Boa Tarde! Spyder.RV

|- Abra a ferramenta HijackThis.
|- Clique "Do a system scan only".

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

|- Marque estas entradas,em destaque,e clique "Fix Checked" >> Sim!
|- Reinicie...feche a ferramenta e baixe o AdwCleaner.

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Logo2_zps580bcd78.jpg&key=71530441ef1621c6398a69f0f5fae6f7f5c87897579baf8487ec306c4e109626" alt="AdwCleaner_Logo2_zps580bcd78.jpg" /> > ( ... par Xplode )

|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tlcharger.jpg&key=2319bbcd35144166c25768473f26c7f193a7ab5036b9479bd1465d8257d6f6b2" alt="AdwCleaner_Tlcharger.jpg" /> >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/advz4z8Y.jpg&key=d014b7c10974863cb53eb98c621165d7bed35f01f9fe6800257605fc7dc58eba" alt="advz4z8Y.jpg" />

|- Ps: Dê início à ferramenta,clicando em "Scan".
|- Clique "Clean",caso fique disponível,para cada guia acessada em "Results".

|- Clique nas setinhas laterais,para ter acesso às guias "Firefox" ou "Chrome". < /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/adegUsFH.jpg&key=ef53dc375b32e51edfe8be3fb665ac1d1d329ed87e36faabbee8595cb37320b8" alt="adegUsFH.jpg" /> >
|- Ao concluir,clique "Report".

< C:\AdwCleaner\AdwCleaner[s0].txt > ou < C:\AdwCleaner\AdwCleaner[s1].txt > ;S2, S3;...

|- Poste todos os relatórios que estarão em C:\AdwCleaner <<

A+

Opa, obrigado pelo retorno.

Seguem os relatorios:

# AdwCleaner v3.010 - Relatório criado 24/10/2013 às 14:29:27

Atualizado 20/10/2013 por Xplode

Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)

Usuário : Wemerson - WEMERSON-PC

Executando de : D:\Dados do PC\Wemerson\Downloads\adwcleaner.exe

Opção : Examinar

*** [ Serviços ] ***

*** [ Arquivos / Pastas ] ***

*** [ Atalhos ] ***

*** [ Registro ] ***

Chave Encontrada : HKCU\Software\Conduit
Chave Encontrada : [x64] HKCU\Software\Conduit
Chave Encontrada : HKLM\Software\Conduit
Chave Encontrada : HKLM\Software\PIP
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

*** [ Navegadores ] ***

-\\ Internet Explorer v10.0.9200.16521

-\\ Mozilla Firefox v24.0 (pt-BR)

[ Arquivo : C:\Users\Wemerson\AppData\Roaming\Mozilla\Firefox\Profiles\1cicd47u.default\prefs.js ]

Linha encontrada : user_pref("extensions.skipscreen.divshareactive", false);
Linha encontrada : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.|hxxp://.depositfiles.com/(([a-z]{2})/files/|auth-).|hxxp://(www.)digg.com/(.{5}|.{6})$|hxxp:[...]

-\\ Google Chrome v30.0.1599.101

[ Arquivo : C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1365 octets] - [24/10/2013 14:29:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1425 octets] ##########

# AdwCleaner v3.010 - Relatório criado 24/10/2013 às 14:31:42

Atualizado 20/10/2013 por Xplode

Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)

Usuário : Wemerson - WEMERSON-PC

Executando de : D:\Dados do PC\Wemerson\Downloads\adwcleaner.exe

Opção : Limpar

*** [ Serviços ] ***

*** [ Arquivos / Pastas ] ***

*** [ Atalhos ] ***

*** [ Registro ] ***

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\PIP

*** [ Navegadores ] ***

-\\ Internet Explorer v10.0.9200.16521

-\\ Mozilla Firefox v24.0 (pt-BR)

[ Arquivo : C:\Users\Wemerson\AppData\Roaming\Mozilla\Firefox\Profiles\1cicd47u.default\prefs.js ]

Linha deletada : user_pref("extensions.skipscreen.divshareactive", false);
Linha deletada : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.|hxxp://.depositfiles.com/(([a-z]{2})/files/|auth-).|hxxp://(www.)digg.com/(.{5}|.{6})$|hxxp:[...]

-\\ Google Chrome v30.0.1599.101

[ Arquivo : C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1513 octets] - [24/10/2013 14:29:27]
AdwCleaner[s0].txt - [1367 octets] - [24/10/2013 14:31:42]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1427 octets] ##########

Boa Tarde! Spyder.RV

|- Baixe: < ZHPDiag2.exe > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" /> > ( ... de Nicolas Coolman )

|- Salve-o no disco local! ( C ou D )
|- Execute o ícone do pergaminho. ( ZHPDiag )

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abynh7jv.jpg&key=ee7d09348473b69422ef5ab11ff0d2d086965ec987da7749e85df564d187958c" alt="abynh7jv.jpg" />

|- Clique: "CONFIGURE"

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_Options2_zps5a090bf7.jpg&key=269ede7850f894bdb202345a802babedd4bd051961394ac9c4b64b6e0cabe0fb" alt="ZHPDiag_Options2_zps5a090bf7.jpg" />

|- Clique: "Options" >> "All" >> OK

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_FullAnalysis_zps60157826.jpg&key=9a3e7b46c42cf532cd8868e36df357452e71710372d1c3194e82d5d315a29c4e" alt="ZHPDiag_FullAnalysis_zps60157826.jpg" />

|- Clique: "CONFIGURE" >> "Full Analysis"
|- Aguarde a conclusão!
|- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada.
|- Volte a janela principal da ferramenta.

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/adcYraWj.jpg&key=b2552a4f5897e0c5956bacf7e42705af1284fe6525a19929f57781f15169a5f3" alt="adcYraWj.jpg" />

|- Clique "SEARCH" e aguarde a conclusão!
|- Ou clique "Options" >> "None".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_AdditionalScan_zps21f11520.jpg&key=bcab741827ec6a811f27dcac4f05e08cbb599ed6a4dae592add724dd43cc9ca5" alt="ZHPDiag_AdditionalScan_zps21f11520.jpg" />

|- Marque,apenas,a opção "Additional Scan (O88)".

~ Unselected Option:

O1,039,O40,O41,O42,O43,O44,O45,O46,O47,
O48,O49,O50,O51,O52,O53,O54,O55,O56,O57,
O58,O59,O60,O61,O62,O63,O64,O65,O66,O67,
O68,O69,O80,O81,O82,O83,O84,O85,O86,O87,
O89,O90,O91,O92
####

|- Desta forma,estas opções serão desabilitadas!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i39.servimg.com/u/f39/11/05/93/83/zhpdia11.png&key=cd2bcbee7ecda71a202f64af97b2896faaf1bddc4af00b80af5b456d12007af6" alt="zhpdia11.png" />

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >

|- Maiores informações: < |Link| >

A+

Segue o log do ZHPDiad2.

http://pjjoint.malekal.com/files.php?read=20131024_l6h15m15p15y12

Boa Noite! Spyder.RV

|- Copie estas informações,logo abaixo,para o Bloco de Notas.

|- Estando com o Bloco de Notas aberto,execute: ctrl+a >> ctrl+c

script zhpfix

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com

[MD5.774D05FE35417E2806B958C65CAAD4F3] [sPRF][14/10/2013] (...) -- C:\Users\Wemerson\AppData\Local\Temp\9b3c3e61-a827-460a-909c-8016c195cfde.exe [1725824]

[MD5.AC8ED637C6D7D6EF13F73B43D2E80C9E] [sPRF][14/10/2013] (...) -- C:\Users\Wemerson\AppData\Local\Temp\converter.exe [2414]

[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] [sPRF][22/06/2012] (...) -- C:\Users\Wemerson\AppData\Local\Temp\ESGScanner.sys [22704]

[MD5.9FF765D961D3C51E709781AA4061C5BB] [sPRF][14/10/2013] (...) -- C:\Users\Wemerson\AppData\Local\Temp\SHSetup.exe [46974032] =>Crapware.SpyHunter

O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Orphan key

O41 - Driver: (BdfNdisf) . (. - .) - c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys (.not file.)

O41 - Driver: (bdftdif) . (. - .) - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys (.not file.)

O44 - LFC:[MD5.444BCB3A3FCF8389296C49467F27E1D6] - 17/10/2013 - 22:26:25 ---A- . (...) -- C:\Windows\v3.log [2]

O53 - SMSR:HKLM\...\startupreg\Eazuzy [Key] . (...) -- C:\Users\Wemerson\AppData\Roaming\Eazuzy.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\1 [Key] . (...) -- C:\Users\Wemerson\AppData\Local\Temp\hide my ip patch.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\tsiVideo [Key] . (...) -- C:\Users\Wemerson\AppData\Local\Temp\tsiVi132.dll (.not file.)

O61 - LFC: 22/10/2013 - 15:00:41 ---A- . (...) -- C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Local State~RF19cac1e.TMP [45400]

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified =>PUA.StartShow ^

C:\Users\Wemerson\AppData\Local\Temp\SHSetup.exe =>Crapware.SpyHunter^

emptytemp

emptyflash

emptyclsid

firewallraz

sysrestore

|- Execute ZHPFix >> Clique: IMPORTAÇÃO >> OK.

|- Clique "GO".

|- Poste o relatório!

A+

Boa noite. Segue o relatório:

Rapport de ZHPFix 2013.10.21.17 par Nicolas Coolman, Update du 21/10/2013Fichier d'export Registre :

Reciclagem vazia (00mn 02s)

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\Wemerson\AppData\Local\Temp\9b3c3e61-a827-460a-909c-8016c195cfde.exe
ELIMINÉ: Memory Process: C:\Users\Wemerson\AppData\Local\Temp\converter.exe
ELIMINÉ: Memory Process: C:\Users\Wemerson\AppData\Local\Temp\SHSetup.exe

========== Chaves do Registo ==========
ELIMINÉ Driver Key: BdfNdisf
ELIMINÉ Driver Key: bdftdif
ELIMINÉ:* StartupReg: Eazuzy
ELIMINÉ:* StartupReg: 1
ELIMINÉ:* StartupReg: tsiVideo

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R1 Search Page =
SUBSTITUI Value Start_ShowMyGames : Good (1) - Bad (0)

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: C:\Users\Wemerson\AppData\Local\Temp\ESGScanner.sys
ELIMINÉ: c:\windows\v3.log
ELIMINÉ: c:\users\wemerson\appdata\local\google\chrome\user data\local state~rf19cac1e.tmp
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
3 : Processo memória
5 : Chaves do Registo
3 : Valores do Registo
3 : Elementos dos dados do Registo
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema

End of clean in 01mn 08s

========== Caminho do ficheiro do relatório ==========
C:\Users\Wemerson\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/10/2013 15:45:59 [603]
C:\Users\Wemerson\AppData\Roaming\ZHP\ZHPFix[R2].txt - 25/10/2013 01:07:20 [2023]

Bom Dia! Spyder.RV

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.imgdumper.nl/uploads6/51a612a8b2bc1/51a612a8b27e2-Zoek.png&key=b080d87f02699d418b53b08471d428294848da3b0e2385f0657dbc188036baad" alt="51a612a8b27e2-Zoek.png" /> zoek.exe >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

emptychrcache;
hijackthis;
chrdefaults;
iedefaults;
autoclean;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Zoek_Reboot_zpscf60b3cf.jpg&key=cd3dbc8b6058332b5ca134f03724ff8c45ff51d7f31a8c732301729c7a9e6c94" alt="Zoek_Reboot_zpscf60b3cf.jpg" />

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

A+

Bom dia... Segue log do zoek

>

Zoek.exe Version 4.0.0.5 Updated 22-October-2013
Tool run by Wemerson on 25/10/2013 at 10:46:06,77.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Dados do PC\Wemerson\Desktop\zoek\zoek.exe [script inserted]

==== Older Logs ======================

C:\zoek-results2013-10-25-122926.log 420 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Users\Wemerson\renew.bat deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"content_blocker@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com" [18/10/2013 12:35]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Wemerson\AppData\Roaming\Mozilla\Firefox\Profiles\1cicd47u.default

• Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi


• Australis - %ProfilePath%\extensions\Australis@SoapyHamHocks.xpi


• Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi


• SkipScreen - %ProfilePath%\extensions\SkipScreen@SkipScreen.xpi


• Web Developer - %ProfilePath%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

• Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Wemerson\AppData\Roaming\Mozilla\Firefox\Profiles\1cicd47u.default
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
D4BD9F86123C87ECA570418B69326F99 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx[29/08/2013 16:09]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx[29/08/2013 16:09]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx[29/08/2013 16:09]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
iahagolkpaghhinaljhjihagjgomdokb - C:\Users\Wemerson\AppData\Local\Alexa\atbpg-bY8cnr-1.3.crx[29/05/2013 16:47]

Google Translate - Wemerson - Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
MeasureIt - Wemerson - Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma
Translator - Wemerson - Default\Extensions\baphblbjhblgjocinamnmbpceogpfedo
Read Later Fast - Wemerson - Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji
Vimeo™ Download Videos - Wemerson - Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg
Climatempo - Wemerson - Default\Extensions\hdpadclmjnppejbenfgklgaganbefgad
AngularJS Batarang - Wemerson - Default\Extensions\ighdmehidhipcmcojjgiloacoafjmpfk
HTML5 Web Development IDE - Wemerson - Default\Extensions\kheidghjolippfddjfloeinafjkcgcic
Chrome In-App Payments service - Wemerson - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Feed Intent Viewer - Wemerson - Default\Extensions\oceapojkdgeophkjdijkpbjifdnfimdh
LogMeIn - Wemerson - Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon
Intel\u00AE XDK - Wemerson - Default\Extensions\onmkoldigcfmebcinpmineoadckalllb

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.dell.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://google.fr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://google.fr"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{EFA27348-E879-4907-9783-B1D0956D3E33} O que fazer na internet? Url="http://www.oquefazernainternet.com/q/{searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, enhanced for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [LightShot] C:\Users\Wemerson\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-21-1118846666-3358091151-14487094-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1118846666-3358091151-14487094-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = C:\Users\Wemerson\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Apache Web Server Monitor.lnk = C:\Zend Server CE\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Zend Controller.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Wemerson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Wemerson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Wemerson\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Wemerson\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 25/10/2013 at 12:01:07,98 ======================

Boa Tarde! Spyder.RV

|- Remova as ferramentas que foram empregadas,com o DelFix.

-/-

|- Baixe: |DelFix| ( ... de Xplode )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/DelFix_SetaVerde.jpg&key=a562af283f81224b0096f109e2c85fcde8abae0d109a59c91160b5f99a23e243" alt="DelFix_SetaVerde.jpg" />

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

/applications/core/interface/imageproxy/imageproxy.php?img=http://home.kpn.nl/stefsmeenk/delfix.gif&key=18033ed0d990b9dba10f3aa620c883e92b188e95ccac98a5e1a6286226c313b9" alt="delfix.gif" />

|- Execute-a!
|- Com as 3 checkbox marcadas!
|- Clique "Run".
|- Tudo Ok? O problema permanece?

At+

Boa tarde.

Ufa... até que enfim essa praga saiu!

Muito obrigado!

Uma dúvida... meu notebook tava com o google chrome sincronizado com o chrome aqui e agora tá apresentando o mesmo problema, provavelmente foi contaminado também né?

Eu me precavi e antes de começar a desinfecção eu retirei o notebook da sincronização do chrome com esse pc...

Tenho que abrir outro post para o notebook também ?

Boa Noite! Spyder.RV

>
Uma dúvida... meu notebook tava com o google chrome sincronizado com o chrome aqui e agora tá apresentando o mesmo problema, provavelmente foi contaminado também né?

Eu me precavi e antes de começar a desinfecção eu retirei o notebook da sincronização do chrome com esse pc...

Tenho que abrir outro post para o notebook também ?

|- Sim! Abra outro Tópico e poste o log do HijackThis,referente ao seu Notebook.

Abs!

xxxxxxxxxxxxxxxxxxxxxxxxxxx
PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.