[Resolvido] &nbspPossivelmente infectado

[Mário Monteiro 179]

Bom dia

 

Acredito que fui infectado

 

Recentemente todos os meus navegadores parassaram sem nenhuma ação minha a receber uma pagina de busca ( http://www.searchnu.com/414 ) como pagina inicial

 

Além disso o meu navegador padrão ( Google Chrome ) passou a ter um comportamento inadequado o que me levou a reinstala-lo só que o mesmo não funciona mais

 

Abaixo o log do HijackThis

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:41:40, on 24/05/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\PROGRA~1\GbPlugin\gbiehisg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} (GbPluginObj Class) - https://www5.infoseg.gov.br/Install/GbPluginIsg.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginIsg - C:\PROGRA~1\GbPlugin\gbiehIsg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GBPLUGIN\gbpsv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

--
End of file - 10316 bytes

 

Agradeço antecipadamente

[DigRam 144]

Bom Dia! Mário Monteiro

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como

|- Ps: Dê início ao scan,clicando em "Remover". < >

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

-/-

|- Baixe: < ZHPDiag2 > ( ... de Nicolas Coolman )

|- Salve-o no desktop!

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

|- Para Windows Vista,Windows 7 e 8,clique OK ao acionar ZHPDiag Setup.

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

|- Clique no ícone do pergaminho. ( ZHPScript )

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

|- Clique em All.

|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.

|-

|- Clique em "Calendar" e escolha 30 dias!

|- Clique no botão UAC,para desabilitar essa proteção.

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Salve-o em um local conveniente! ( ZHPDiag.txt )

<< Log

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Envie-o à Pjjoint.malekal,clicando na seta azul! < >

|- Ou acesse: << Link!

|- Ou acesse: << Link!

|- Maiores informações: < |Link| >

A+

[Mário Monteiro 179]

# AdwCleaner v2.301 - Relatório criado em 24/05/2013 às 14:12:25

# Atualizado em 16/05/2013 por Xplode

# Sistema Operacional : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

# Usuário : Mário Monteiro - MARIO

# Modo de Boot : Normal

# Executado de : C:\Users\Mário Monteiro\Desktop\adwcleaner.exe

# Opção [Remover]

 

 

***** [serviços] *****

 

 

***** [Arquivos/Pastas] *****

 

Arquivo Removido : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

Arquivo Removido : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

Arquivo Removido : C:\Users\Mário Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\ldnkfl42.default\searchplugins\Search_Results.xml

Pasta Removido : C:\Program Files\AVG Secure Search

Pasta Removido : C:\Program Files\FreeRIP3

Pasta Removido : C:\ProgramData\Ask

Pasta Removido : C:\ProgramData\AVG Secure Search

Pasta Removido : C:\ProgramData\boost_interprocess

Pasta Removido : C:\ProgramData\FreeRIP

Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3

Pasta Removido : C:\Users\Mário Monteiro\AppData\Local\AVG Secure Search

Pasta Removido : C:\Users\Mário Monteiro\AppData\LocalLow\AskToolbar

Pasta Removido : C:\Users\Mário Monteiro\AppData\LocalLow\AVG Secure Search

Pasta Removido : C:\Users\Mário Monteiro\AppData\LocalLow\Searchqutoolbar

Pasta Removido : C:\Users\Mário Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\ldnkfl42.default\Searchqutoolbar

Pasta Removido : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Removido Durante o reboot : C:\Program Files\Common Files\AVG Secure Search

Removido Durante o reboot : C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}

Removido Durante o reboot : C:\Program Files\Searchqu Toolbar

 

***** [Registro] *****

 

Chave Removida : HKCU\Software\AVG Secure Search

Chave Removida : HKCU\Software\DataMngr

Chave Removida : HKCU\Software\DataMngr_Toolbar

Chave Removida : HKCU\Software\IGearSettings

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Chave Removida : HKCU\Software\YahooPartnerToolbar

Chave Removida : HKLM\Software\AskToolbar

Chave Removida : HKLM\Software\AVG Secure Search

Chave Removida : HKLM\Software\AVG Security Toolbar

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll

Chave Removida : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll

Chave Removida : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Chave Removida : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Chave Removida : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Chave Removida : HKLM\SOFTWARE\Classes\BrowserConnection.Loader

Chave Removida : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}

Chave Removida : HKLM\SOFTWARE\Classes\DnsBHO.BHO

Chave Removida : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1

Chave Removida : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1

Chave Removida : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Chave Removida : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Chave Removida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Chave Removida : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard

Chave Removida : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Chave Removida : HKLM\Software\Conduit

Chave Removida : HKLM\Software\DataMngr

Chave Removida : HKLM\Software\Freeze.com

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar

Chave Removida : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Chave Removida : HKLM\Software\SearchquMediabarTb

Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

 

***** [Navegadores] *****

 

-\\ Internet Explorer v9.0.8112.16483

 

[OK] Registro está limpo.

 

-\\ Mozilla Firefox v20.0.1 (pt-BR)

 

Arquivo : C:\Users\Mário Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\ldnkfl42.default\prefs.js

 

Removida : user_pref("browser.search.defaultenginename", "Search Results");

Removida : user_pref("browser.search.order.1", "Search Results");

Removida : user_pref("browser.search.selectedEngine", "Search Results");

Removida : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

Removida : user_pref("extensions.twitternotifier.configuration", "{\"config\":{\"photo_size_limit\":3145728,\"m[...]

Removida : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");

 

-\\ Google Chrome v [impossível ler a versão]

 

Arquivo : C:\Users\Mário Monteiro\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] Arquivo está limpo.

 

-\\ Opera v10.61.3484.0

 

Arquivo : C:\Users\Mário Monteiro\AppData\Roaming\Opera\Opera\operaprefs.ini

 

Removida : Home URL=hxxp://www.searchnu.com/414

 

*************************

 

AdwCleaner[s1].txt - [13868 octets] - [24/05/2013 14:12:25]

 

########## EOF - C:\AdwCleaner[s1].txt - [13929 octets] ##########

[DigRam 144]

Boa Tarde! Mário Monteiro

 

|- Apesar de AdwCleaner ter removido o hijacker,siga com ZHPDiag e poste seu log.

A+

[Mário Monteiro 179]

-----------------

 

Não Localizei o Botão UAC então vai sem está configuração o proximo relatorio

 

O botão com a seta azul não funcionou então usei a segunda opção

 

Gerou este link para o relatorio

 

http://cjoint.com/?CEyt4pQT6qI

[DigRam 144]

Boa Tarde! Mário Monteiro

|- Desinstale: < Ad-Aware v9.0.0 >

-/-

|- Baixe: < http://thisisudax.org/downloads/JRT.exe'> > ( ... de Thisisu )

|- Salve-o no desktop!

|- Para Windows 7,clique direito em JRT.exe e execute-o como

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

-/-

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a http://windows.microsoft.com/pt-BR/windows-vista/Turn-User-Account-Control-on-or-off'>UAC.

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Daily 1)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.)   [0]

[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Daily 2)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.)   [0]

[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Daily 3)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.)   [0]

[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Daily 4)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.)   [0]

[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.)   [0]

[MD5.00000000000000000000000000000000] [APT] [{0F7CAEBF-8342-4FCC-AF8D-D2A2C5C49C65}] (...) -- C:\Users\Mário Monteiro\Downloads\sp41377.exe (.not file.)   [0]

[MD5.00000000000000000000000000000000] [APT] [{46982475-050F-4048-A677-34246CCC59BB}] (...) -- C:\Users\Mário Monteiro\Downloads\plugin-letras-wmp0.9.exe (.not file.)   [0]

[MD5.00000000000000000000000000000000] [APT] [{595C0B4B-5D6A-4FE5-8297-A90EDF0BB56E}] (...) -- C:\Users\Mário Monteiro\Documents\Programas\Kit Seguran‡a\CFP_Setup_English_2.4.17.183.exe (.not file.)   [0]

[MD5.00000000000000000000000000000000] [APT] [{8D0F1681-484A-4477-A663-1A0F099B5DE0}] (...) -- C:\Users\Mário Monteiro\Downloads\eMule0.49c-Installer.exe (.not file.)   [0]

[MD5.00000000000000000000000000000000] [APT] [{AA554D45-691D-4B6E-B288-C218508EFA84}] (...) -- C:\Users\Mário Monteiro\Documents\Pasta de trocas do Bluetooth\hot\bf2008.exe (.not file.)   [0]

[MD5.4B817450226F93C31ADD5BCC27FED27A] - (.AVG Secure Search - ToolbarU Application.) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe   [1015984] [PID.3492]

B1 - OSP: search.ini [Mário Monteiro] URL=http://dts.search-results.com/sr?src=opb&appid=0&systemid=414&sr=0&q=%s    

SR - | Auto 22/05/2013 1015984 |  (vToolbarUpdater15.2.0) . (.AVG Secure Search.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

O20 - AppInit_DLLs: . (...) - C:\Program Files\SEARCH~1\Datamngr\datamngr.dll (.not file.)

O23 - Service:  (vToolbarUpdater15.2.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- Ad-Aware

O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

O43 - CFD: 24/05/2013 - 14:12:33 - [18,317] ----D C:\Program Files\Searchqu Toolbar

O44 - LFC:[MD5.F92BE0F20A0DC71FFD0D56AC7A04CA61] - 24/05/2013 - 14:13:03 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat   [262]    

O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 22/05/2013 - 18:25:15 ---A- . (...) -- C:\Windows\System32\DOErrors.log   [52]  

O64 - Services: CurCS - ??\??\???? - Unknown owner (Lbd)  .(...) - LEGACY_LBD    

O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo! Search) - http://br.search.yahoo.com    


[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}] 

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: Modified    

[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF]    

[HKLM\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof]

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}]    

C:\Program Files\YouTube Downloader    

C:\Program Files\Searchqu Toolbar

C:\Program Files\Common Files\AVG Secure Search    


hostfix

proxyfix

emptytemp

emptyclsid

emptyflash

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

|- Clique no menu,"Paste ClipBoard".

http://imgbox.com/acerMAbC'>

|- Clique "GO" -> Oui.

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

A+

[Mário Monteiro 179]

Vou postando por partes aqui

 

O Adware está meio que imortal aqui o exclui na marra não sei se deu 100% certo

 

Sobre o resto vou começar com o primeiro log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows Vista ™ Home Premium x86

Ran by M rio Monteiro on 24/05/2013 at 20:25:48,50

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

 

 

 

~~~ Registry Keys

 

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\M rio Monteiro\appdata\locallow\datamngr"

Successfully deleted: [Folder] "C:\Program Files\searchqu toolbar"

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{04CFAE81-A8DA-4F8A-86D3-A3DD89BFE503}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{067F4001-60AF-4DCA-99D7-202AEC7F8397}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{09680409-7705-4AC2-B1B6-8855E0141E4E}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{0B7F510C-C40F-489F-A92D-F21DD8150030}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{0E72F785-6E12-4791-B44D-EA326F205E60}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{18E041FD-C1FD-4E79-B085-D68BB9C88BBB}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{192C9C8E-EA4C-4E3C-832F-D3E06C3EC525}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{196BCDC9-9D28-461F-8545-06F177C2BA9F}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{1BCC7F54-BF60-4C3E-98B1-3BE4502ED7EF}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{1CB0AC7B-9ADF-44D0-BF43-C1C9F54C3D72}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{228BC100-08A2-4000-8DFF-C666A63390F6}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{24F89298-2715-4BFD-9E61-FBC0B33B8231}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{29BC759E-6FDC-4E62-82B2-D8903ECC19EC}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{29C58A6C-A75A-47F1-9253-E986EDD50096}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{2A2D0965-839B-45D4-925C-F55A9F80B023}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{2A51E311-2D33-46EB-AA7E-80B846484AF7}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{30F69449-D69A-463C-A597-918E1FAC15E0}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{314F0611-C0BE-4F7D-A5D3-761B8EF50E3E}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{35D75E12-A1E0-4627-813D-EDA7B996E852}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{3DB5B7D2-ADFB-4768-AC45-250FD74B5F1B}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{42E6AF67-6CAC-4DF8-A472-3EF3844CA5E4}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{45C17F0E-A152-4A71-A9FA-839A0AA70501}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{48D9813D-0E4B-4576-86D7-21DE1420D6B5}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{49B866A8-4520-4DCD-9791-A8496E4B566A}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{4D4153DC-80B7-4C89-A727-3AC744A760E6}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{4FBEC65E-36C7-4C80-B535-11B58BF743EC}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{502C51D2-B479-4462-9DAB-B3C0E32665AB}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{503091CC-7512-4B12-9194-43B332143213}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{5122D7EE-D069-47F5-8224-314C68C484A0}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{523085E0-C517-4FF5-BBF1-3A29945A3A46}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{54F9DFB6-D9A1-4F34-A6D1-42ABCDAC70A3}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{55D32E1C-3B7C-4A6B-B694-39001409D187}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{5A060F99-A213-405C-A0FF-3A8D4C5FD865}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{5A7121B9-DB37-4236-9B67-C8C932E30031}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{5DAA9249-B8D7-4EA4-B1CF-9D402172E995}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{5F1108A9-D5AC-452D-B51E-FE6E1291B344}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{607FEF56-4F18-41A6-BBA2-EAC16E7D73F1}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{67D5DAA5-B9F0-4367-9B5E-C25301F7581F}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{69A896D0-A9E1-4FCD-A3A2-6305E8E7AE6C}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{69DA36FE-7BCC-4434-8416-88A34BD1DB83}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{707BB194-FE4F-4EC2-82D8-A45F70B2411B}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{727D9F6C-274B-4F3F-AC63-2A390A947AFB}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{761CC11D-6EF1-4F21-A08A-33EC41BC8836}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{762DE37D-EDFF-4897-8178-B783C31FDE72}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{7663445D-1A96-470C-BA92-964FBE499127}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{7DC4A834-405B-4DA9-926A-6D48DA6843CF}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{8361489F-B6AF-48E2-8D96-5C7395C99CB1}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{86A7D7E2-76B9-4FF4-B77A-35BB1588DF79}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{8936F8FE-94F1-4185-807F-5AA32F57B72E}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{8BA4B748-88B7-4F82-A81C-F5BCBD7151A3}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{8D78A15A-7E11-4014-9E51-5382DDC076C8}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{8F205BD0-6148-4CAA-B110-47B276C5D878}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{8F687299-F372-4C8F-9393-48BB0B8BFAB5}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{91556FBD-DF43-4AB5-843F-D6F963F82972}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{9174B570-B5F6-4F91-8477-258255668048}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{935ECEF0-67CA-46AC-8737-325011BAA744}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{948281F5-45CB-471E-B3E3-09637C2EA786}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{99FCFA80-F86B-43DC-A587-A6E6E3E6C5BC}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{9BE28E57-D414-44AF-9863-98F8BB62C4CF}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{9D6D2512-E72C-4EED-9AC6-F9EE47A79D33}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{9FF552C4-C424-46A2-B04F-A57DA4F9145D}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{A0959354-6D8E-4483-9F5D-43AC5E6CF8A4}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{A14C7AA4-B838-456C-BC94-6E25A965A59F}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{A2A52AC9-EFFA-432D-B7D4-6C910759B5DB}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{A6A89B73-A8B9-4C1D-82D8-92A38B5DBA81}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{A96A7462-8310-4A2D-9CD6-8F552C266BA9}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{AEEEFD08-3C8A-4A3D-BEC1-2D634987BB57}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{AF4E7177-471E-48DE-BF62-16506A61BD53}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{B049FBFF-64CF-465A-9E05-B71C6CE3A807}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{B21216A5-7401-4CF4-B3D0-6BC45934795B}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{B35B4CE9-6A2B-4137-97E9-CFF121AA8FD6}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{B686A087-15CF-42D4-8734-0DC66948A273}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{CD629F59-9DA3-4881-8F96-66426E0DEF80}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{CF095614-6E01-4FA5-BD1F-A3D061954120}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{CF628766-15C0-45DD-82D9-DDB223BF5B9C}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{D12606A5-1560-4892-8B7F-DB063AB3A31D}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{D1720DE8-351A-4F75-A56D-CF731B5C85D0}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{D5399482-B0D6-4865-8AEA-199276F32D57}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{D86582A0-E7E0-49C5-B21C-A277F5FDAEDF}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{DDDEA7EB-7D3C-476D-815F-05B619EC6FCA}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E03B86B7-1472-4E23-8A4E-5F3BC47462B3}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E1088099-7526-4472-985C-28E3CE52E419}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E10E4C6B-9086-42E2-BC90-8A0DD29858D0}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E173D9B6-417E-4B11-9792-B3A8C70436C2}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E18E389E-5E1D-4FBA-9BFE-DFEFBE0C6034}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E49C0415-48AD-4CBB-A2C6-AE8E7AA284B1}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{E96C483F-CD4F-4FFF-8E38-383DB01779D3}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{EBD876F4-DD6A-440F-88C6-E0E8E67793AF}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{ED0BE9CF-DBEF-4D24-906A-FE1904F6D907}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{F588961D-7A33-404B-9DDB-A90F8A74C4CE}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{F7947796-6AA0-4E2A-BB0C-C1E861EBB067}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{F9B1A4CB-BBBF-490D-AA36-87834868073A}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{FBA67787-4C40-4DFE-9424-21B2474CC243}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{FE605BCE-1995-4C87-B13D-CBE67F4842AD}

Successfully deleted: [Empty Folder] C:\Users\M rio Monteiro\appdata\local\{FFFB6CBF-FB40-4658-BDAD-3D9C19B5391E}

 

 

 

~~~ FireFox

 

Failed to delete: [Folder] "C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}"

Emptied folder: C:\Users\M rio Monteiro\AppData\Roaming\mozilla\firefox\profiles\ldnkfl42.default\minidumps [137 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 24/05/2013 at 20:28:49,79

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

O outro relatorio

Rapport de ZHPFix 2013.5.24.2 par Nicolas Coolman, Update du 24/05/2013

Fichier d'export Registre :

Run by Mário Monteiro at 24/05/2013 20:35:34

High Elevated Privileges : OK

Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)

 

Recycle Files Deleted

 

========== Software ==========

NOT FOUND Software Key: Ad-Aware

NOT FOUND Uninstall Process: c:\programdata\{2162ccc0-3a5f-4887-b51f-ce5f195b3620}\ad-aware90install.exe

 

========== Memory Process ==========

DELETE on Reboot Memory Process: C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

 

========== Registry Key ==========

DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}]

DELETED Key: Service: vToolbarUpdater15.2.0

NOT FOUND Key: Service: vToolbarUpdater15.2.0

ERROR Key: Service Legacy: LEGACY_LBD

DELETED Key: SearchScopes :{DECA3892-BA8F-44b8-A993-A466AD694AE4}

NOT FOUND Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}

ERROR Key****: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

DELETED Key: HKLM\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

 

========== Registry Value ==========

NOT FOUND Value Key: FirewallOverride

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (None) : {E080A850-AB58-4734-8950-567006A78C7C}

DELETED FirewallRaz (Public) : {2DB9F67B-59B8-4232-876E-C7E726A92880}

DELETED FirewallRaz (Public) : {4F62596B-6B9A-440E-80CC-30C82001B6BB}

 

========== Registry Data Items ==========

REMOVED AppInit: \Program Files\SEARCH~1\Datamngr\datamngr.dll

 

========== Browser Profiles ==========

DELETED Opera Search Page: http://dts.search-results.com/sr?src=opb&appid=0&systemid=414&sr=0&q=%s

 

========== Repertory ==========

No Empty CLSID Directories

DELETED Flash Cookies

 

========== File ==========

DELETED File: c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\toolbarupdater.exe

NOT FOUND File: \program files\search~1\datamngr\datamngr.dll

NOT FOUND File: c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\toolbarupdater.exe

DELETED File: c:\windows\deleteonreboot.bat

DELETED File: c:\windows\system32\doerrors.log

NOT FOUND Folder/File: c:\program files\searchqu toolbar

DELETED Window Temporary

DELETED Flash Cookies

 

========== Hosts file ==========

Hosts File not cleaned (Please Deactivate your Antivirus)

 

========== Task ==========

DELETED Task: Ad-Aware Update (Daily 1)

DELETED Task: Ad-Aware Update (Daily 2)

DELETED Task: Ad-Aware Update (Daily 3)

DELETED Task: Ad-Aware Update (Daily 4)

DELETED Task: Ad-Aware Update (Weekly)

DELETED Task: {0F7CAEBF-8342-4FCC-AF8D-D2A2C5C49C65}

DELETED Task: {46982475-050F-4048-A677-34246CCC59BB}

DELETED Task: {595C0B4B-5D6A-4FE5-8297-A90EDF0BB56E}

DELETED Task: {8D0F1681-484A-4477-A663-1A0F099B5DE0}

DELETED Task: {AA554D45-691D-4B6E-B288-C218508EFA84}

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

1 : Memory Process

8 : Registry Key

12 : Registry Value

1 : Registry Data Items

2 : Repertory

8 : File

2 : Software

1 : Browser Profiles

1 : Hosts file

10 : Task

1 : Restoration

 

 

End of clean in 01mn 16s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 24/05/2013 20:35:34 [3639]

[DigRam 144]

Bom Dia! Mário Monteiro

: Mário Monteiro, em 24/05/2013, disse:

Além disso o meu navegador padrão ( Google Chrome ) passou a ter um comportamento inadequado o que me levou a reinstala-lo só que o mesmo não funciona mais

|- Desinstale o Chrome,com o RevoUninstaller,no modo Avançado.

-/-

|- Baixe: < Revo Uninstaller >

|- Salve-o no desktop.

|- Instale o utilitário e verifique se na tela principal aparece o programa a ser desinstalado.

|- No seu caso,o Google Chrome.

|- Selecione-o e clique em Desinstalar.

|- Para maiores detalhes,leia o < Tutorial >

-/-

< Comodo Dragon >

|- Baixe e instale este navegador! ( Comodo Dragon )

|- Relate o resultado desta experiência,ao substituir seu navegador Chrome,pelo Comodo Dragon.

|- Ps: Verás que o mesmo foi construído tendo por base a engine do Chrome e apresentando,como diferencial,a segurança imposta pela Comodo.

|- Ps: Cuidado ao importar configurações de outros navegadores,durante sua instalação.

|- Baixe: < > ( ... by Old Timer )

|- Salve-o no desktop ou C:\.

|- Duplo-clique em OTS.exe.

|- Ps: Para Windows Vista ou 7,dê clique direito e execute OTS.exe como administrador.

|- Na opção "Additional Scans",clique em "Extras".

|- Marque as caixinhas:

[] Reg - NetSvcs

[] File - Lop Check

|- Para SO 64 bits,marque a caixinha!

|- Em "Basic Scans",marque as caixinhas:

[] Use Company Name Whitelist

[] Skip Microsoft Files

|- Verifique: &

%systemdrive%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%programfiles%\*.*
%localappdata%\*.exe
%localappdata%\*.txt
%localappdata%\*.ini
%localappdata%\*.dll
%localappdata%\*.dat
%userprofile%\*.exe
%userprofile%\*.txt
%userprofile%\*.ini
%userprofile%\*.dll
%userprofile%\*.dat /30
%appdata%\*.*
%systemroot%\system32\tasks\*.*
%windir%\tasks\*.*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT

|- Copie e cole estas informações que estão no Code,para o campo "Custom Scans".

|- À seguir,clique em

|- Ao concluir,abrir-se-á o Bloco de Notas,com o relatório. ( OTS.txt )

|- Poste-o em sua resposta!

|- Acesse para isso! ( cjoint.com ou myfile.tk )

Abs!

[Mário Monteiro 179]

Só desinstalando o chrome com o revo e reinstalando ele voltou ao normal


O que devo fazer dos demais procedimentos?

[DigRam 144]

Só desinstalando o chrome com o revo e reinstalando ele voltou ao normal

 

O que devo fazer dos demais procedimentos?

Olá! Mario Monteiro

 

|- Caso repare,ainda,a ação do browser hijacker nos navegadores,poste o log da ferramenta OTS.

 

A+

[Mário Monteiro 179]

Gerou este link

 

http://cjoint.com/?CEzsjRU904I

[DigRam 144]

Boa Tarde! Mário Monteiro

|- Não detectei a presença do malware.

########

|- Abra a ferramenta OTS.

[Unregister Dlls]
[Files/Folders - Modified Within 30 Days]
NY ->  DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Mário Monteiro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
NY -> {1FD91A9C-410C-4090-BBCC-55D3450EF433} -> C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
[Files - No Company Name]
NY ->  PhysicalDisk0_MBR.bin -> C:\PhysicalDisk0_MBR.bin
NY ->  ZHPFix.lnk -> C:\Users\Public\Desktop\ZHPFix.lnk
NY ->  ZHPDiag.lnk -> C:\Users\Public\Desktop\ZHPDiag.lnk
NY ->  MBRCheck.lnk -> C:\Users\Public\Desktop\MBRCheck.lnk
NY ->  adwcleaner.exe -> C:\Users\Mário Monteiro\Desktop\adwcleaner.exe
[Custom Scans]
YY ->  AdwCleaner[S1].txt -> C:\AdwCleaner[S1].txt
YY ->  ComboFix.txt -> C:\ComboFix.txt
[Alternate Data Streams]
NY -> @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0CE7F3C9

[empty temp folders]
[reboot]

|- Cole estas informações que estão no Code,para o campo: "Paste Fix Here"



|- Clique em Run Fix --> Aguarde!
|- Terminando,poste o relatório: C:\_OTS\MovedFiles\OTS.txt
|- Tudo Ok?

Abs!

[Mário Monteiro 179]

All Processes Killed

[Files/Folders - Modified Within 30 Days]

C:\Users\Mário Monteiro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} moved successfully.

[Files - No Company Name]

C:\PhysicalDisk0_MBR.bin moved successfully.

C:\Users\Public\Desktop\ZHPFix.lnk moved successfully.

C:\Users\Public\Desktop\ZHPDiag.lnk moved successfully.

C:\Users\Public\Desktop\MBRCheck.lnk moved successfully.

C:\Users\Mário Monteiro\Desktop\adwcleaner.exe moved successfully.

[Custom Scans]

C:\AdwCleaner[s1].txt moved successfully.

C:\ComboFix.txt moved successfully.

[Alternate Data Streams]

ADS C:\ProgramData\TEMP:0CE7F3C9 deleted successfully.

File not found!

[empty temp folders]

 

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Mário Monteiro

->Temp folder emptied: 439347 bytes

->Temporary Internet Files folder emptied: 2901729 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 216549894 bytes

->Google Chrome cache emptied: 18915943 bytes

->Apple Safari cache emptied: 57344 bytes

->Opera cache emptied: 4773594 bytes

->Flash cache emptied: 548 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 529278 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

RecycleBin emptied: 1519723538 bytes

 

Total Files Cleaned = 1.682,00 mb

 

< End of fix log >

OTS by OldTimer - Version 3.1.47.2 fix logfile created on 05252013_135538

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

[DigRam 144]

Boa Tarde! Mário Monteiro

 

|- Remova as ferramentas empregadas e pontos de restauração,com o DelFix.

 

-/-

 

|- Baixe: |DelFix| ( ... de Xplode )



|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.



|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".
|- Caso queira poste o relatório!

|- Tudo Ok?

 

Abs!

[Mário Monteiro 179]

# DelFix v10.2 - Logfile created 25/05/2013 at 14:30:27

# Updated 02/04/2013 by Xplode

# Username : Mário Monteiro - MARIO

# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\JRT

Deleted : C:\USBFix

Deleted : C:\_OTS

Deleted : C:\ZHP

Deleted : C:\Program Files\ZHPDiag

Deleted : C:\Users\Mário Monteiro\Desktop\JRT.exe

Deleted : C:\Users\Mário Monteiro\Desktop\JRT.txt

Deleted : C:\Users\Mário Monteiro\Desktop\HiJackThis.exe

Deleted : C:\Users\Mário Monteiro\Desktop\OTS.exe

Deleted : C:\Users\Mário Monteiro\Desktop\OTS.Txt

Deleted : C:\Users\Mário Monteiro\Desktop\ZHPDiag.txt

Deleted : C:\Users\Mário Monteiro\Desktop\ZHPDiag2.exe

Deleted : C:\Users\Mário Monteiro\Desktop\ZHPFixReport.txt

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\Swearware

Deleted : HKLM\SOFTWARE\Classes\.cfxxe

Deleted : HKLM\SOFTWARE\Classes\cfxxefile

Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe

 

~ Cleaning system restore ...

 

Deleted : RP #1541 [MANUAL | 05/23/2013 13:22:37]

Deleted : RP #1543 [P | 05/24/2013 23:34:55]

Deleted : RP #1544 [Ponto de Verificação Agendado | 05/25/2013 16:48:41]

 

New restore point created !

 

########## - EOF - ##########

[DigRam 144]

Boa Tarde! Mário Monteiro

 

|- Caso tenha problemas de lentidão,otimize o PC com o JetClean + JetBoost.

#######

|- Baixe: < JetClean 1.3.0 Final > ( ... by BlueSprig )
|- Salve-o em Arquivos de programas. ( jetclean-setup.exe )



|- Instale o software e na guia "1-Click",escolha a opção "Registry Clean".
|- Vá em "Scan Now" e escolha: Shut down PC after Repair



|- Ou escolhendo a opção "Repair",sem o reboot do PC.

< JetBoost >



|- À seguir,tente melhorar a performance com o JetBoost.
|- Tudo Ok?

A+

[Mário Monteiro 179]

Muito obrigado DigRam

 

A principio está tudo otimo

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.