Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Bom dia!
Estou com sérios problemas.
Começou com o AVG não conseguindo atualizar.
Tentei então desinstala-lo e para minha surpresa não é possível. Na verdade, não consigo mais instalar ou desinstalar qualquer outro antivirus ou antimalware que eu possa querer.
Depois de não conseguir desinstalar o AVG tentei escanear com o malwarebytes. Mas ele simplesmente não abre.
Não consigo seuqer fazer o HijackThis rodar. Baixo os arquivos mas não é permitido instalala-los ou atualiza-los.
Me ajude.
Boa noite! Ferramenta instalada.
Segue o log:
~ Relatório do ZHPDiag v2014.7.19.106 - Nicolas Coolman (19/07/2014)
~ Iniciado por Soraya (20/07/2014 22:38:34)
~ Endereço do Website : =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [http://br.yhs4.search.yahoo.comO69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -](http://br.yhs4.search.yahoo.com) =>Toolbar.Ask---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [sPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.EECD181357EEBCCD1C414D89B4D9078D] [sPRF][12/07/2013] (...) -- C:\Users\Soraya\AppData\Roaming\unins000.dat [12795]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [sPRF][12/07/2013] (.No owner - Setup/Uninstall.) -- C:\Users\Soraya\AppData\Roaming\unins000.exe [720082]
[MD5.739F4BFD0576A184CE8BB8140026B93F] [sPRF][20/07/2014] (...) -- C:\Users\Soraya\Desktop\u14iavi7887zr.bin [88979219]
~ Files: 5 Legitimates Filtered in 00mn 06s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\funmoods_RASAPI32 =>PUP.Funmoods
HKLM\SOFTWARE\Microsoft\Tracing\funmoods_RASMANCS =>PUP.Funmoods
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_2-KFRPtAWP-1__RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_2-KFRPtAWP-1__RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32 =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mkv-player_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mkv-player_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_directx_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_directx_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_project64_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_project64_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup(1)_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup(1)_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32 =>PUP.WebConnect
HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS =>PUP.WebConnect
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 27/06/2014 3241488 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
SS - | Auto 28/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe---\\ Scâner Aditional (088)
Database Version : 13026 - (19/07/2014)
Clés trouvées (Keys found) : 12
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs] =>Toolbar.Ask
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}] =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:AVG-Secure-Search-Update_0913b =>Toolbar.AVGSearch^
C:\Program Files\WebConnect =>PUP.WebConnect^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\Soraya\AppData\Roaming\337 =>Hijacker.22Find^
C:\Users\Soraya\AppData\Local\genienext =>PUP.NextLive^
C:\Program Files\SimilarSites =>Adware.SimilarSites
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch---\\ Informações complémentaires do módulos
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ =>.Browser Helper Objects do navegador (02)
~ =>.Barras do Internet Explorer (03))
~ =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
=>Adware.MyWebSearch
=>Hijacker.NationZoom
=>Hijacker.22Find
=>PUP.DealPly
=>Toolbar.Conduit
=>PUP.WebConnect
=>PUP.Tarma
=>PUP.NextLive
=>Toolbar.Ask
=>Hijacker.FindrToolbar
=>PUP.Funmoods
=>Adware.IMBooster
=>Adware.PredictAd
=>PUP.SweetIM
=>PUP.ToparcadeHits
=>Trojan.Lozavita
=>Adware.BrowseFox
=>PUP.CrossRider
http://nicolascoolman.fr/adware-similarsites%C2'> =>Adware.SimilarSites~ 1005 Legitimates filtered by white list
End of the scan (647 lines in 08mn 09s)(0)
Para executá-lo corretamente siga as dicas deste artigo:
Tutorial de instalação e execução do aplicativo ZHPDiag
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Já postei acima. Editei a mensagem anterior. ;)
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
http://www.bleepingcomputer.com/download/adwcleaner/
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
Remova adwares e toolbars maliciosas com o Adwcleaner
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt
Ficamos na espera.
Bom dia!
Como já tinha te informado. Consigo baixar os programas mas não instala-los.
Executei o AdwCleaner mas o vírus fecha o programa assim que abre. Questão de 1 segundo. É como se a tela piscasse pra mim.
Vc tem ideia de que vírus faz isso? Nem o sality acho que faz isso. Pelo menos da vez que ele veio de presentinho pra mim. Ele fez estrago mas não bloqueava os antivirus.
Inté.
:seta: Acesse o site https://www.virustotal.com e envie estes arquivos destacados em negrito abaixo para serem analisados:
C:\Program Files\Oi\Programmer\OiVeloxCheck.exe
C:\u14iavi7887zr.bin
Assim que a análise de cada um deles for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste estes links em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.
Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:
Analise arquivos e links suspeitos de forma online e totalmente gratuita
____________________________________________________________________________
:seta: Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta juntamente com os links das análises dos arquivos no site Virus Total.
Boa tarde!
O arquivo OiVeloxCheck primeiro acusou 3 vírus. Reavaliei e acusou 1 de 43 f749ff7a8439377070b3aae3cef259a7a917f418c13066fa1ed6673e2e80315b
O segundo está invalidado. Muito grande. Tem mais de 64 mb.
Siga então o restante das dicas que te passei na resposta acima para executar o ZHPFix e poste o relatório dele.
Segue o relatório:
Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Soraya at 21/07/2014 14:58:04
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 22s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: Mozilla Plugin: @pandonetworks.com/PandoWebPlugin
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKCU\Software\Softonic
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ: SearchScopes :${searchCLSID}
ELIMINÉ: SearchScopes :{2D6734A5-DD67-46BD-99C0-8685B4286399}
ELIMINÉ: SearchScopes :{33D59858-89D9-4AC2-A956-93875EB02323}
ELIMINÉ: SearchScopes :{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\funmoods_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\funmoods_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_2-KFRPtAWP-1__RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_2-KFRPtAWP-1__RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mkv-player_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mkv-player_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_directx_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_directx_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_project64_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_project64_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup(1)_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup(1)_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS
ELIMINÉ: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
ELIMINÉ: HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
ELIMINÉ: HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
ELIMINÉ: HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
ELIMINÉ: HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS
ELIMINÉ: HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32
ELIMINÉ: HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
ELIMINÉ RunValue: AVG-Secure-Search-Update_0913b
ELIMINÉ RunValue: fab
ELIMINÉ RunValue: Del249980432
ELIMINÉ RunValue: Del428825345
ELIMINÉ RunValue: Del530267491
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page = http://start.mysearc...EtD0C0AzyyEyBzz[...]
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.id", "E0CA9478F907ECD5");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.instlDay", "16124");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.instlRef", "");ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.prdct", "mysearchdial");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.tlbrId", "base");ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.hmpg", true);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.newTab", false);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.smplGrp", "none");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:16:35");========== Pastas ==========
ELIMINÉ: C:\Users\Soraya\AppData\Local\{11417E49-0057-4C30-A657-E5274F851281}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{2DEC70D6-CBA0-48BE-82D4-98C944022915}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{3BE2D233-C730-454E-8038-911E2E4D436E}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{3D4932A5-5BA5-4090-B154-579D6E80D79F}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{44399A52-AC33-4606-A69A-ACEA7F1D48B2}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{576F8FE8-9E83-4060-B572-A65C137F4B12}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{66A16A2C-3656-450A-9549-0E138EC5C025}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{6CF16F74-4CE2-4C05-9213-989116AEC755}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{87F8634D-5DBD-4DC2-BDB5-F493E10943EA}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{900768BE-D178-48E3-A775-8EA5734C98D4}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{9FAFEAD6-F7EE-4D64-A865-04A6C398DC4E}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{AE1E6D05-3922-416B-BA7A-EDD97DEAD48D}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{AFC4400C-7608-4FC6-AE26-6FDA67C005EE}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{B5EF2365-DA44-4B23-8B95-E444F3E2A264}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{CF2952F0-4F53-425D-BC39-E20C6FAB36D4}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{DBC6BB4F-7149-44DA-BBA8-89CD0EBE5354}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{E6E65691-81AA-4215-9CCD-7C67DF40E1B8}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{EAE0AE43-4516-4DAB-ADD0-F0F231232BC7}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{ED600DE5-6A38-4180-92E5-0AA81A29C433}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{F79CB6DB-BDEB-4625-B15C-A8886395204D}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{FE8B0828-5948-4AF9-B1A0-03D5C5D9DB7E}
========== Ficheiros ==========
ELIMINÉ: c:\users\soraya\appdata\roaming\mozilla\firefox\profiles\d9gpgnfs.default\searchplugins\mysearchdial.xml
ELIMINÉ: c:\users\soraya\appdata\roaming\mozilla\firefox\profiles\d9gpgnfs.default\searchplugins\nation-secure-search.xml
ELIMINÉ: c:\users\soraya\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\ddtank.lnk
ELIMINÉ: c:\users\soraya\appdata\roaming\337\ddtank\gamelogin.exe
ELIMINÉ: c:\users\soraya\desktop\ddtank.lnk
ELIMINÉ: c:\users\soraya\appdata\roaming\ecad\fab.js
ELIMINA REINICIAR: c:\windows\system32\cmd.exe
ELIMINÉ: c:\windows\tasks\roc_jan2013_tb_rmv.job
ELIMINÉ: c:\windows\system32\tasks\roc_jan2013_tb_rmv
ELIMINÉ: c:\windows\system32\drivers\360hookoem.sys
ELIMINÉ: c:\windows\system32\drivers\360regoem.sys
ELIMINÉ: c:\windows\system32\drivers\360spoem.sys
ELIMINÉ Temporários windows (1605) (748.151.453 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: DealPly
ELIMINÉ: DealPly
ELIMINÉ: DealPlyUpdate
ELIMINÉ: {3512B0A4-6AD9-4A18-9B18-4A1397A3CD18}
ELIMINÉ: {616BA8F8-3069-4A1A-9DC4-86E4D3FABA90}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
47 : Chaves do Registo
6 : Valores do Registo
1 : Elementos dos dados do Registo
21 : Pastas
14 : Ficheiros
26 : Preferências do navegador
5 : Tarefa planificada
1 : Restauração Sistema
End of clean in 03mn 28s
========== Caminho do ficheiro do relatório ==========
C:\Users\Soraya\AppData\Roaming\ZHP\ZHPFix[R1].txt - 21/07/2014 14:58:26 [9278]
:seta: Abra novamente o ( ZHPDiag )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pergaminho2_zps6e758639.jpg&key=6ea716e3ff0c1e80fdbb9b821ab86cbec4d10a8ec6466840625e1b7577bb9e18" alt="ZHPDiag_Pergaminho2_zps6e758639.jpg" />
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPDiag_Pesquisar_zps3acb0f25.jpg&key=a9db759c6eb2aaf3d21c25042f3a945d994ff770b624f42b57ce9b23ef895a51" alt="ZHPDiag_Pesquisar_zps3acb0f25.jpg" />
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
/applications/core/interface/imageproxy/imageproxy.php?img=http://i39.servimg.com/u/f39/11/05/93/83/zhpdia11.png&key=cd2bcbee7ecda71a202f64af97b2896faaf1bddc4af00b80af5b456d12007af6" alt="zhpdia11.png" />
Segue:
~ Relatório do ZHPDiag v2014.7.19.106 - Nicolas Coolman (19/07/2014)
~ Iniciado por Soraya (21/07/2014 15:21:11)
~ Endereço do Website : http://nicolascoolman.fr
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 30.0 (Defaut)
GCIE: Google Chrome
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
AVG 2014 v2014.0.4716
Windows Defender W7 (Deactivate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: x86 Family 20 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1788 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 128 GB (71%) free of 180 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LOURENÇO-PC
~ User Name: Soraya
~ All Users Names: Soraya, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Soraya\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Soraya\AppData\Roaming\
~ %Desktop% : C:\Users\Soraya\Desktop\
~ %Favorites% : C:\Users\Soraya\Favorites\
~ %LocalAppData% : C:\Users\Soraya\AppData\Local\
~ %StartMenu% : C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 128 Go of 180 Go)
D: Hard drive, Flash drive, Thumb drive (Free 253 Go of 268 Go)
E: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/35
~ Mes musiques (My Musics) : 43/483
~ Mes Videos (My Videos) : 1/17
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 2/405
~ Mon Bureau (My Desktop) : 2/2132
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 05s
---\\ Processos lançados
[MD5.41ADF70111483C1E5E81EE4E8F0B0D57] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe [846864] [PID.376]
[MD5.78BC21F8BB27A68895377070B727B8E2] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe [642576] [PID.428]
[MD5.3701779057885787AF031936EF56538E] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [527928] [PID.1020]
[MD5.AAE19C2290142740658B1A35CB96B836] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [176128] [PID.1212]
[MD5.B55C1AAA555EB05BA5F990227217D47F] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [401408] [PID.1676]
[MD5.6F44F5C0BC6B210FE5F5A1C8D899AD0A] - (.Microsoft Corporation - Windows Wireless LAN 802.11 Extensibility F.) -- C:\Windows\system32\WLANExt.exe [77312] [PID.1856]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.932]
[MD5.20B2C28E3914C6837B30D44D31D2A294] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488] [PID.1056]
[MD5.13BB5F8819F90CE30A967FD94823E21B] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328] [PID.1236]
[MD5.EFCBB730C49B957D4FE973F3F6085217] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [660768] [PID.1596]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2168]
[MD5.F12A68ED55053940CADD59CA5E3468DD] - (.No owner - RichVideo Module.) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904] [PID.2228]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2504]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2704]
[MD5.D8DB2DA1AD3C96D2A9898068F309EB57] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe [838672] [PID.3096]
[MD5.77505EFF423AFD7A2B41C0EFF919C935] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe [656912] [PID.3108]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3528]
[MD5.65533F93E9FDEB73D0C1397EAAC3F351] - (...) -- C:\Program Files\Oi\Programmer\OiVeloxCheck.exe [614400] [PID.1412]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512] [PID.1896]
[MD5.A8B68D4A0B815294819E2647D54A7686] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [5179408] [PID.828]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2776]
[MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3212][MD5.B8C44BF5A86B4662458F4AA8F901C94B] - (.Samsung Electronics - Samsung Update Plus Background.) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2782064] [PID.2440]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [507264] [PID.3688]---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\prefs.js
C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\user.js
P2 - FPN: [HKLM] [@raidcall.en/RCplugin] - (.Raidcall - Raidcall plugin.) -- C:\Users\Soraya\AppData\Roaming\raidcall\plugins\nprcplugin.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Soraya\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 30 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [OiVelox] . (...) -- C:\Program Files\Oi\Programmer\OiVeloxCheck.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Program Files\Hewlett-Packard\Smart Print\SmartPrint.ico
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{407B34B5-EE4D-482E-A4FA-5DF976D3A190}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFED9CB2-4AA8-4976-BCA7-CD8B46DA9FEB}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{407B34B5-EE4D-482E-A4FA-5DF976D3A190}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{EFED9CB2-4AA8-4976-BCA7-CD8B46DA9FEB}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{407B34B5-EE4D-482E-A4FA-5DF976D3A190}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{EFED9CB2-4AA8-4976-BCA7-CD8B46DA9FEB}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) . (...) - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (.not file.)
~ Services: 9 Legitimates Filtered in 00mn 18s
---\\ Tarefas planificadas automaticamente (039)
[MD5.5C7686EBAA8F27437C6F2C33F08768F5] [APT] [Windows Codec Update Service] (.MediaCodec.Org.) -- C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [258048]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 06s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 87 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\Pando Networks]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Pando Networks]
[HKLM\Software\RCBR]
[HKLM\Software\sXe_Injected]
~ Key Software: 213 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/07/2014 - 14:10:27 - [] -SH-D C:\Program Files\f3
O43 - CFD: 21/01/2014 - 17:40:38 - [] ----D C:\Program Files\Oi
O43 - CFD: 09/08/2013 - 11:19:54 - [] ----D C:\Program Files\Subway Surfers
O43 - CFD: 23/07/2012 - 12:35:17 - [] ----D C:\ProgramData\Oi
O43 - CFD: 23/02/2014 - 15:21:32 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 21/07/2014 - 14:57:01 - [0] -SH-D C:\Users\Soraya\AppData\Roaming\ecad
O43 - CFD: 23/02/2014 - 02:22:11 - [] ----D C:\Users\Soraya\AppData\Roaming\rcru
O43 - CFD: 14/08/2012 - 18:01:18 - [] ----D C:\Users\Soraya\AppData\Roaming\{90140011-0066-0416-0000-0000000FF1CE}
~ Program Folder: 230 Legitimates Filtered in 00mn 02s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoControlPanel"=
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
O56 - MWPE:[HKCU\...\policies\Explorer] - "NofolderOptions"=
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/10/2008 - 16:19:38 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\cmnsusbser.sys [103424]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:12/11/2010 - 19:24:00 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [116008]
O58 - SDL:06/05/2014 - 15:04:04 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:19/06/2014 - 19:16:59 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:01/03/2014 - 17:43:15 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:26/10/2011 - 21:18:54 ---A- . (.Windows ® 2003 DDK 3790 provider - Generic Port I/O for Win32.) -- C:\Windows\System32\Drivers\rtport.sys [15656]
O58 - SDL:22/01/2014 - 08:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [88576]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 100 Legitimates Filtered in 00mn 06s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 06/05/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 119 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.AL", 2); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.aflt", "irmsd0202ff"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyDtFtCy[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.cr", "1379947705"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.dfltLng", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.dfltSrch", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.dnsErr", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.excTlbr", false); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.hmpg", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.hmpgUrl", "[http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz](http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz)[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.id", "E0CA9478F907ECD5"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.instlDay", "16124"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.instlRef", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.newTabUrl", "[http://start.mysearchdial.com/?f=2&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyB](http://start.mysearchdial.com/?f=2&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyB)[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.prdct", "mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.tlbrId", "base"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.tlbrSrchUrl", "[http://start.mysearchdial.com/?f=3&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE](http://start.mysearchdial.com/?f=3&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE)[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.vrsn", "1.8.21.0"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.vrsni", "1.8.21.0"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial_i.hmpg", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial_i.newTab", false); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial_i.smplGrp", "none"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:16:35"); =>Adware.MyWebSearch---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [sPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.EECD181357EEBCCD1C414D89B4D9078D] [sPRF][12/07/2013] (...) -- C:\Users\Soraya\AppData\Roaming\unins000.dat [12795]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [sPRF][12/07/2013] (.No owner - Setup/Uninstall.) -- C:\Users\Soraya\AppData\Roaming\unins000.exe [720082]
[MD5.B653DD91D5D6E519D3357A80A15A5DFB] [sPRF][21/07/2014] (...) -- C:\Users\Soraya\Desktop\AdwCleaner.exe [1354223]
~ Files: 5 Legitimates Filtered in 00mn 01s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 28/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe---\\ Scâner Aditional (088)
Database Version : 13026 - (19/07/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch---\\ Informações complémentaires do módulos
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ =>.Browser Helper Objects do navegador (02)
~ =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
=>Adware.MyWebSearch
~ MSI: 1 link(s) detected in 00mn 00s
~ 950 Legitimates filtered by white list
End of the scan (529 lines in 04mn 46s)(0)
:seta: Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Soraya at 21/07/2014 15:53:43
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (Cancelado pelo utilizador)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
========== Valores do Registo ==========
ELIMINÉ RunValue: fab
========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.AL", 2);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.aflt", "irmsd0202ff");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.cr", "1379947705");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.dfltLng", "");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.dfltSrch", true);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.dnsErr", true);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.excTlbr", false);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.hmpg", true);ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.id", "E0CA9478F907ECD5");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.instlDay", "16124");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.instlRef", "");ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.prdct", "mysearchdial");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.tlbrId", "base");ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.hmpg", true);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.newTab", false);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.smplGrp", "none");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:16:35");========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (7) (2.857.747 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
3 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
2 : Ficheiros
26 : Preferências do navegador
1 : Restauração Sistema
End of clean in 04mn 11s
========== Caminho do ficheiro do relatório ==========
C:\Users\Soraya\AppData\Roaming\ZHP\ZHPFix[R1].txt - 21/07/2014 14:58:26 [9359]
C:\Users\Soraya\AppData\Roaming\ZHP\ZHPFix[R2].txt - 21/07/2014 15:57:14 [3456]
Tente agora executar o Adwcleaner seguindo o tutorial abaixo e veja se é possível e poste o relatório dele se for possível:
http://www.caixadedicas.com/2013/01/remova-adwares-e-toolbars-maliciosas.html
Continua fechando. Não consigo fazer funcionar.
Desative temporariamente seu antivírus para evitar conflitos.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
http://www.hijackthis.nl/smeenk/
:seta: Para executá-lo corretamente siga as dicas deste tutorial:
Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
Boa tarde, Max!
Baixei o programa. Foi difícil de conseguir abrir. Mas por fim consegui.
Segue o log
Zoek.exe v5.0.0.0 Updated 19-07-2014
Tool run by Soraya on 22/07/2014 at 9:05:07,52.
Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Soraya\Desktop\zoek.exe [scan all users] [script inserted]
==== Older Logs ======================
C:\zoek-results2014-07-22-120350.log 488 bytes
==== System Restore Info ======================
22/07/2014 09:06:13 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com.br/");
user_pref("keyword.URL", "http://br.yhs4.search.yahoo.com/yhs/search");
Added to C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);ProfilePath: C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default
---- Lines mysearchdial removed from prefs.js ----
user_pref("extensions.mysearchdial.aflt", "irmsd0202ff");
user_pref("extensions.mysearchdial.AL", 2);
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");user_pref("extensions.mysearchdial.cr", "1379947705");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hmpg", true);user_pref("extensions.mysearchdial.id", "E0CA9478F907ECD5");
user_pref("extensions.mysearchdial.instlDay", "16124");
user_pref("extensions.mysearchdial.instlRef", "");user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:16:35");user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1379947705&ir=");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial_i.newTab", false);user_pref("extensions.mysearchdial.id", "E0CA9478F907ECD5");
user_pref("extensions.mysearchdial.instlDay", "16124");
user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:16:35");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.aflt", "irmsd0202ff");
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial.cr", "1379947705");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
user_pref("extensions.mysearchdial.AL", 2);---- Lines CT3072253 removed from prefs.js ----
user_pref("CT3072253.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
---- Lines iminent removed from prefs.js ----
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent100", "1343261960979");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1343251267330");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1343262977540");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1343262977497");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1343262977570");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1343250242640");user_pref("sitefinder.buttonremoved", "1");
user_pref("sitefinder.enable_sf", true);
user_pref("sitefinder.installtime", "1393179622.378");
user_pref("sitefinder.show_button", true);
user_pref("sitefinder@sitefinder.com.is_bundle", "true");
user_pref("sitefinder@sitefinder.com.isFirstRun", "false");
user_pref("sitefinder@sitefinder.com.last_version", "");
user_pref("sitefinder@sitefinder.com.piwikSuccessTime", "1393179624.932");user_pref("sitefinder@sitefinder.com.src", "7901");
user_pref("sitefinder@sitefinder.com.user_id", "9037360D-4DF0-4D02-84A6-F73BC382D237");user_pref("id_imbooster4web_v6.cache.tbs_include_xml_006938", "52/22/25/6/112");
user_pref("id_imbooster4web_v6.firstlaunch", "0");
user_pref("id_imbooster4web_v6.guid", "%7BDB1A7BDD-4DE4-555C-3CE1-1C5770F57D36%7D");
user_pref("id_imbooster4web_v6.userId", "%12");
user_pref("id_imbooster4web_v6.Var1", "0");
user_pref("id_imbooster4web_v6.Var10", "0");
user_pref("id_imbooster4web_v6.Var2", "0");
user_pref("id_imbooster4web_v6.Var3", "0");
user_pref("id_imbooster4web_v6.Var4", "0");
user_pref("id_imbooster4web_v6.Var5", "0");
user_pref("id_imbooster4web_v6.Var6", "0");
user_pref("id_imbooster4web_v6.Var7", "0");
user_pref("id_imbooster4web_v6.Var8", "0");
user_pref("id_imbooster4web_v6.Var9", "0");
user_pref("id_imbooster4web_v6_installed_version", "1.0.1018.0");user_072014_0933_.backup
prefs_072014_0933_.backup
==== Deleting Files \ Folders ======================
C:\Users\Soraya\daemonprocess.txt deleted
C:\Users\Soraya\.android deleted
C:\Users\Soraya\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\Avg_Update_0414b deleted
C:\PROGRA~2\AVG Security Toolbar deleted
C:\PROGRA~2\QuickSet deleted
C:\Users\Soraya\AppData\Local\CRE deleted
C:\Users\Soraya\AppData\Local\Mobogenie deleted
C:\Users\Soraya\AppData\Local\cache deleted
C:\Users\Soraya\Searches deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\System32\sho12A5.tmp deleted
C:\Windows\System32\sho188E.tmp deleted
C:\Windows\System32\sho2840.tmp deleted
C:\Windows\System32\sho39D6.tmp deleted
C:\Windows\System32\sho420D.tmp deleted
C:\Windows\System32\sho486C.tmp deleted
C:\Windows\System32\sho5446.tmp deleted
C:\Windows\System32\sho553A.tmp deleted
C:\Windows\System32\sho63A5.tmp deleted
C:\Windows\System32\shoA55.tmp deleted
C:\Windows\System32\shoA8EF.tmp deleted
C:\Windows\System32\shoBA95.tmp deleted
C:\Windows\System32\shoCB53.tmp deleted
C:\Windows\System32\shoFEED.tmp deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Users\Soraya\Documents\Mobogenie deleted
C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\CT3072253 deleted
C:\Users\Soraya\AppData\Roaming\unins000.exe deleted
"C:\Windows\Installer\37b312a.msi" deleted
"C:\Users\Soraya\AppData\Roaming\ecad" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [09/09/2013 22:36]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Soraya\AppData\Local\GAS Tecnologia\GBBD\bb\sf.xpi" [12/07/2013 23:40]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default
AppDir: C:\Program Files\Mozilla Firefox
==== Firefox Plugins ======================
Profilepath: C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
3A9E1940B4459CC97FDCBB24FCB69004 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)
0FCEAA7D12B7B0BA825E5C770B1DCA48 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
84A176D49D40379AEDF123008E27BA33 - C:\Users\Soraya\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin
01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
DF75FC32D3EB681B6FE7C092D6FC4695 - C:\Users\Soraya\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
65FB4909BD29CAAA81FDC69AD21BB905 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)
01F0264937036BD962563F1ADF35CE72 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eoccbpoodnckjdnackiffhjfkogfhnhh - C:\Program Files\VDownloader\Addons\Chrome.crx[]
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
YouTube - Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast WebRep - Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
New Tab Redirect - Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
Gmail - Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage-journal deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_servedby-br.dealply.com_0.localstorage deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_servedby-br.dealply.com_0.localstorage-journal deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.sweetim.com_0.localstorage deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.sweetim.com_0.localstorage-journal deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
"Backup.Old.Start Page"="http://www.google.com"
"Search Page"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://find.localstrike.net/"
"Default_Page_URL"="http://find.localstrike.net/"
"Default_Search_URL"="http://find.localstrike.net/"
"Search Page"="http://find.localstrike.net/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://find.localstrike.net"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="${searchCLSID}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchCLSID}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com.br/"
"Backup.Old.Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{4DF1E8FD-FBA0-36E8-4176-40D549A35E8E} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
==== Reset Google Chrome ======================
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1980178241-1392328930-356032191-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4DF1E8FD-FBA0-36E8-4176-40D549A35E8E} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\support@vdownloader.com deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\Soraya\Desktop\DL.lnk - D:\DL
C:\Users\Soraya\Desktop\Media Player Classic.lnk - C:\Program Files\Essentials Codec Pack\MPC\mpc-hc.exe
C:\Users\Soraya\Desktop\MsPaint.lnk - C:\Windows\System32\mspaint.exe
C:\Users\Soraya\Desktop\Oi Velox.lnk - C:\Program Files\Oi\Programmer\OiVelox.exe
C:\Users\Soraya\Desktop\StarterBackgroundChanger.lnk - C:\Program Files\StarterBackgroundChanger\StarterBackgroundChanger.exe
C:\Users\Soraya\Desktop\Windows Defender.lnk - C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\Soraya\Desktop\Windows Live Messenger.lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Soraya\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\Soraya\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
C:\Users\Public\Desktop\Comprar suprimentos - HP Deskjet 2540 series.lnk - C:\Program Files\HP\HP Deskjet 2540 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\GOM Player.lnk - C:\Program Files\GRETECH\GomPlayer\GOM.EXE
C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk - C:\Program Files\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe -Start UDCDevicePage
C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files\HP Photo Creations\PhotoProduct.exe
C:\Users\Public\Desktop\jetAudio.lnk - C:\Program Files\JetAudio\JetAudio.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\RealPlayer.lnk - C:\program files\real\realplayer\RealPlay.exe /launch:desktop
==== shortcuts in Users Start Menu ======================
C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2540 series.lnk - C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Deskjet 2540 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=BR39U1J43605XK;CONNECTION=USB;MONITOR=1;
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk - C:\Program Files\GRETECH\GomPlayer\GOM.EXE
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jetAudio.lnk - C:\Program Files\JetAudio\JetAudio.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70f62c6a7f1739bd\pinned.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,Options_RunDLL 1
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel Starter 2010.lnk - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Excel Starter 2010 9014006604160000"
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Live Messenger.lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word Starter 2010.lnk - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604160000"
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
==== Empty IE Cache ======================
C:\Users\Soraya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Soraya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Soraya\AppData\Local\Mozilla\Firefox\Profiles\d9gpgnfs.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1487 folders=192 112150674 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Soraya\AppData\Local\temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Soraya\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 22/07/2014 at 13:16:48,43 ======================
No aguardo
Tente novamente, por gentileza, executar o AdwCleaner e veja se é possível. Se não tiver como, me avise.
Consegui reinstalar o AVG 2014. E o atualizei.
Consegui rodar o programa AdwCleaner.
Segue o log:
*** [ Serviços ] ***
*** [ Arquivos / Pastas ] ***
Pasta Deletada : C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
Arquivo Deletada : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\user.js
*** [ Atalhos ] ***
*** [ Registro ] ***
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]
Valor Deletedo : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKLM\Software\AVG Secure Search
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
*** [ Navegadores ] ***
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v31.0 (x86 pt-BR)
[ Arquivo : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\prefs.js ]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [281 octets] - [21/07/2014 16:53:02]
AdwCleaner[R1].txt - [3845 octets] - [22/07/2014 13:57:36]
AdwCleaner[R2].txt - [3570 octets] - [22/07/2014 14:06:50]
AdwCleaner[s0].txt - [3893 octets] - [22/07/2014 14:03:16]
AdwCleaner[s1].txt - [3434 octets] - [22/07/2014 14:09:24]
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [3494 octets] ##########
Consegui reinstalar o AVG 2014. E o atualizei.
Que bom! aproveite e faça uma verificação completa com ele e remova os vírus que ele encontrar.
________________________________________________________________________
Depois disto baixe o programa Junkware Removal Tool no link abaixo:
http://thisisudax.org/downloads/JRT.exe
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
Tutorial do Junkware Removal Tool
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
5 vírus encontrados com o AVG.
Log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by Soraya on 22/07/2014 at 15:20:25,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1980178241-1392328930-356032191-1000\Software\sweetim
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Soraya\AppData\Roaming\mozilla\firefox\profiles\d9gpgnfs.default\minidumps [882 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/07/2014 at 15:27:37,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5 vírus encontrados com o AVG.
Você removeu estes vírus que ele encontrou para a quarentena dele? Caso não tenha removido, remova.
_______________________________________________________________
:seta: Faça também uma limpeza com o Malwarebytes seguindo as dicas da postagem abaixo:
Tutorial do Malwarebytes Anti-Malware
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Ficamos no aguardo.
Acho que o AVG já manda direto pra quarenta. Devo excluir os arquivos em quarentena?
Segue o log:
Malwarebytes Anti-Malware
www.malwarebytes.org
Data de Verificação: 22/07/2014
Hora da Verificação: 16:07:45
Logfile: soraya2.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.07.22.08
Rootkit Database: v2014.07.17.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado
OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Soraya
Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 416553
Tempo Decorrido: 2 hr, 41 min, 31 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 0
(No malicious items detected)
Módulos: 0
(No malicious items detected)
Chaves de Registro: 3
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\defdhglnppeioeflggkmglipcecffkhk, Quarantined, [b2de0e947902989ee008e63e54b01be5],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, Quarantined, [0e82158de09b6fc7f6933b98639fac54],
PUP.Optional.DealPly.A, HKU\S-1-5-21-1980178241-1392328930-356032191-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, Quarantined, [761a534f2f4cc5714c3ecb08cc3639c7],
Valores de Registro: 1
Hijack.FolderOptions, HKU\S-1-5-21-1980178241-1392328930-356032191-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NofolderOptions, 1, Quarantined, [deb210920e6d0531d0360758db28d828]
Dados do Registro: 5
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[95fb5a48f9827abc996fe0c9e61ef709]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[fb952f73d7a457dfe81eddcc5ba9cd33]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[d8b8851d8cefc37367a04267768e41bf]
PUM.Hijack.HomePageControl, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),Replaced,[e9a76b37fd7e8da98408bced30d4f50b]
Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced,[434d2280196231059535b3f8ea1abb45]
Pastas: 0
(No malicious items detected)
Arquivos: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Deixa os vírus na quarentena do Avg mesmo.
___________________________________________
Desative temporariamente seu antivirus para evitar conflitos.
Baixe < Shortcut_Module > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: /applications/core/interface/imageproxy/imageproxy.php?img=http://www.telecharger.sosvirus.net/wp-content/plugins/wpdm-download-button/images/530637d6efc63.png&key=21ce1720edee13c53fa7ba946a586ee208b691686f77c1248daec3f232aeee1b" alt="530637d6efc63.png" />
Execute-o da forma indicada nesta postagem:
Desinfecte atalhos infectados e exclua adwares com a ferramenta Shortcut_Module
Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Shortcut_Module_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).
Oi Soraya.
Faça o download do < ZHPDiag > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" />> ( ... de Nicolas Coolman )
Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:
/applications/core/interface/imageproxy/imageproxy.php?img=http://i60.tinypic.com/2aa105k.jpg&key=659975b6a4293f840e4a650a3c991254f7af1289074773c9a48692c9533e270a" alt="2aa105k.jpg" />
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.