates Filtered in 00mn 05s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}

~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)

O64 - Services: CurCS - 01/07/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM

~ Legacy: 80 Legitimates Filtered in 00mn 04s

---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <IE.AssocFile.HTM>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 19 Legitimates Filtered in 00mn 01s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com

O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.0D3B680986310AE5540578C0E481C6A0] [sPRF][02/03/2010] (...) -- C:\ProgramData\FullRemove.exe [131984]

[MD5.0A4ECCDF6AB0D4EAF1669765BB28AED5] [sPRF][07/05/2013] (...) -- C:\Users\junior e vanessa\AppData\Roaming\unins000.dat [12535]

[MD5.45D18DC0CA53BFFAA11F992BEF63280D] [sPRF][07/05/2013] (.No owner - Setup/Uninstall.) -- C:\Users\junior e vanessa\AppData\Roaming\unins000.exe [706250]

[MD5.6A6CE9A0410A29061FCF6CAD8DE0387C] [sPRF][21/09/2013] (...) -- C:\Users\junior e vanessa\Desktop\adwcleaner.exe [1039554]

~ Files: 4 Legitimates Filtered in 00mn 01s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{7E4CDBAD-41DD-4606-BA7A-4E9EA41C0B59}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe (.not file.) =>PUP.SearchResults

O87 - FAEL: "{BFF10C08-8326-4C31-924F-4FA95ADD515B}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe (.not file.) =>PUP.SearchResults

O87 - FAEL: "TCP Query User{DE4A9BE6-B6B4-4705-9536-98C7A6D39A41}C:\program files\torntv.com\torntv downloader.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\torntv.com\torntv downloader.exe (.not file.) =>Hijacker.TornTV

O87 - FAEL: "UDP Query User{936156FD-2BCC-472B-91B7-5CD2791244A5}C:\program files\torntv.com\torntv downloader.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\torntv.com\torntv downloader.exe (.not file.) =>Hijacker.TornTV

~ Firewall: 186 Legitimates Filtered in 00mn 06s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)

[MD5.0F4E3556FD427CC00851EF5976441AFB] [WIS][10/01/2013] (.VideAce - InstantVidget.) -- C:\Windows\Installer\440ef.msi [26204672]

~ WIS: 113 Legitimates Filtered in 01mn 23s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SR - | Auto 23/08/2013 401800 | (AllShare Framework DMS) . (.Samsung.) - C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkManagerDMS.exe

SR - | Auto 20/07/2011 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe

SR - | Auto 20/07/2011 294400 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

SS - | Demand 17/09/2010 196320 | (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

SR - | Auto 02/06/2011 64128 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files\Common Files\InstantOn\InsOnSrv.exe

SR - | Auto 08/08/2011 224680 | (AsusService) . (...) - C:\windows\system32\AsusService.exe

SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

SR - | Auto 28/06/2013 409656 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe

SS - | Disabled 26/01/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 26/01/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 25/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Auto 03/09/2013 574536 | (Samsung Link Service) . (.Copyright 2013 SAMSUNG.) - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 17/09/2010 161104 | (TiMiniService) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe

SR - | Auto 25/03/2011 91464 | (VideAceWindowsService) . (...) - C:\ExpressGateUtil\VAWinService.exe

SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 01mn 32s

---\\ Scâner Aditional (088)

Database Version : 12928 - (22/09/2013)

Clés trouvées (Keys found) : 4

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 6

Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Speed Analysis 3] =>PUP.SpeedAnalysis^

[HKLM\Software\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing

[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136}] =>PUP.CrossRider

C:\Program Files\Speed Analysis 3 =>PUP.SpeedAnalysis^

C:\ProgramData\Datamngr =>PUP.Datamngr^

C:\Users\junior e vanessa\AppData\Roaming\iSafe =>Trojan.Staser^

C:\Users\junior e vanessa\AppData\Roaming\SpeedAnalysis3 =>PUP.SpeedAnalysis^

C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci =>PUP.DealPly

C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo =>PUP.CrossRider

[HKLM\Software\Torntv 2] =>Hijacker.TornTV^

~ Additionnel Scan: 191358 Items scanned in 03mn 02s

---\\ Sumário das deteções encontradas na sua estação

~ [http://nicolascoolman.webs.com/apps/blog/show/27660150-hijacker-torntv](http://nicolascoolman.webs.com/apps/blog/show/27660150-hijacker-torntv) =>Hijacker.TornTV

~ [http://nicolascoolman.webs.com/apps/blog/show/28153012-pup-speedanalysis](http://nicolascoolman.webs.com/apps/blog/show/28153012-pup-speedanalysis) =>PUP.SpeedAnalysis

~ [http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr](http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr) =>PUP.Datamngr

~ [http://nicolascoolman.webs.com/apps/blog/show/32771797-trojan-staser](http://nicolascoolman.webs.com/apps/blog/show/32771797-trojan-staser) =>Trojan.Staser

~ [http://nicolascoolman.webs.com/apps/blog/show/30319724-pup-searchresults](http://nicolascoolman.webs.com/apps/blog/show/30319724-pup-searchresults) =>PUP.SearchResults

~ [http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing](http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing) =>Toolbar.Bing

~ [http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider](http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider) =>PUP.CrossRider

~ [http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply](http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply) =>PUP.DealPly

~ MSI: 8 link(s) detected in 03mn 03s

~ 1039 Legitimates filtered by white list

Bom Dia! Junior Carlos Henrique

|- Selecione e copie estas informações,que estão em vermelho.
|- Abra a ferramenta ZHPFix >> Clique "Importação" >> OK.

script zhpfix
[MD5.00000000000000000000000000000000] [APT] [{14AFCB6A-B32B-49D6-A92C-FA405EA8DB31}] (...) -- C:\Program Files\Torntv 2\Uninstall.exe (.not file.) [0] =>Hijacker.TornTV
[MD5.45D18DC0CA53BFFAA11F992BEF63280D] [sPRF][07/05/2013] (.No owner - Setup/Uninstall.) -- C:\Users\junior e vanessa\AppData\Roaming\unins000.exe [706250]
M2 - MFEP: prefs.js [junior e vanessa - jirwyqjf.default\{C2C2A16E-2E64-478A-992C-82E136577FCD}] [] New Tab v5.0.0.7281 (..)
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Chave orfã
O4 - HKLM\..\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java™ Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2808060103-772981474-2940148740-1001\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation

O42 - Logiciel: Speed Analysis 3 - (.SpeedAnalysis.com.) [HKLM] -- Speed Analysis 3 =>PUP.SpeedAnalysis
O43 - CFD: 11/09/2013 - 20:24:52 - [2,647] ----D C:\Program Files\Speed Analysis 3 =>PUP.SpeedAnalysis
O43 - CFD: 21/09/2013 - 12:18:51 - [0,031] ----D C:\ProgramData\Datamngr =>PUP.Datamngr
O43 - CFD: 21/09/2013 - 11:35:00 - [0,254] ----D C:\Users\junior e vanessa\AppData\Roaming\iSafe =>Trojan.Staser
O43 - CFD: 28/08/2013 - 16:06:49 - [0,121] ----D C:\Users\junior e vanessa\AppData\Roaming\SpeedAnalysis3 =>PUP.SpeedAnalys
O87 - FAEL: "{7E4CDBAD-41DD-4606-BA7A-4E9EA41C0B59}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe (.not file.) =>PUP.SearchResults
O87 - FAEL: "{BFF10C08-8326-4C31-924F-4FA95ADD515B}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe (.not file.) =>PUP.SearchResults
O87 - FAEL: "TCP Query User{DE4A9BE6-B6B4-4705-9536-98C7A6D39A41}C:\program files\torntv.com\torntv downloader.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\torntv.com\torntv downloader.exe (.not file.) =>Hijacker.TornTV
O87 - FAEL: "UDP Query User{936156FD-2BCC-472B-91B7-5CD2791244A5}C:\program files\torntv.com\torntv downloader.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\torntv.com\torntv downloader.exe (.not file.) =>Hijacker.TornTV

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Speed Analysis 3] =>PUP.SpeedAnalysis^
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136}] =>PUP.CrossRider
[HKLM\Software\Torntv 2] =>Hijacker.TornTV^
[HKLM\Software\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing

C:\Program Files\Speed Analysis 3 =>PUP.SpeedAnalysis^
C:\ProgramData\Datamngr =>PUP.Datamngr^
C:\Users\junior e vanessa\AppData\Roaming\iSafe =>Trojan.Staser^
C:\Users\junior e vanessa\AppData\Roaming\SpeedAnalysis3 =>PUP.SpeedAnalysis^
C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci =>PUP.DealPly
C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo =>PUP.CrossRider

firewallraz
emptytemp
emptyflash
emptyclsid
sysrestore

|- Clique colar ou acione "ctrl+v".
|- Clique "GO".
|- Poste o relatório!

At+

Rapport de ZHPFix 2013.9.19.8 par Nicolas Coolman, Update du 19/09/2013

Fichier d'export Registre :

Run by junior e vanessa at 24/09/2013 19:02:00

High Elevated Privileges : OK

Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia

========== Softwares ==========

AUSENTE Uninstall Process: c:\program files\speed analysis 3\uninst.exe

========== Processo memória ==========

ELIMINÉ: Memory Process: C:\Users\junior e vanessa\AppData\Roaming\unins000.exe

========== Chaves do Registo ==========

ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speed Analysis 3]

ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136}

ELIMINÉ: HKLM\Software\Torntv 2

ELIMINÉ: HKLM\Software\Microsoft\Tracing\BingBar_RASMANCS

ELIMINÉ: HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32

========== Valores do Registo ==========

ELIMINÉ: Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

ELIMINÉ RunValue: StartCCC

ELIMINÉ RunValue: SunJavaUpdateSched

ELIMINÉ RunValue: DAEMON Tools Lite

ELIMINÉ RunValue: mctadmin

ELIMINÉ: {7E4CDBAD-41DD-4606-BA7A-4E9EA41C0B59}

ELIMINÉ: {BFF10C08-8326-4C31-924F-4FA95ADD515B}

ELIMINÉ: TCP Query User{DE4A9BE6-B6B4-4705-9536-98C7A6D39A41}C:\program files\torntv.com\torntv downloader.exe

ELIMINÉ: UDP Query User{936156FD-2BCC-472B-91B7-5CD2791244A5}C:\program files\torntv.com\torntv downloader.exe

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

ELIMINÉ: FirewallRaz (Private) : {1DEB7B9F-DABB-4261-A0F0-6C8DADD7FCD5}

ELIMINÉ: FirewallRaz (Private) : {9117163A-26DB-4118-A2B6-D38C4749C7A3}

ELIMINÉ: FirewallRaz (Private) : {0AB173A7-83CB-407C-B68E-95C4A6F844BE}

ELIMINÉ: FirewallRaz (Private) : {49CC36B0-7F0D-49CA-B978-5A617BC838C8}

========== Elementos dos dados do Registo ==========

ERRO CLSID PAPP: {807563E5-5146-11D5-A672-00B0D022E945}

========== Pastas ==========

ELIMINÉ: C:\Users\junior e vanessa\AppData\Local\{8F414331-1558-4BA5-9CE4-2EAC41EE862B}

ELIMINÉ: C:\Users\junior e vanessa\AppData\Local\{D8B8E5FE-91C4-47A6-BAC7-0639DB3117B6}

========== Ficheiros ==========

ELIMINÉ: c:\users\junior e vanessa\appdata\roaming\unins000.exe

ELIMINÉ: c:\program files\ati technologies\ati.ace\core-static\clistart.exe

ELIMINA REINICIAR: c:\program files\common files\java\java update\jusched.exe

ELIMINÉ: c:\program files\daemon tools lite\dtlite.exe

ELIMINA REINICIAR: c:\windows\system32\mctadmin.exe

ELIMINÉ: c:\program files\common files\microsoft shared\office12\msoxmlmf.dll

ELIMINÉ Temporários windows

ELIMINÉ Flash Cookies

========== Tarefa planificada ==========

ELIMINÉ: {14AFCB6A-B32B-49D6-A92C-FA405EA8DB31}

========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========

1 : Processo memória

5 : Chaves do Registo

15 : Valores do Registo

1 : Elementos dos dados do Registo

2 : Pastas

8 : Ficheiros

1 : Softwares

1 : Tarefa planificada

1 : Restauração Sistema

End of clean in 02mn 49s

========== Caminho do ficheiro do relatório ==========

C:\ZHP\ZHPFix[R1].txt - 24/09/2013 18:58:46 [474]

C:\ZHP\ZHPFix[R2].txt - 24/09/2013 19:02:18 [3237]

Boa Noite! Junior Carlos Henrique

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.imgdumper.nl/uploads6/51a612a8b2bc1/51a612a8b27e2-Zoek.png&key=b080d87f02699d418b53b08471d428294848da3b0e2385f0657dbc188036baad" alt="51a612a8b27e2-Zoek.png" /> zoek.exe >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;
iedefaults;
chrdefaults;
autoclean;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Zoek_Reboot_zpscf60b3cf.jpg&key=cd3dbc8b6058332b5ca134f03724ff8c45ff51d7f31a8c732301729c7a9e6c94" alt="Zoek_Reboot_zpscf60b3cf.jpg" />

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

A+

Zoek.exe Version 4.0.0.4 Updated 27-September-2013

Tool run by junior e vanessa on 26/09/2013 at 18:46:12,72.

Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\junior e vanessa\Desktop\zoek.com [script inserted]

==== System Restore Info ======================

26/09/2013 18:48:04 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default

user.js not found

---- Lines imesh removed from prefs.js ----

---- Lines imesh modified from prefs.js ----

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 3);

---- Lines browser.startup.page modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_092013_1909_.backup

==== Deleting Files \ Folders ======================

"C:\Users\junior e vanessa\Downloads\iSafedl.exe" deleted

"C:\Users\junior e vanessa\AppData\Roaming\DMCache" deleted

"C:\Users\junior e vanessa\AppData\Roaming\eCyber" deleted

"C:\ProgramData\Wincert" deleted

"C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\imeshtoolbar" deleted

"C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\imeshtoolbar" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default

• avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
• Torntv 3 - %ProfilePath%\extensions\trtv3@trtv.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default

CA0E1DFBE480CF0BE13A0883BEB378B6 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U40

AF661355EBAB898EB92D5454AEF93CE0 - C:\windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43

E5AF72B7353FF8D431A7C463A4229524 - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash

D33DA3930105CEF022C29B1FB22DA2D5 - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll - Samsung Link PC Plugin

101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update

AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat

AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

63BF4171F8EF7AA2C9D20EFB5B336B63 - C:\Users\junior e vanessa\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll - Módulo de Proteção - Banco Santander (Brasil) S.A.

0A1FF0B674E2F268799442A434A63BB3 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

15E298B5EC5B89C5994A59863969D9FF - C:\windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

2049BD01DD7413B15317A03F86A533FB - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPluginUACElevator.dll - TODO: <?? ??>

==== Deleting Files \ Folders ======================

"C:\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\extensions\trtv3@trtv.com.xpi" deleted

==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\junior e vanessa\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[01/04/2013 14:43]

GBBD Banco Santander (Brasil) S.A. - junior e vanessa - Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface

avast Online Security - junior e vanessa - Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

Manheim Media Player (Windows) - junior e vanessa - Default\Extensions\ocdfcabeedcfbaoabffcbecdjdnepgcl

==== Chrome Fix ======================

C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.it_0.localstorage deleted successfully

C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.it_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}"

{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)

O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

O2 - BHO: (no name) - {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} - (no file)

O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - (no file)

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: (no name) - {FF103732-4528-4322-AA8B-F7849AB7776B} - (no file)

O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe

O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe

O4 - HKLM\..\Run: [superHybridEngine] AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe

O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto

O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe

O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun

O4 - HKLM\..\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"

O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

O4 - HKLM\..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe

O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE

O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [samsung Link] "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Users\junior e vanessa\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.bancoreal.com.br

O15 - Trusted Zone: http://www.bancosantander.com.br

O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: http://www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: http://www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O15 - Trusted Zone: www.secureweb.com.br

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (file missing)

O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (file missing)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - Y - (no file)

O20 - AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll

O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.17\AllShareFrameworkManagerDMS.exe

O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\Common Files\InstantOn\InsOnSrv.exe

O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\windows\system32\AsusService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: TiMiniService - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe

O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\junior e vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\junior e vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BM5JN1RV will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\junior e vanessa\AppData\Local\Mozilla\Firefox\Profiles\jirwyqjf.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\junior e vanessa\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied

C:\Users\JUNIOR~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\junior e vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BM5JN1RV" not found

==== EOF on 26/09/2013 at 19:17:19,93 ======================

Bom Dia! Junior Carlos Henrique

|- Abra a ferramenta HijackThis. >> Do a system scan only << À seguir!

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - (no file)
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} - (no file)
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - (no file)
O2 - BHO: (no name) - {FF103732-4528-4322-AA8B-F7849AB7776B} - (no file)

|- Marque estas entradas! << As que encontrar!
|- Clique Fix checked >> Sim!
|- Reinicie o computador!

-/-

|- Baixe: < RogueKiller > ( ... par tigzy ) ( 32 bits version )

|- Ou: < /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/ablsEVeT.jpg&key=ebe62f6e6b003c3e23d8db0ff92a90e81df2d7816af5fecaeb9b0fd72c8fa9e7" alt="ablsEVeT.jpg" /> > ( ... par tigzy ) ( 64 bits version )

|- Salve-o no desktop! /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/RogueKiller_Logo.jpg&key=99f754ad8ac3afe28f2674c5df4045eed7cd3d0d73384947ed6af1127ec30157" alt="RogueKiller_Logo.jpg" />
|- Feche aplicativos que estejam abertos!
|- Execute RogueKiller.exe e aceite a Eula.

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abeo9i3V.jpg&key=28fdbc4031eead1b4262f4375d709e2ef75c8fa438c4d53edbfcfd7071cbb903" alt="abeo9i3V.jpg" />

|- Aguarde a finalização de seu Pre-scan.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/RogueKiller_Scan2.jpg&key=02afd4d0311ea8fed8ddb59a023987cb25f7d895ebf760d1c7192afebdbba6f1" alt="RogueKiller_Scan2.jpg" />

|- Dê início ao diagnóstico,clicando no botão "Verificar".
|- Exemplo: Mode: Verificar -- Date: mm/dd/2013 00:52:24
|- Poste o relatório: RKreport[1].txt

A+

RogueKiller V8.6.12 [sep 18 2013] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Site : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Iniciado em : Modo Normal

Usuario : junior e vanessa [Privilegios de Admnistrador]

Modo : Verificar -- Data : 09/28/2013 16:57:50

| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 2 ¤¤¤

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ As tarefas agendadas : 2 ¤¤¤

[V1][ROGUE ST] Plus-HD-1.6-chromeinstaller.job : C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe - /installcrx /agentregpath='Plus-HD-1.6' /extensionfilepath='C:\Program Files\Plus-HD-1.6\32002.crx' /appid=32002 /srcid='000322' /subid='0' /zdata='0' /bic=197B5FFC67BB435A84B353E242582B0CIE /verifier=9f572f4163d8d54dd128ab198695b2a5 /installerversion=1_28_153 /installerfullversion=1.28.153.3 /installationtime=1380399480 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=jidjhchcblhlapbcpheibgdjkajekhbh /extensionversion=1.24.81 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMMeKq5vfJzL0aDBU1fp1fdHsy1uaaPRCnbM8wVyXyyo973yKuCqfvaKzyuM3OXoIl+RmC+Hl+0HBYnA2Im4R+h80e7rI4bWWRJxJc135vjrZ4cESsjJbi/lF1XM2svx8VbOF7bX9Yl/CNPAupTx5w2gmUladDhDSvsnmM7TYg5QIDAQAB /allusers /allprofiles /externallog='' [7][x][x][x][x][x][x] -> ENCONTRADO

[V2][ROGUE ST] Plus-HD-1.6-chromeinstaller : C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe - /installcrx /agentregpath='Plus-HD-1.6' /extensionfilepath='C:\Program Files\Plus-HD-1.6\32002.crx' /appid=32002 /srcid='000322' /subid='0' /zdata='0' /bic=197B5FFC67BB435A84B353E242582B0CIE /verifier=9f572f4163d8d54dd128ab198695b2a5 /installerversion=1_28_153 /installerfullversion=1.28.153.3 /installationtime=1380399480 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=jidjhchcblhlapbcpheibgdjkajekhbh /extensionversion=1.24.81 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMMeKq5vfJzL0aDBU1fp1fdHsy1uaaPRCnbM8wVyXyyo973yKuCqfvaKzyuM3OXoIl+RmC+Hl+0HBYnA2Im4R+h80e7rI4bWWRJxJc135vjrZ4cESsjJbi/lF1XM2svx8VbOF7bX9Yl/CNPAupTx5w2gmUladDhDSvsnmM7TYg5QIDAQAB /allusers /allprofiles /externallog='' [7][x][x][x][x][x][x] -> ENCONTRADO

¤¤¤ entradas de inicialização : 0 ¤¤¤

¤¤¤ Os navegadores da Web : 0 ¤¤¤

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

[Address] SSDT[70] : NtCreateKey @ 0x82220FF7 -> HOOKED (Unknown @ 0x851ADAA0)

[Address] SSDT[74] : NtCreateMutant @ 0x82230348 -> HOOKED (Unknown @ 0x851F3A00)

[Address] SSDT[79] : NtCreateProcess @ 0x822FC223 -> HOOKED (Unknown @ 0x851AC5A0)

[Address] SSDT[80] : NtCreateProcessEx @ 0x822FC26E -> HOOKED (Unknown @ 0x851AC8A0)

[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x822219C2 -> HOOKED (Unknown @ 0x851F3DC0)

[Address] SSDT[87] : NtCreateThread @ 0x822FC02A -> HOOKED (Unknown @ 0x851F3340)

[Address] SSDT[88] : NtCreateThreadEx @ 0x82290483 -> HOOKED (Unknown @ 0x851F3520)

[Address] SSDT[93] : NtCreateUserProcess @ 0x8228E3B5 -> HOOKED (Unknown @ 0x851ACBA0)

[Address] SSDT[103] : NtDeleteKey @ 0x8220BA46 -> HOOKED (Unknown @ 0x851AE0A0)

[Address] SSDT[106] : NtDeleteValueKey @ 0x821FD44F -> HOOKED (Unknown @ 0x851AE9A0)

[Address] SSDT[111] : NtDuplicateObject @ 0x82251751 -> HOOKED (Unknown @ 0x851F3FA0)

[Address] SSDT[190] : NtOpenProcess @ 0x82231B8F -> HOOKED (Unknown @ 0x851ACEA0)

[Address] SSDT[194] : NtOpenSection @ 0x822899D3 -> HOOKED (Unknown @ 0x851AEF80)

[Address] SSDT[198] : NtOpenThread @ 0x8227E0DE -> HOOKED (Unknown @ 0x851AD1A0)

[Address] SSDT[290] : NtRenameKey @ 0x822BC0C3 -> HOOKED (Unknown @ 0x851AE3A0)

[Address] SSDT[302] : NtRestoreKey @ 0x822B1C7A -> HOOKED (Unknown @ 0x851AE6A0)

[Address] SSDT[350] : NtSetSystemInformation @ 0x8226E36A -> HOOKED (Unknown @ 0x851F3BE0)

[Address] SSDT[358] : NtSetValueKey @ 0x8222A5F4 -> HOOKED (Unknown @ 0x851ADDA0)

[Address] SSDT[371] : NtTerminateThread @ 0x822986A3 -> HOOKED (Unknown @ 0x851AD7A0)

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Infecção : ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Unidades de disco padrão) - WDC WD32 00BPVT-80JJ5T0 SATA Disk Device +++++

--- User ---

[MBR] 50775a6f192542ab66ff7b1e423fea29

[bSP] 7fd0b96f81aa3a3dd16702a277df8921 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 163848 Mo

1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 335562752 | Size: 30722 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 398481408 | Size: 110649 Mo

3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 625090560 | Size: 24 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Concluido : << RKreport[0]_S_09282013_165750.txt >>

Boa Noite! Junior Carlos Henrique

|- Abra,novamente,a ferramenta RogueKiller.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/RogueKiller_Registry_zps168e7585.jpg&key=687f0bb44f1f361a677bf23c50e2644a4e16819583a761607b704b8d688fde4c" alt="RogueKiller_Registry_zps168e7585.jpg" />

|- <1> Clique na guia "Registro" >> Deletar.

|- Aguarde a conclusão!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/RogueKiller_Atualizado.jpg&key=0172c47c206813e7c9b9bee3f9524438470dd782fdca35036503f8ecbc358cef" alt="RogueKiller_Atualizado.jpg" />

|- <2> Clique na guia "Atalhos" >> Reparar Atalhos.
|- Aguarde a conclusão!
|- Poste todos os relatórios,que resultarão dessas operações!

-/-

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/OTL/otlDesktopIcon.png&key=1894e5d356219721410c3360cbf9af74877ae24ccc81ed88026fc2d95dd96a07" alt="otlDesktopIcon.png" /> > ( ... by OldTimer Tools )

|- Salve-o no desktop!
|- Duplo clique em OTL.exe >> Executar ou /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

|- Ps: Tendo dificuldades ao executar OTL.exe,delete o arquivo e baixe-o daqui ou aqui.

< Explorer_ > << OTL

|- Ou... baixe-o daqui,que está renomeado,e não será bloqueado por malwares.

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acbYKMx0.jpg&key=956637f2de1bf97f9519e151336a4238161d36fe56a7bd50d0667620da5dd24e" alt="acbYKMx0.jpg" />

|- Configure a ferramenta,segundo a screenshot!
|- Em "Exame Extra do Registro",assinale "Nenhum".

SAVEMBR:0
crack /s
keygen /s
serial /s
AutoKMS /s
loader /s
netsvcs
msconfig
activex
drivers32
%SYSTEMDRIVE%\.
%APPDATA%\Local\*.
%APPDATA%\*.exe /s
%APPDATA%\*.
%systemdrive%\drivers\*.exe
%USERPROFILE%\AppData\Local\.
%USERPROFILE%\AppData\Roaming\.
%systemroote%\*. /mp /s
%systemroot%\system32\*.ini
%systemroot%\Tasks\.
%systemroot%\system32\tasks\. /s /64
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\. /90
%systemroot%\assembly\tmp\. /S /MD5
%systemroot%\assembly\temp\. /S /MD5
%systemroot%\assembly\GAC\. /S /MD5
%systemroot%\assembly\GAC_32\. /S /MD5
%systemroot%\assembly\GAC_64\. /S /MD5
%systemroot%\system32\config\systemprofile\AppData\Local\.
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\.
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\.
%systemdrive%\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.
%systemdrive%\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
/md5start
services.exe
/md5stop
regedit /e c:\registrybackup.reg /c
%windir%\tasks\. /s
|- Copie estas informações que estão no Code,para o Bloco de Notas.
|- Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto!
|- Clique na área "Exames Personalizados/Correções".

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acvcVUrd.jpg&key=db0fed5b23d09625588d8b5ed5b03efe9a64bb5fdd50957d617e8b044de082da" alt="acvcVUrd.jpg" />

|- Clique em Ok para procurar um arquivo com exame personalizado.
|- Clique "Abrir". ( scan.txt )

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acqlW68e.jpg&key=51d7a6c7e3539bcb6c0a92e46b99db282782947af7f9a4ce208742fee824c2e1" alt="acqlW68e.jpg" />

|- Após colar as informações na área branca,clique em /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acng1cS9.jpg&key=fb1e02409683f8329d0b244b9220e36e79615ed69c4f8fed8fb2c273e8653d04" alt="acng1cS9.jpg" />

|- Concluindo,poste o relatório: OTL.txt << Link ao relatório!

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abmdaZsE.jpg&key=433ccdd2cd040bd965a0b2bee3887132a2fd78ca8d607165658bf45467e220f0" alt="abmdaZsE.jpg" />

|- Para enviar,acesse: < MyFile.tk >

|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >

|- Maiores informações: < |Link| >

Abs!

ogueKiller V8.6.12 [sep 18 2013] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Site : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Iniciado em : Modo Normal

Usuario : junior e vanessa [Privilegios de Admnistrador]

Modo : Remover -- Data : 09/28/2013 23:43:09

| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 2 ¤¤¤

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> SUBSTITUIDO (0)

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)

¤¤¤ As tarefas agendadas : 2 ¤¤¤

[V1][ROGUE ST] Plus-HD-1.6-chromeinstaller.job : C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe - /installcrx /agentregpath='Plus-HD-1.6' /extensionfilepath='C:\Program Files\Plus-HD-1.6\32002.crx' /appid=32002 /srcid='000322' /subid='0' /zdata='0' /bic=197B5FFC67BB435A84B353E242582B0CIE /verifier=9f572f4163d8d54dd128ab198695b2a5 /installerversion=1_28_153 /installerfullversion=1.28.153.3 /installationtime=1380399480 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=jidjhchcblhlapbcpheibgdjkajekhbh /extensionversion=1.24.81 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMMeKq5vfJzL0aDBU1fp1fdHsy1uaaPRCnbM8wVyXyyo973yKuCqfvaKzyuM3OXoIl+RmC+Hl+0HBYnA2Im4R+h80e7rI4bWWRJxJc135vjrZ4cESsjJbi/lF1XM2svx8VbOF7bX9Yl/CNPAupTx5w2gmUladDhDSvsnmM7TYg5QIDAQAB /allusers /allprofiles /externallog='' [7][x][x][x][x][x][x] -> DELETADO

[V2][ROGUE ST] Plus-HD-1.6-chromeinstaller : C:\Program Files\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe - /installcrx /agentregpath='Plus-HD-1.6' /extensionfilepath='C:\Program Files\Plus-HD-1.6\32002.crx' /appid=32002 /srcid='000322' /subid='0' /zdata='0' /bic=197B5FFC67BB435A84B353E242582B0CIE /verifier=9f572f4163d8d54dd128ab198695b2a5 /installerversion=1_28_153 /installerfullversion=1.28.153.3 /installationtime=1380399480 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=jidjhchcblhlapbcpheibgdjkajekhbh /extensionversion=1.24.81 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMMeKq5vfJzL0aDBU1fp1fdHsy1uaaPRCnbM8wVyXyyo973yKuCqfvaKzyuM3OXoIl+RmC+Hl+0HBYnA2Im4R+h80e7rI4bWWRJxJc135vjrZ4cESsjJbi/lF1XM2svx8VbOF7bX9Yl/CNPAupTx5w2gmUladDhDSvsnmM7TYg5QIDAQAB /allusers /allprofiles /externallog='' [7][x][x][x][x][x][x] -> DELETADO

¤¤¤ entradas de inicialização : 0 ¤¤¤

¤¤¤ Os navegadores da Web : 0 ¤¤¤

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

[Address] SSDT[70] : NtCreateKey @ 0x82210FF7 -> HOOKED (Unknown @ 0x85133AA0)

[Address] SSDT[74] : NtCreateMutant @ 0x82220348 -> HOOKED (Unknown @ 0x851BBA00)

[Address] SSDT[79] : NtCreateProcess @ 0x822EC223 -> HOOKED (Unknown @ 0x851325A0)

[Address] SSDT[80] : NtCreateProcessEx @ 0x822EC26E -> HOOKED (Unknown @ 0x851328A0)

[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x822119C2 -> HOOKED (Unknown @ 0x851BBDC0)

[Address] SSDT[87] : NtCreateThread @ 0x822EC02A -> HOOKED (Unknown @ 0x851BB340)

[Address] SSDT[88] : NtCreateThreadEx @ 0x82280483 -> HOOKED (Unknown @ 0x851BB520)

[Address] SSDT[93] : NtCreateUserProcess @ 0x8227E3B5 -> HOOKED (Unknown @ 0x85132BA0)

[Address] SSDT[103] : NtDeleteKey @ 0x821FBA46 -> HOOKED (Unknown @ 0x851340A0)

[Address] SSDT[106] : NtDeleteValueKey @ 0x821ED44F -> HOOKED (Unknown @ 0x851349A0)

[Address] SSDT[111] : NtDuplicateObject @ 0x82241751 -> HOOKED (Unknown @ 0x851BBFA0)

[Address] SSDT[190] : NtOpenProcess @ 0x82221B8F -> HOOKED (Unknown @ 0x85132EA0)

[Address] SSDT[194] : NtOpenSection @ 0x822799D3 -> HOOKED (Unknown @ 0x85134F80)

[Address] SSDT[198] : NtOpenThread @ 0x8226E0DE -> HOOKED (Unknown @ 0x851331A0)

[Address] SSDT[290] : NtRenameKey @ 0x822AC0C3 -> HOOKED (Unknown @ 0x851343A0)

[Address] SSDT[302] : NtRestoreKey @ 0x822A1C7A -> HOOKED (Unknown @ 0x851346A0)

[Address] SSDT[350] : NtSetSystemInformation @ 0x8225E36A -> HOOKED (Unknown @ 0x851BBBE0)

[Address] SSDT[358] : NtSetValueKey @ 0x8221A5F4 -> HOOKED (Unknown @ 0x85133DA0)

[Address] SSDT[371] : NtTerminateThread @ 0x822886A3 -> HOOKED (Unknown @ 0x851337A0)

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Infecção : ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Unidades de disco padrão) - WDC WD32 00BPVT-80JJ5T0 SATA Disk Device +++++

--- User ---

[MBR] 50775a6f192542ab66ff7b1e423fea29

[bSP] 7fd0b96f81aa3a3dd16702a277df8921 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 163848 Mo

1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 335562752 | Size: 30722 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 398481408 | Size: 110649 Mo

3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 625090560 | Size: 24 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Concluido : << RKreport[0]_D_09282013_234309.txt >>

RKreport[0]_S_09282013_165750.txt;RKreport[0]_S_09282013_234226.txt

RogueKiller V8.6.12 [sep 18 2013] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Site : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Iniciado em : Modo Normal

Usuario : junior e vanessa [Privilegios de Admnistrador]

Modo : Atalhos HJfix -- Data : 09/28/2013 23:44:15

| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Atributos de arquivos restaurados: ¤¤¤

Área de trabalho: Success 0 / Fail 0

Barra de inicialização rapida: Success 0 / Fail 0

Programas: Success 0 / Fail 0

Menu Iniciar: Success 0 / Fail 0

Pasta do Usuario: Success 9 / Fail 0

Meus Documentos: Success 0 / Fail 0

Meus Favoritos: Success 0 / Fail 0

Minhas Imagens: Success 0 / Fail 0

Minhas Musicas: Success 0 / Fail 0

Meus Videos: Success 0 / Fail 0

Unidade Local: Success 5 / Fail 0

Backup: [NOT FOUND]

Drives:

[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored

[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored

[E:] \Device\SCDEmu\SCDEmuCd0 -- 0x5 --> Skipped

¤¤¤ Infecção : ¤¤¤

Concluido : << RKreport[0]_SC_09282013_234415.txt >>

RKreport[0]_D_09282013_234309.txt;RKreport[0]_S_09282013_165750.txt;RKreport[0]_S_09282013_234226.txt

RogueKiller V8.6.12 [sep 18 2013] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Site : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Iniciado em : Modo Normal

Usuario : junior e vanessa [Privilegios de Admnistrador]

Modo : Atalhos HJfix -- Data : 09/28/2013 23:46:24

| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Atributos de arquivos restaurados: ¤¤¤

Área de trabalho: Success 0 / Fail 0

Barra de inicialização rapida: Success 0 / Fail 0

Programas: Success 0 / Fail 0

Menu Iniciar: Success 0 / Fail 0

Pasta do Usuario: Success 0 / Fail 0

Meus Documentos: Success 0 / Fail 0

Meus Favoritos: Success 0 / Fail 0

Minhas Imagens: Success 0 / Fail 0

Minhas Musicas: Success 0 / Fail 0

Meus Videos: Success 0 / Fail 0

Unidade Local: Success 0 / Fail 0

Backup: [NOT FOUND]

Drives:

[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored

[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored

[E:] \Device\SCDEmu\SCDEmuCd0 -- 0x5 --> Skipped

¤¤¤ Infecção : ¤¤¤

Concluido : << RKreport[0]_SC_09282013_234624.txt >>

RKreport[0]_D_09282013_234309.txt;RKreport[0]_S_09282013_165750.txt;RKreport[0]_S_09282013_234226.txt

RogueKiller V8.6.12 [sep 18 2013] Por Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Site : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Iniciado em : Modo Normal

Usuario : junior e vanessa [Privilegios de Admnistrador]

Modo : Atalhos HJfix -- Data : 09/28/2013 23:46:24

| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Driver : [Carregado] ¤¤¤

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Atributos de arquivos restaurados: ¤¤¤

Área de trabalho: Success 0 / Fail 0

Barra de inicialização rapida: Success 0 / Fail 0

Programas: Success 0 / Fail 0

Menu Iniciar: Success 0 / Fail 0

Pasta do Usuario: Success 0 / Fail 0

Meus Documentos: Success 0 / Fail 0

Meus Favoritos: Success 0 / Fail 0

Minhas Imagens: Success 0 / Fail 0

Minhas Musicas: Success 0 / Fail 0

Meus Videos: Success 0 / Fail 0

Unidade Local: Success 0 / Fail 0

Backup: [NOT FOUND]

Drives:

[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored

[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored

[E:] \Device\SCDEmu\SCDEmuCd0 -- 0x5 --> Skipped

¤¤¤ Infecção : ¤¤¤

Concluido : << RKreport[0]_SC_09282013_234624.txt >>

RKreport[0]_D_09282013_234309.txt;RKreport[0]_S_09282013_165750.txt;RKreport[0]_S_09282013_234226.txt

AMIGO EU BAIXEI O OTL EM TODOS ESSES LINKS VC POSTOU E ESTA TRAVANDO QND CLICO VERIFICAR, DEMORA MT E NAO DA SINAL DO RELATORIO

Bom Dia! Junior Carlos Henrique

>

AMIGO EU BAIXEI O OTL EM TODOS ESSES LINKS VC POSTOU E ESTA TRAVANDO QND CLICO VERIFICAR, DEMORA MT E NAO DA SINAL DO RELATORIO

|- Tente sua execução rápida e verifique se gera relatório. ( OTL Quick Scan )

|- Execute,portanto,a OTL,em seu rápido escaneamento. ( Verificação rápida )
|- Ps: Para Windows 7,clique direito e execute-a como "Administrador".
|- Copie e poste o relatório. ( C:\_OTL\MovedFiles\xxxx2013_xxxxxx.log )
|- Poste,também,o relatório "Extras" que é gerado.

A+

consegui.. na verdade é que demorava mesmo.. postei no cjoint

http://cjoint.com/?CIDuC1IfDnD

Boa Tarde! Junior Carlos Henrique

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

:OTL

FF - prefs.js..browser.startup.homepage: "http://br.hao123.com/?tn=brosoft_hp_hao123_br"

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll File not found

O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.

O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.

O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.

O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.

O2 - BHO: (no name) - {A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} - No CLSID value found.

O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.

O2 - BHO: (no name) - {FF103732-4528-4322-AA8B-F7849AB7776B} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O13 - gopher Prefix: missing

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found

O18 - Protocol\Filter\text/xml - No CLSID value found

O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

[2013/09/28 16:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Plus-HD-1.6

[2013/09/28 16:15:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu Security

[2013/09/28 16:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Baidu Security

[2013/09/28 16:15:46 | 000,000,000 | ---D | C] -- C:\Users\junior e vanessa\AppData\Roaming\Baidu Security

[2013/09/28 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\junior e vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123

[2013/09/28 16:15:06 | 000,000,000 | ---D | C] -- C:\Users\junior e vanessa\AppData\Roaming\baidu

[2013/09/28 16:29:28 | 000,000,000 | ---D | M] -- C:\Users\junior e vanessa\AppData\Roaming\baidu

[2013/09/28 16:15:46 | 000,000,000 | ---D | M] -- C:\Users\junior e vanessa\AppData\Roaming\Baidu Security

[2012/12/05 19:03:22 | 000,006,820 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\{503E067F-2914-4EDD-8432-2D6C52635E23}\chrome\skin\lib\panels\images\ajax-loader.gif.vir

[2013/08/25 12:32:46 | 000,141,432 | ---- | M] () -- \AdwCleaner\Quarantine\C\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\91_monetizationLoader.js.js.vir

[2013/09/08 21:23:45 | 000,004,234 | ---- | M] () -- \AdwCleaner\Quarantine\C\windows\System32\Tasks\Plus-HD-2.2-codedownloader.vir

[2013/09/21 12:01:39 | 000,001,204 | ---- | M] () -- \AdwCleaner\Quarantine\C\windows\Tasks\Plus-HD-2.2-codedownloader.job.vir

[2013/06/03 23:05:35 | 000,007,680 | ---- | M] () -- C:\Users\junior e vanessa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:AB689DEA

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]

"DefaultConnectionSettings"=hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,\

01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]

"SavedLegacySettings"=hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,\

00,00,c0,a8,83,41,00,00,00,00,00,00,00,00

:Commands

[purity]

[emptytemp]

[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/OTL_RunFix.jpg&key=09e9249e416710368096f3071f572470adab328652ebc1420e14063af4dbfd77" alt="OTL_RunFix.jpg" />

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

A+

All processes killed

========== OTL ==========

Prefs.js: "http://br.hao123.com...t_hp_hao123_br" removed from browser.startup.homepage

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF103732-4528-4322-AA8B-F7849AB7776B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmbp\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF}\ deleted successfully.

File {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmpx\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}\ deleted successfully.

File {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\Wincert\WIN32C~1.DLL deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

C:\Program Files\Plus-HD-1.6 folder moved successfully.

C:\Users\Public\Documents\Baidu Security\PC Faster\3.6.0.38659 folder moved successfully.

C:\Users\Public\Documents\Baidu Security\PC Faster folder moved successfully.

C:\Users\Public\Documents\Baidu Security folder moved successfully.

C:\Program Files\Baidu Security\PC Faster folder moved successfully.

C:\Program Files\Baidu Security folder moved successfully.

C:\Users\junior e vanessa\AppData\Roaming\Baidu Security\PC Faster\3.6.0.38659\RpData folder moved successfully.

C:\Users\junior e vanessa\AppData\Roaming\Baidu Security\PC Faster\3.6.0.38659 folder moved successfully.

C:\Users\junior e vanessa\AppData\Roaming\Baidu Security\PC Faster folder moved successfully.

C:\Users\junior e vanessa\AppData\Roaming\Baidu Security folder moved successfully.

C:\Users\junior e vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123 folder moved successfully.

C:\Users\junior e vanessa\AppData\Roaming\baidu folder moved successfully.

Folder C:\Users\junior e vanessa\AppData\Roaming\baidu\ not found.

Folder C:\Users\junior e vanessa\AppData\Roaming\Baidu Security\ not found.

File move failed. \AdwCleaner\Quarantine\C\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\{503E067F-2914-4EDD-8432-2D6C52635E23}\chrome\skin\lib\panels\images\ajax-loader.gif.vir scheduled to be moved on reboot.

File move failed. \AdwCleaner\Quarantine\C\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\91_monetizationLoader.js.js.vir scheduled to be moved on reboot.

File move failed. \AdwCleaner\Quarantine\C\windows\System32\Tasks\Plus-HD-2.2-codedownloader.vir scheduled to be moved on reboot.

File move failed. \AdwCleaner\Quarantine\C\windows\Tasks\Plus-HD-2.2-codedownloader.job.vir scheduled to be moved on reboot.

C:\Users\junior e vanessa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\ deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"DefaultConnectionSettings"|hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully!

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"SavedLegacySettings"|hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 121064 bytes

->Temporary Internet Files folder emptied: 294887 bytes

->Flash cache emptied: 57472 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: junior e vanessa

->Temp folder emptied: 43350472 bytes

->Temporary Internet Files folder emptied: 1452088 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 17782015 bytes

->Google Chrome cache emptied: 294666693 bytes

->Flash cache emptied: 57969 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 616014 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 342,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09292013_194810

Files\Folders moved on Reboot...

File move failed. \AdwCleaner\Quarantine\C\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\{503E067F-2914-4EDD-8432-2D6C52635E23}\chrome\skin\lib\panels\images\ajax-loader.gif.vir scheduled to be moved on reboot.

File move failed. \AdwCleaner\Quarantine\C\Users\junior e vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\jirwyqjf.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\91_monetizationLoader.js.js.vir scheduled to be moved on reboot.

File move failed. \AdwCleaner\Quarantine\C\windows\System32\Tasks\Plus-HD-2.2-codedownloader.vir scheduled to be moved on reboot.

File move failed. \AdwCleaner\Quarantine\C\windows\Tasks\Plus-HD-2.2-codedownloader.job.vir scheduled to be moved on reboot.

File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

File\Folder C:\windows\temp\hsperfdata_JUNIOREVANESSA$\1004 not found!

C:\windows\temp\HS.log moved successfully.

C:\windows\temp\sqlite-3.7.2-sqlitejdbc.dll moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Boa Noite! Junior Carlos Henrique

|- Baixe: |DelFix| ( ... de Xplode )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/DelFix_SetaVerde.jpg&key=a562af283f81224b0096f109e2c85fcde8abae0d109a59c91160b5f99a23e243" alt="DelFix_SetaVerde.jpg" />

|- Estando na página,clique na seta verde para o download.

|- Salve-a em um local conveniente! ( desktop! )

|- Feche aplicativos que estejam abertos.

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/aciCkcnc.jpg&key=64869378cfa4b064d7b47039e3c62f5b7663c245630c39d83d544fa67ef7cd81" alt="aciCkcnc.jpg" />

|- Execute-a!

|- Com as duas checkbox marcadas!

|- Clique "Run".

|- Caso queira,poste o relatório!

|- Tudo Ok?

Abs!

DelFix v10.4 - Logfile created 30/09/2013 at 11:34:45

Updated 19/07/2013 by Xplode

Username : junior e vanessa - JUNIOREVANESSA

Operating System : Windows 7 Starter Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\ZHP
Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Deleted : C:\Users\junior e vanessa\Desktop\RK_Quarantine
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\PhysicalDisk0_MBR.bin
Deleted : C:\zoek-results.log
Deleted : C:\Users\junior e vanessa\Desktop\adwcleaner.exe
Deleted : C:\Users\junior e vanessa\Desktop\HiJackThis.lnk
Deleted : C:\Users\junior e vanessa\Desktop\OTL.Txt
Deleted : C:\Users\junior e vanessa\Desktop\RogueKiller.exe
Deleted : C:\Users\junior e vanessa\Desktop\scan.txt
Deleted : C:\Users\Public\Desktop\ZHPDiag.lnk
Deleted : C:\Users\Public\Desktop\ZHPFix.lnk
Deleted : C:\Users\junior e vanessa\Downloads\HijackThis.msi
Deleted : C:\Users\junior e vanessa\Downloads\ZHPDiag2.exe
Deleted : C:\Users\junior e vanessa\Downloads\zoek.zip
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Cleaning system restore ...

Deleted : RP #67 [installed HiJackThis | 09/19/2013 22:05:26]
Deleted : RP #68 [installed Java 7 Update 40 | 09/22/2013 17:58:58]
Deleted : RP #70 [P | 09/24/2013 23:00:40]
Deleted : RP #71 [zoek.exe restore point | 09/26/2013 22:47:17]

New restore point created !

########## - EOF - ##########

amigo... as propagandas sumiram... porem algumas palavras ainda se transformam em links

Boa Tarde! Junior Carlos Henrique

amigo... as propagandas sumiram... porem algumas palavras ainda se transformam em links

< Adblock Plus >

|- Se for o Hotwords,utilize o Adblock Plus e configure a "Regra de Filtro" colocando o link: http://www.hotwords.com.br/

olá amigo! estou tendo problemas para baixar este arquivo do adblock... e nao sei se as propagandas sao do hotwords

Bom Dia! Junior Carlos Henrique

baixei e apliquei os filtros do hotwords, eanswer, public8media e teebick; mas nao adiantou nada

baixei e apliquei os filtros do hotwords, eanswer, public8media e teebick; mas nao adiantou nada