[Resolvido] &nbspProblemas desconhecidos.

[alvotarget 0]

Bom, hj ao efetuar uma compra na internet percebi que nao havia chego confirmação do pedido e demorou muito, olhei na fatura do cartao e ja havia 800 dolares pendentes para abril, fui bloquear o cartão e ja haviam sacado 1440 reais no Peru. Peço ajuda pois além de ter o cartão clonado nao sei se há programar espioes em meu notebook.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:12:16, on 30/03/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\EPSON\MyEpson Portal\mep.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Simone\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\HiJackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD2500BEVT-75ZCT2_WD-WXEX08CH4444H4444&ts=1360767566
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD2500BEVT-75ZCT2_WD-WXEX08CH4444H4444&ts=1360767566
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD2500BEVT-75ZCT2_WD-WXEX08CH4444H4444&ts=1360767566
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe
O4 - HKCU\..\Run: [EPSON L200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGUL.EXE /FU "C:\Windows\TEMP\E_SCE37.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Simone\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate1ca4821d5da61e0) (gupdate1ca4821d5da61e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MyEpson Portal Service - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\MyEpson Portal\mepService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10411 bytes

[DigRam 144]

Boa Noite! alvotarget

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como
|- Ps: Dê início ao scan,clicando em "Remover". < >



|- Ao concluir,poste o relatório: C:\AdwCleaner [s1].txt

-/-

|- Baixe: < > ( ... de Thisisu )
|- Salve-o no desktop!
|- Para Windows 7,clique direito em JRT.exe e execute-o como
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

-/-

|- Baixe: < > ( ... par Nicolas Coolman )

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Caso utilize o Avast,estabeleça esta configuração à SandBox.
|- Para Windows Vista ou 7,clique direito e execute o arquivo como
|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!



|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix



|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

|- Ou acesse:

|- Ou acesse:

|- Maiores informações: < |Link| >

A+

[alvotarget 0]

# AdwCleaner v2.115 - Relatório criado em 31/03/2013 às 16:07:54
# Atualizado em 17/03/2013 por Xplode
# Sistema Operacional : Windows Vista Home Basic Service Pack 2 (32 bits)
# Usuário : Simone - SIMONE-NOTE
# Modo de Boot : Normal
# Executado de : C:\Users\Simone\Desktop\adwcleaner.exe
# Opção [Remover]


***** [serviços] *****


***** [Arquivos/Pastas] *****

Arquivo Désinfected : C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Arquivo Désinfected : C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Arquivo Removido : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Pasta Removido : C:\Users\Simone\AppData\Local\OpenCandy

***** [Registro] *****

Chave Removida : HKCU\Software\APN PIP
Chave Removida : HKCU\Software\AskSearchAsst
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask.com Search Assistant
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Desk 365
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Chave Removida : HKLM\Software\Orbit\OpenCandy
Chave Removida : HKLM\Software\PIP

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16470

Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD2500BEVT-75ZCT2_WD-WXEX08CH4444H4444&ts=1360767566 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD2500BEVT-75ZCT2_WD-WXEX08CH4444H4444&ts=1360767566 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD2500BEVT-75ZCT2_WD-WXEX08CH4444H4444&ts=1360767566 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD2500BEVT-75ZCT2_WD-WXEX08CH4444H4444&ts=1360767566 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (pt-BR)

Arquivo : C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\0lc0zszy.default\prefs.js

C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\0lc0zszy.default\user.js ... Removido !

Removida : user_pref("browser.search.defaultenginename", "22find");
Removida : user_pref("browser.search.order.1", "22find");

-\\ Google Chrome v20.0.1132.47

Arquivo : C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Preferences

Removida [l.18] : urls_to_restore_on_startup = [ "hxxp://www.22find.com/?utm_source=b&utm_medium=cor&from=co[...]
Removida [l.425] : urls_to_restore_on_startup = [ "hxxp://www.22find.com/?utm_source=b&utm_medium=cor&from=cor&u[...]

*************************

AdwCleaner[s1].txt - [3538 octets] - [31/03/2013 16:07:54]

########## EOF - C:\AdwCleaner[s1].txt - [3598 octets] ##########

[DigRam 144]

Boa Tarde! alvotarget

|- Clique com o botão direito do mouse no atalho do IE,caso o abra utilizando esse ícone.
|- Selecione: "Propriedades"
|- Na aba "Atalho", na lacuna ao lado de Destino,coloque com aspas:

"C:\Program Files\Internet Explorer\iexplore.exe"

|- Clique "Aplicar" -> OK.

"C:\Program Files\Internet Explorer\iexplore.exe""xxxxx...xx"

|- Ou remova as informações "xxxxx...xx",após ...\iexplore.exe"

http://imgbox.com/acoBcfrx'>

|- Ps: Procure deixar,conforme a screenshot.
|- Não esqueça de postar o relatório da ferramenta JRT e ZHPDiag_silent.

A+

[alvotarget 0]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.8 (03.31.2013:1)
OS: Windows Vista Home Basic x86
Ran by Simone on 31/03/2013 at 16:18:46,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup



~~~ Files

Successfully deleted: [File] "C:\Users\Public\Desktop\play more great games!.url"
Successfully repaired: [shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Successfully repaired: [shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{FF68DDAE-AB0F-4122-961A-C60F16220A24}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{FF494434-780F-45BE-A3B3-7FEC4869B8F9}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{FF0F984A-D5DE-4D3F-9528-7046C631B0B2}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{FBB5315B-F651-4292-8B19-764B852D810F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{FB095AD8-1C2B-4184-B949-3A4A4FA7A9A4}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F4A2E7F6-874C-43AC-ADD0-371C97E676DE}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F3253676-AAC1-4EEE-B951-4907816E9039}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F1A48893-0011-42C4-8EB4-82F2A28C1D60}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{F0284D2A-B98B-479A-98C7-AFA3B395929F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EF8EF9A6-DD90-4815-A086-DB82141CB0FC}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EEB97E7A-2505-4E8A-BC6E-66177F41F6DC}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{EAB6B251-2FD5-4601-A126-7AA49E61B0FB}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E43EC9E9-C5A7-4202-B2E5-A7DF46BCA130}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E248D5BD-7BE3-4C54-AA3A-0BC4A8841D89}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E1A3C9C3-EE64-4462-A9E4-98F8264CDEE1}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E0611E8F-7926-4A1F-A891-8B8BBAF4A3E5}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{E0152F39-24BD-4A67-881F-9C228C84C414}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{DFB1BC23-A4A5-4178-B92A-E24EDA15B555}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{DF29AEEA-CD3C-4EF9-A83F-FF460C5F25C6}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D9C393D0-5300-43AE-BBF4-985B061D8016}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D66636DA-2AF5-4981-8934-EEA6D119DE74}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D41F5499-E365-46A7-8BDB-84A2B45CCA50}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D30F8039-7A1C-4E85-87F0-267713ADFF67}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{D1A88679-4071-467C-AA1D-4B2BAC968809}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{CE786CF8-0BC8-42FF-A33D-F29D94B185B8}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{CE18EF82-C713-444A-88AC-18B16DFB14A3}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{CD9A906C-9A73-4EAD-B052-13C66BBB47BD}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C9E7C459-4982-4739-9CF6-498D4B6E1426}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C7B48C26-FED7-4884-BD09-FEC037503795}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C690AD6B-A4E0-4FE0-8FE4-54D03025E71F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C6749090-5D8F-431D-B75A-6DEB709E730E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C2338492-E988-49E9-9199-834B446632C7}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{C15BAB89-5F21-4085-9A75-986D7695EE79}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B8B3910D-3D26-418A-8CE6-1CF371168B3D}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B8550CFC-ADC3-48D5-B704-230B3A4A211E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B780966C-A4F4-495B-A53B-F3C6574CECDD}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B3398A7D-9F8A-400A-AB73-357FA0098472}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B245E58B-253C-45FA-95D1-06F5F9175BA3}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B1ECF06B-7070-4155-868F-CBB3BDAB9B96}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B1D488D4-D7BF-47DA-80FE-6D251F9CD71A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B1C6A433-2D10-4721-97FE-5A42724079AF}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B1645798-9FE5-44CD-9D59-11BEA6B5B134}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{B01FB004-446D-493B-87BB-612CA0FEA12C}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AF700F8E-A746-435B-83B5-3F664BF34518}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AF55DD98-D16B-44E8-AA70-615D4A3B7E66}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AF18CE00-B484-41FB-ACF6-806296679D9C}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AE1CCF27-306C-4F49-B48A-8A3958F6EF06}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AD52CC0C-8C7D-455C-AC51-564210B4B72D}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{ACED0D0E-DE52-4736-8FF1-672DBCCE5672}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{AADADAFE-C80C-475D-921A-CF1FE3D63475}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A94C7BB5-EDA2-4171-9DB9-B3CB1163FFA2}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A1E771B2-2722-4C11-ABDA-150733725A4D}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A0C11EF1-DC9F-4C48-94A6-1F04A3F06C1D}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A047FAC3-B04D-41E7-8F4D-5D3F1D279ED3}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{A00DC791-A882-496F-B58C-AED1D2664E8C}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9B91A388-A86F-4179-B7A6-2D736BF19AFA}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9B89C5C9-D43B-4873-9917-04969F4006A6}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9A211E73-6600-4640-A66A-C8D35735F699}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{9723C0D9-E932-4A71-BCA8-B81B909E4706}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{932F7957-67CE-4671-B425-3313E3D37D78}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{930B42B0-D392-4DE7-BFD6-179A740A5447}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{92D90F21-3643-49D1-A84C-084760045F0B}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{8F8C98E9-8181-4C64-BD69-7364821E629E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{89A4B115-930D-455E-AE46-BAA91B4DE1F6}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{8905AE22-78F2-41C8-B8D1-411DC3CCA8B4}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{87D2399E-4231-4943-8BF9-468A73D34F3F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{87030905-FADA-43DC-B2DF-C875163C6FED}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{8527A636-9F22-4773-AF51-7BE16F85DD03}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{84B76C5F-818A-462E-AF6F-5EC34E41A8F8}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{8026897A-4A45-4FEF-8D7B-E9E565B991A2}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7F33D9B2-E1BC-460A-96AB-2B431F02EE0A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{74E522C7-1AE5-4546-8DF4-A010C0B25BF6}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{747C6A4C-4C89-4D40-962B-F3DC1D4EADB6}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{7474008A-AE55-408B-B796-276A3DE30718}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{73C130CA-DD72-4148-B096-322D3B41E20B}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{72DE3BA2-E8F8-460D-B0AD-0DC074A3A238}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{71F56116-7060-4BC1-9BF0-59C9A5A276DD}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{70F3B41C-7989-4EE1-9D12-21E039E70CE3}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{70EA2375-FFA5-4D48-B1CB-5061BC166661}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{707C94D2-73EF-4A3A-8809-AB1FC6851B2E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6D8456BD-1168-48BB-AE96-4D5D86759EE5}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6D35EE93-3A5C-4C77-9A6A-FD3E0CED53BE}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6C201D48-7D2B-413D-84C6-BD1A9F4BFF7E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6C08F7D8-50E7-4FEA-9D20-675A42FCFB3F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{6B1CC855-3B25-47E2-9658-05B0B60AA526}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{68F405E1-14CA-4654-A7DB-199B7ED822B2}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{679BDEAB-B7D9-4E00-AD03-0BF6EACF1A93}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{64CB78EC-EFAF-401B-BA66-AEDDFF860EC9}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{60201653-2775-4D9E-9D65-B7AFFC20D586}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5F993536-C860-48E9-9A51-B99AF18D7A0B}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5E9FF0C7-0CE5-4E0C-8F80-C4E9A3D441B5}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5E03935C-91F1-4F75-A8B7-7B95D9CBB116}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5D60515E-7D13-409A-9CE0-BE43907D5A32}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5B29F844-AC34-4988-8BE4-C32E61D1ABE1}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5B132E62-7165-4CE4-A02C-421B2E72CC23}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{56BDFFDB-D831-4839-9606-07BFE592D79E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5579297C-DCF8-4F23-885F-CE3FEA94FEB5}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{534B9BA0-9338-43C4-A79E-48C91C2C8C0E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{52DF5A9B-DA9B-4885-A9AE-9BBCFE41E439}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{5149D7D4-ED7C-4D39-9635-5DB74FD9630E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{4EC7792F-FB09-4D4F-8D97-55304ACE3DD1}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{4DC7DC25-2986-4CEB-8898-2FAF134D1E57}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{4DB75451-1BBB-4968-9D6B-229818F78E4F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{4B1EECB1-8550-404C-8AF7-A95DA48171B3}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{4AEF7A0B-3984-44AE-B563-02DB153CEE0C}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{4A89D738-7619-4A13-8EF6-7A0BF4A018A6}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{4A10A136-D8CE-472C-B506-5865579CF4CB}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{47747BD9-8FDA-448D-B8B9-6B7BF5DED514}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{44A899E6-E5C9-450E-8522-3DF910B600DD}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{402E079D-B076-4589-B3FF-54962954638B}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3FE9C22F-07CC-4B73-9116-9565A8586269}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3D514CE1-363A-4A41-937E-CBDDDD6A65DB}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3CB05962-EC24-4768-8DEA-1A8BEE6E2747}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{3B820215-0169-42A4-8ED7-B4E5FAB82901}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{39D94A09-F04F-4AEB-9E8A-CE61BEAE7F0D}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{38ACC664-9B3E-4AF2-865B-AF30029C44E6}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{37FAB2F7-66F0-4833-A726-C5BDF4210FC1}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{379FF464-0ECB-40A7-BA80-A285D9FE369E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{35ADAFB4-26B6-4216-8DB5-DABB2E66F4B6}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{351FFB0F-87F3-4260-98BF-78A5C039816C}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{345F683C-FEDD-42D9-8F2D-EC3B902D2822}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{342261B8-44C4-41F0-A300-DD23674DE9EE}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{32CBFAB6-E86A-4434-AB18-B7155B4D89F7}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{32966C65-19A8-4B13-A06E-0A4B1D2D3BD2}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{30AA5446-C9AD-41D1-BADF-14EC37BAD37F}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{2FE7A3E2-2314-4088-9C43-60DC93FE71B1}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{2D96BCF3-932F-4AA4-8FF2-C8B6868181D6}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{2AD84D7F-5FBE-4025-98A1-5314E966359A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{2AD22BE7-E4B9-4338-9334-4C582409C7FF}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{2AB33649-855D-43CF-8BE3-AB373AC95CB9}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{288926A5-7090-4373-9C6D-2B290AF5EF61}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{27000E56-47ED-4DCE-88F7-516FF90A671E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{243E630F-D025-4B29-9E3C-13970B6A1C5A}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{20EF63F6-40F9-4289-A087-9183D73337FF}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{20372564-5394-4D0E-A175-726C156F33E5}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1FD3201F-2519-42ED-98D8-5D6E001A71FF}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1E1C7726-20C0-47B2-879E-D6DE834EA221}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1DFA8A6B-2946-4A06-AED1-E54B9A491994}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1B8FBF03-B1BD-484C-84C4-69F71FC18701}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{1B218EEB-6E3E-43D9-B0E9-D79A149D30A3}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{194733D7-D8EE-4AE6-BD63-0769E0FA13FE}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{162E948B-85E2-4748-842C-E1B85CFB004B}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{15A36B1A-14AC-4C93-A3F3-A59F11D99602}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{12E37662-7C86-4F01-8CEF-65072F9A8534}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{11DEA726-1F81-4315-B9B7-222CB97401ED}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0F5B5906-BB15-4A8A-8C5A-007067734EBF}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0E700D06-9D7E-4423-B117-C0FDA7F9D49C}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0C5C1C4B-9C57-48BC-BB30-C3B88E9602A9}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0A68499C-A5E0-4870-92FD-BC2BE6B90D4D}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0A5BB7A1-1500-4808-B55F-854EA71A97A7}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{08E901E3-5E88-473D-91D5-479E1FCD72A1}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{08670186-178F-4C48-AD27-2B0EB44C551D}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{085F1663-FDA3-4E6C-9C19-1115032338A0}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{082C4BCD-C5AA-4BFF-8578-908FBEFDBB6E}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{0565E6D4-F80E-4695-B835-51185CA37F60}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{04476F5B-4867-4B8C-B441-18E728D10ADA}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{03204A85-F1B5-4C50-A3BE-570E008E9E5C}
Successfully deleted: [Empty Folder] C:\Users\Simone\appdata\local\{018F4778-70FC-4B01-837F-269D892B382B}



~~~ FireFox

Emptied folder: C:\Users\Simone\AppData\Roaming\mozilla\firefox\profiles\0lc0zszy.default\minidumps [180 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/03/2013 at 16:24:01,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Desculpe a demora, estava dando erro no final. E uma pergunta oque este programa faz?

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20130331_g13r5z7o13v15

[DigRam 144]

Bom Dia! alvotarget

Desculpe a demora, estava dando erro no final. E uma pergunta oque este programa faz?

http://pjjoint.malek...1_g13r5z7o13v15

|- Trata-se de ferramenta de diagnóstico e Fix por script.

-/-

|- Feche programas/pastas que estejam abertas.
|- Para Windows Vista,desabilite a UAC.



|- Dê um duplo clique em ZHPFix.

|- Clique no menu,H < >

[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.)
[MD5.C3D90887181F94A0F469AF60C06CBAA5] [APT] [ReclaimerUpdateFiles_Simone] (.RealNetworks, Inc..) -- C:\Users\Simone\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe
[MD5.C3D90887181F94A0F469AF60C06CBAA5] [APT] [ReclaimerUpdateXML_Simone] (.RealNetworks, Inc..) -- C:\Users\Simone\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe
[MD5.C3D90887181F94A0F469AF60C06CBAA5] [APT] [RNUpgradeHelperLogonPrompt_Simone] (.RealNetworks, Inc..) -- C:\Users\Simone\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe
[MD5.C3D90887181F94A0F469AF60C06CBAA5] [APT] [RNUpgradeHelperResumePrompt_Simone] (.RealNetworks, Inc..) -- C:\Users\Simone\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} Orphean Key
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key
O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} Orphean Key
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) -- (.not file.)
O43 - CFD: 19/11/2011 - 19:17:59 - [19,902] ----D C:\Program Files\PopCap Games => Infection BT (Adware.PopCap)
O43 - CFD: 19/11/2012 - 14:22:17 - [126,488] ----D C:\ProgramData\PopCap Games => Infection BT (Adware.PopCap)
O43 - CFD: 06/10/2009 - 11:22:03 - [0] ----D C:\Users\Simone\AppData\Local\Dados de aplicativos
O43 - CFD: 06/10/2009 - 11:22:03 - [0] ----D C:\Users\Simone\AppData\Local\Histórico
O43 - CFD: 28/11/2010 - 13:05:53 - [0] ----D C:\Users\Simone\AppData\Local\Wings of Prey
O51 - MPSK:{57703ca5-14b7-11e2-86c0-002269c0882d}\AutoRun\command. (...) -- G:\KODAK_Software_Downloader.exe (.not file.)
O51 - MPSK:{f6429361-f9e3-11de-95a7-002269c0882d}\AutoRun\command - Orphean Key

C:\Program Files\PopCap Games => Infection BT (Adware.PopCap)
C:\ProgramData\PopCap Games => Infection BT (Adware.PopCap)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games => Infection BT (Adware.PopCap)

[HKCU\Software\PopCap] => Infection BT (Adware.PopCap)
[HKLM\Software\PopCap] => Infection BT (Adware.PopCap)

emptyclsid
emptytemp
emptyflash
firewallraz
proxyfix

|- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix.
|- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote.
|- Clique "GO" -> Oui.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

A+

[alvotarget 0]

Desativei o UAC, fechei os programas mas nao aparece o H no menu do ZHPFix.

[DigRam 144]

Desativei o UAC, fechei os programas mas nao aparece o H no menu do ZHPFix.

Boa Tarde! alvotarget

 

|- Copie as informações que estão em vermelho,para o Bloco de Notas. Ou selecione as informações e clique "Copiar". ( Ctrl + C )

 

 

|- Abra ZHPFix e clique no menu,"Paste ClipBoard".

 

http://imgbox.com/acerMAbC'>

 

|- Clique "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

A+

[alvotarget 0]

Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012
Fichier d'export Registre :
Run by Simone at 01/04/2013 22:43:11
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://nicolascoolman.skyrock.com/



========== Memory Process ==========
DELETED Memory Process: C:\Users\Simone\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe

========== Registry Key ==========
DELETED Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
DELETED Key: CLSID BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
DELETED Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
DELETED Key: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}
DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003}
DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}
DELETED CLSID MPSK: {57703ca5-14b7-11e2-86c0-002269c0882d}
DELETED CLSID MPSK: {f6429361-f9e3-11de-95a7-002269c0882d}
DELETED Key: HKCU\Software\PopCap
DELETED Key: HKLM\Software\PopCap

========== Registry Value ==========
DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (None) : {8EF45C81-276B-41F4-92CF-954519952ADD}
DELETED FirewallRaz (Domain) : {CF47E631-1993-427A-A6B0-FD6B3A10B3DE}
DELETED FirewallRaz (Domain) : {6E2FF3F5-D92B-4C8D-B30D-A4DDDC84F795}
DELETED FirewallRaz (Public) : {5EA2EDF6-B44C-4A04-8BF9-2E441894C895}
DELETED FirewallRaz (Public) : {20FA8B5D-90E6-442B-A270-F627A0F262DF}
DELETED FirewallRaz (Domain) : {6BFBDCF2-EAEB-4D94-887D-31C7EB0A5E75}
DELETED FirewallRaz (Domain) : {F1681813-AFF3-47DD-B581-3E69BAA304A2}
DELETED FirewallRaz (Domain) : {83D2167B-CB66-41D8-99E3-223D3C44E327}
DELETED FirewallRaz (Domain) : {86851BE7-3DE1-4374-82C3-87320A018444}
DELETED FirewallRaz (Public) : {6AAD8177-0E42-4E60-97DC-7057FF0B49E3}
DELETED FirewallRaz (Public) : {21270B05-955B-4D6A-B64B-D09AF003D833}
DELETED FirewallRaz (Public) : {F000067E-122A-4E3E-9955-22DC021E5101}
DELETED FirewallRaz (Public) : {59CA29C9-DD37-4B84-9026-39C0513F23E3}
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value

========== Repertory ==========
DELETED Window Temporary:
DELETED Flash Cookies:

========== File ==========
DELETED File*: c:\users\simone\appdata\roaming\real\update\upgradehelper\realplayer\10.40\agent\rnupgagent.exe
NOT FOUND Folder/File: c:\users\simone\appdata\roaming\real\update\upgradehelper\realplayer\10.40\agent\rnupgagent.exe
NOT FOUND Folder/File: c:\program files\popcap games
NOT FOUND Folder/File: c:\programdata\popcap games
DELETED Window Temporary:
DELETED Flash Cookies:

========== Task ==========
DELETED Task: RunAsStdUser
NOT FOUND Task: ReclaimerUpdateFiles_Simone
NOT FOUND Task: ReclaimerUpdateXML_Simone
NOT FOUND Task: RNUpgradeHelperLogonPrompt_Simone
DELETED Task: RNUpgradeHelperResumePrompt_Simone


========== Summary ==========
1 : Memory Process
11 : Registry Key
21 : Registry Value
2 : Repertory
6 : File
5 : Task


End of clean in 01mn 19s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 01/04/2013 22:43:11 [3295]

[DigRam 144]

Bom Dia! alvotarget

|- Desinstale: C:\Program Files\IObit\Advanced SystemCare 6 <<

-/-

|- Ative,novamente,a UAC.

< http://secsecurity.forumbrasil.net/t75-comodo-icedragon-by-comodocom'>Comodo IceDragon >

|- Ps: Já leu estas informações? Creio ser importante,já que utilizas online banking ou compras online e uso do cartão de crédito.

-/-

|- Baixe: < BankerFix 3.1 >
|- Salve-o diretamente no disco local! ( C ;D ; ... )
|- Desabilite,temporariamente,o seu antivírus.
|- Ps: Após baixar o BankerFix,não execute-o na primeira vez em que aparecer na tela.



|- Feche a janela e abra-a,novamente,à partir do arquivo "Iniciar-BankerFix.vbs".
|- Ps: Esse arquivo ( .vbs ),fica na pasta: C:\LinhaDefensiva
|- A janela do BankerFix 3.1,abrir-se-á com a seguinte pergunta: "Instalar o Bankerfix 3.1?"
|- Clique em Sim!
|- Uma janela informando que o BankerFix 3.1 será baixado,via internet,abrir-se-á.
|- Clique OK -> Aguarde!
|- Na próxima janela,clique em OK.
|- O BankerFix 3.1 será iniciado!
|- Pressione qualquer tecla,para dar continuidade ao processo. <- Aguarde!
|- Terminado o scan,leia a mensagem na tela e aperte Enter.
|- Habilite o seu anti-vírus.
|- Retorne com o relatório do BankerFix,que estará em: C:\LinhaDefensiva\relatorio.txt

-/-

|- Baixe: < > ( ... by sUBs )
|- Salve-o no desktop! ( Área de trabalho! )
|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )
|- Feche algum programa/arquivo que esteja aberto.
|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )
|- Ps: Esteja conectado(a) à Internet. <- Importante!
|- É preciso estar logado no sistema com privilégios de administrador.
|- Execute ComboFix.exe,com um duplo clique.
|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!
|- Ps: Ficará,portanto,à seu critério optar por sua instalação.



|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.
|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.
|- Abrir-se-á a janela Auto Scan.



|- Aguarde a finalização de todas as Etapas.
|- Durante o scan,evite utilizar o mouse ou teclado!
|- Concluindo,poste: C:\ComboFix.txt

"Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."

|- Ao ocorrer este erro,basta reiniciar o computador!
|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."

A+

[alvotarget 0]

BankerFix 3.5 VALKYRIE - Removedor de Bankers
Linha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2013-04-02 - 11:29
-------------------------------------------------------
Lista de Definição: 2012-08-22-1 | CORE: 2012-08-22-6
=======================================================

Arquivo infectado detectado: C:\Install.exe
Arquivo infectado removido com sucesso!



----- Fim -------------------------

[DigRam 144]

Olá! alvotarget

 

|- Poste,à seguir,o relatório do ComboFix e responda a pergunta sobre a utilização do Comodo IceDragon.

 

Abs!

[alvotarget 0]

Boa tarde!!

O combofix acho que não deu certo, em um momento do scan apareceu uma janela dizendo para fechar o programa, cliquei em fechar mas ele continuou a varredura, reiniciou e deu o relatorio no final, após isso reiniciei e entrei no modo seguro com rede, mas não tive privilégio para executar.

Já baixei o comodo icedragon mas não instalei ainda e estou pensando em comprar o CISC. Vale a pena ou existe outro melhor que o CISC?

 

""Agora vendo melhor o relatorio nao foi gerado, procurei no C:\ e não existe o combofix.txt tem um outro arquivo com o nome combofix que mostra unidades de disco e hardware.""

[DigRam 144]

Olá! alvotarget

 

|- A vantagem do CISC é sua integração ao IceDragon,ao permitir navegar virtualmente tendo o navegador isolado de contaminações. Alem de possuir Firewall e suporte da Comodo ao produto.

 

-/-

 

|- Baixe: |http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/9-delfix'>DelFix| ( ... de Xplode )



|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

http://imgbox.com/aciCkcnc'>

|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".

|- Seus problemas,ainda,permanecem?

 

A+

[alvotarget 0]

Boa tarde.

O DelFix irá substituir o Combofix? Ou após executo novamente o Combofix?

[DigRam 144]

Boa tarde.

O DelFix irá substituir o Combofix? Ou após executo novamente o Combofix?

Olá!

 

|- O DelFix irá remover as ferramentas que foram empregadas. Inclusive o ComboFix,já que resolvi abortar sua utilização.

|- Tudo Ok?

 

A+

[alvotarget 0]

Ah sim, tudo ok, mas o ComboFix não limparia totalmente?

Eu fiquei com receio de logar como adm pois já tive uma experiencia desagradavel com isso. Comprei um pc numa loja especializada e após um tempo fui tentar instalar um programa e nao pude pois nao tinha previlegios, então usei o comando (NET USER administrador /active:yes) que para minha surpresa nao pude entrar pois pediu uma senha que nao tinha, mas consegui reverter o processo usando aquele esquema de executar o linux e recriar outra senha.

Agora estou usando o notebook da minha esposa e ela formatou a um tempo, só nao sei se usar o comando net user adm vai pedir a tal senha desconhecida ou a que já uso para logar ou nenhuma. O problema é que não estou com o pendrive para reverter isso usando o linux e nem com as informações de como fazer isso rs.

[DigRam 144]

Olá! alvotarget

 

|- Execute escaneamento online em | http://www.eset.eu/online-scanner'> |
|- Utilize o navegador "Internet Explorer",para essa tarefa!

http://s1158.photobucket.com/albums/p604/slackwings/?action=view&current=Nod32.gif'>

|- Siga,conforme a imagem,essa verificação ou scan.

http://imgbox.com/abmL2O1b'>

|- Ao concluir,clique em "List of found threats" >> "Export to text file"
|- Salve esse texto no desktop,com o nome: Esetlog
|- Poste o relatório que estará no desktop! ( Esetlog.txt )
|- Ps: Caso nada seja detectado,não teremos relatório ou lista presente.

A+

[alvotarget 0]

Boa noite DigRam!

Aqui vai o relatório.

 

C:\Program Files\FreeGamePick.com\Jigsaw Deluxe\Toolbar\ToolbarSetup.exe a variant of Win32/Bundled.Toolbar.Ask.A application cleaned by deleting - quarantined
C:\Program Files\FreeGamePick.com\Pillars Of Hercules\Toolbar\ToolbarSetup.exe a variant of Win32/Bundled.Toolbar.Ask.A application cleaned by deleting - quarantined
C:\Program Files\Nexus Radio\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A application cleaned by deleting - quarantined
C:\Users\Simone\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-eu.cab Win32/OpenCandy application deleted - quarantined
C:\Users\Simone\Downloads\atube-catcher-291347-baixaki-32-bits.exe a variant of Win32/InstallCore.AY application cleaned by deleting - quarantined
C:\Users\Simone\Downloads\aTube_Catcher_Setup (2).exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Simone\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Users\Simone\Downloads\mozilla-firefox-1802-baixaki-32-bits.exe a variant of Win32/InstallCore.BE application cleaned by deleting - quarantined
C:\Users\Simone\Downloads\revo-uninstaller-194-baixaki-32-bits.exe a variant of Win32/InstallCore.BE application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9IS6GLW\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

[DigRam 144]

Boa Noite! alvotarget

|- Otimize o Windows e limpe o registro com o JetClean.

-/-

|- Baixe: < http://majorgeeks.com/downloadget.php?id=7226&file=1&evp=41637a00edff17468e59cba2d9bcf6bf'>JetClean 1.3.0 Final > ( ... by BlueSprig )
|- Salve-o em Arquivos de programas. ( jetclean-setup.exe )

http://imgbox.com/adzVh9sP'>

|- Instale o software e na guia "1-Click",escolha a opção "Registry Clean.
|- Vá em "Scan Now" e escolha: Shut down PC after Repair

< http://www.bluesprig.com/jetboost.html'>JetBoost >

http://imgbox.com/adcx3QVr'>

|- À seguir,tente melhorar a performance com o JetBoost.

|- Bom trabalho! :)

Abs!