[Arquivado] Será que é vírus?

[moicanofacul 0]

Nas últimas 48 horas ocorreram 2 eventos suspeitos:

1- Ao fechar um jogo fullscreen, uma janela estava aberta e se fechou rapidamente, sem dar tempo de eu verificar o que era;

2- Ao abrir o mozilla firefox, abriu sozinho uma janela extra (do mozilla) com propaganda de produtos falsos do facebook (spam).

 

Não costumo acessar sites não confiáveis e há +ou- uma semana instalei um jogo antigo que só se joga on-line (Gunbound) - não sei se ele pode ter a ver com o problema.

 

Como sou desconfiado, uso meu pc para trabalho e confio muito em vocês, corri pra cá postar o log do HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:07:21, on 13/06/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\DesktopCal\desktopcal.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Users\Pierre Cardoso\Desktop\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=Userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [skyDrive] "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [DesktopCal] C:\Program Files (x86)\DesktopCal\desktopcal.exe
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14676 bytes

Ah! Esqueci de dizer:

 

Quando acordei hoje, me deparei com uma mensagem de erro do Avira informando que algum erro do software fez com que ele travasse e não fizesse a varredura programada diária.

[Power Max 54]

Olá Moicano.

 

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

 

:seta: Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

 

Remova adwares e toolbars maliciosas com o Adwcleaner

 

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

 

Ficamos na espera.

[moicanofacul 0]

# AdwCleaner v3.212 - Relatório criado 13/06/2014 às 23:34:27
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Pierre Cardoso - PIERRECARDOSO
# Executando de : C:\Users\Pierre Cardoso\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Chave Deletedo : HKLM\Software\dt soft\daemon tools toolbar

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1183 octets] - [13/06/2014 23:33:47]
AdwCleaner[s0].txt - [1095 octets] - [13/06/2014 23:34:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1155 octets] ##########

[Power Max 54]

Desative temporariamente seu antivírus para evitar conflitos.

 

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

:seta: Para executá-lo corretamente siga as dicas deste tutorial:

 

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

 

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

[moicanofacul 0]

Fiz tudo como manda o tutorial, mas o Zoek não abre de jeito nenhum! Coloco pra executar como administrador, o windows pergunta se quero permitir que o programa faça alterações no computador e eu clico em 'sim', mas ainda assim o Zoek não abre. A rodinha azul (antiga ampulheta) do cursor roda por 2 segundos e para, sem abrir o Zoek.

[Power Max 54]

tem vezes que o Zoek demora até uns 12 minutos para abrir.

[moicanofacul 0]

Fui dormir, acordei e não tinha nenhum Zoek aberto. Ou seja, ele não abriu realmente.

Oush! Abriu agora do nada! Vou fazer os procedimentos.

[Power Max 54]

Oush! Abriu agora do nada! Vou fazer os procedimentos.

valeu, fico na espera.

[moicanofacul 0]

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Pierre Cardoso on 14/06/2014 at 9:40:31,82.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pierre Cardoso\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

14/06/2014 09:43:33 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\PIERRE~1\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240\prefs.js:

Added to C:\Users\PIERRE~1\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\PIERRE~1\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240

user.js not found
---- Lines ask.com removed from prefs.js ----
user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ----

prefs_062014_0950_.backup

==== Deleting Files \ Folders ======================

C:\Users\Pierre Cardoso\AppData\Local\cache deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [11/09/2013 06:54]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Pierre Cardoso\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [24/05/2014 01:44]

==== Firefox Extensions ======================

ProfilePath: C:\Users\PIERRE~1\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240
- Flashblock - C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- WOT - C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Portugus Brasileiro Nova Ortografia - %ProfilePath%\extensions\pt-BR@dictionaries.addons.mozilla.org
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Desprotetor de Links - %ProfilePath%\extensions\desprotetordelinks@claudio-silva.com.xpi
- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Facebook Photo Zoom - %ProfilePath%\extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240
B52EFEC8EEF9A7809376795ED3699826 - C:\Users\Pierre Cardoso\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
D493C8FC0D0FD015BB9765658D77346E - C:\Users\Pierre Cardoso\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
555E65306A5D3A5978BE74E1DD62CDD9 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer HTML5VideoShim Plug-In (32-bit)
7B448B2B45428218D0D87376A2FF9FC2 - C:\Users\Pierre Cardoso\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Pierre Cardoso\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[24/05/2014 01:44]

Google Docs - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{searchCLSID} Unknown Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0CFC0FF2-7D28-4419-B506-086356381DDA} Americanas.com.br Url="http://www.americanas.com.br/busca/{searchTerms}"
{0D763647-EF4D-4055-AA9E-5AA247285547} Saraiva.com Url="http://www.livrariasaraiva.com.br/pesquisaweb/pesquisaweb.dll/pesquisa?FILTRON1=X&PALAVRASN1={searchTerms}&ESTRUTN1=&MODELON1=C&ORDEMN1=E&QTTOP=100"
{0EACAB93-7E9C-41D7-ACE4-B696381E2C0E} Wikipedia (br) Url="http://br.wikipedia.org/w/index.php?title=Dibar:Klask&search={searchTerms}"
{5D3373DE-E345-414F-9E6C-5EA687463EA2} Submarino.com Url="http://www.submarino.com.br/busca?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{9AFB250B-3A9F-4BE3-BA52-E5235AC5E952} Google Url="http://www.google.com/search?hl=en&q={searchTerms}"
{A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox"
{E354496C-DDB9-47A7-A193-3ED9DEE8EA88} Bondfaro Url="http://www.bondfaro.com.br/cprocura?produto={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Pierre Cardoso\Desktop\Blogs e Páginas.lnk -
C:\Users\Pierre Cardoso\Desktop\Concursos Públicos.lnk -
C:\Users\Pierre Cardoso\Desktop\Pierre Cardoso (P).lnk - P:\
C:\Users\UpdatusUser\Desktop\Calendário do desktop.lnk -

==== shortcuts in Users Start Menu ======================

C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\GunboundPS.lnk - C:\Game\SoftnyxGame\GunBoundPS\NyxLauncher.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftnyxGame\GunboundPS\Gunbound Home page.lnk - C:\Game\SoftnyxGame\GunBoundPS\GunBound.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftnyxGame\GunboundPS\Gunbound Uninstall.lnk - C:\Game\SoftnyxGame\GunBoundPS\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftnyxGame\GunboundPS\Gunbound.lnk - C:\Game\SoftnyxGame\GunBoundPS\NyxLauncher.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\partypoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BF1942.lnk - C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\ClocX.lnk - C:\Program Files\ClocX\ClocX.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Diablo II - Lord of Destruction.lnk - C:\Program Files (x86)\Diablo II\Diablo II.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Full Tilt Poker.lnk - C:\Program Files (x86)\Full Tilt Poker\FullTiltPoker.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gios PDF Splitter and Merger for Windows.lnk - C:\Users\Pierre Cardoso\Documents\GiosPSM\GiosPSM.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gunbound.lnk - C:\Game\SoftnyxGame\GunBoundPS\NyxLauncher.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\HP Scan.lnk - C:\Program Files (x86)\hp\HP Deskjet 2050 J510 series\bin\HPScan.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PartyPoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Play GTA Vice City.lnk - C:\Program Files (x86)\Rockstar Games\Grand Theft Auto Vice City\gta-vc.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Project64 1.6.lnk - C:\Program Files (x86)\Project64 1.6\Project64.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger.lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pierre Cardoso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pierre Cardoso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Pierre Cardoso\AppData\Local\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2 folders=20 75982 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pierre Cardoso\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PIERRE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 14/06/2014 at 9:59:14,32 ======================

[Power Max 54]

Como está a situação depois destes procedimentos?

[moicanofacul 0]

Por enquanto, tudo normal. Os fatos ocorreram de maneira isolada. Dê-me 24 horas para eu fazer uma observação maior..

[Power Max 54]

Ok, depois você nos diz como está o PC.

[moicanofacul 0]

A única coisa estranha que está rolando até agora é que está abrindo o site do Google toda vez que abro uma nova aba no Mozzila Firefox. Já configurei para abrir uma página em branco, mas o navegador insiste em abrir o Google.

[Power Max 54]

Abra o Firefox e na barra de endereços digite about:config e tecle Enter.

Poderá aparecer uma mensagem dizendo "This might void your warranty!"
Clique em I'll be careful, I promise! (serei cuidadoso, eu prometo), para continuar para a página about:config

Tecle browser.newtab.url na caixa de pesquisa.

Dê um duplo clique em browser.newtab.url e troque a URL para about:newtab

Click OK e feche o about:config tab

Depois nos diga se resolveu.

[moicanofacul 0]

Resolvido. Muitíssimo obrigado!

[Power Max 54]

TÓPICO REABERTO A PEDIDO DO AUTOR.

Baixe o programa Junkware Removal Tool no link abaixo:
http://thisisudax.org/downloads/JRT.exe

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

[moicanofacul 0]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Pierre Cardoso on 16/06/2014 at 10:55:51,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASDLG
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0EACAB93-7E9C-41D7-ACE4-B696381E2C0E}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Pierre Cardoso\AppData\Roaming\mozilla\firefox\profiles\3dkhh8bj.default-1379274333240\minidumps [272 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/06/2014 at 11:00:34,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Power Max 54]

:seta: Faça o download do < ZHPDiag > < > ( ... de Nicolas Coolman )

 

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

 

 

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

 

Tutorial de instalação e execução do aplicativo ZHPDiag

 

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

[moicanofacul 0]

~ Relatório do ZHPDiag v2014.6.16.92 - Nicolas Coolman (16/06/2014)
~ Iniciado por Pierre Cardoso (16/06/2014 12:10:49)
~ Endereço do Website : http://www.paologios.com]
[HKCU\Software\SERPRO]
[HKCU\Software\VCM]
[HKCU\Software\nester]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Full Tilt Poker]
[HKLM\Software\Wow6432Node\SIC]
~ Key Software: 409 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/07/2010 - 23:13:17 - [] ----D C:\Program Files (x86)\Central de Jogos
O43 - CFD: 15/11/2010 - 22:16:00 - [] ----D C:\Program Files (x86)\Formats
O43 - CFD: 19/04/2014 - 13:12:19 - [] ----D C:\Program Files (x86)\Full Tilt Poker
O43 - CFD: 21/08/2012 - 20:32:56 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 14/03/2014 - 20:28:54 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 27/01/2014 - 22:06:48 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 09/07/2010 - 10:54:12 - [] ----D C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 - CFD: 05/01/2010 - 15:50:23 - [] --H-D C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}
O43 - CFD: 14/02/2013 - 20:18:08 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\cef-cache
O43 - CFD: 11/08/2012 - 22:28:28 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Party
O43 - CFD: 22/03/2011 - 14:02:30 - [] ----D C:\Users\Pierre Cardoso\AppData\Local\CPN
O43 - CFD: 19/04/2014 - 13:12:16 - [] ----D C:\Users\Pierre Cardoso\AppData\Local\FullTiltPoker
O43 - CFD: 14/04/2011 - 14:29:32 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 29/04/2013 - 22:59:37 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 14/03/2014 - 20:28:24 - [] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 260 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.2034011358FAECA28DBF16F1D69E2BE7] - 10/06/2014 - 22:56:11 ---A- . (...) -- C:\Windows\wpd99.drv [59]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 14/06/2014 - 09:40:21 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
~ Files: 47 Legitimates Filtered in 00mn 03s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:29/05/2012 - 14:53:30 ---A- . (.Windows ® Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/04/2012 - 22:09:43 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:09/10/2012 - 08:29:58 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [46440]
O58 - SDL:08/04/2014 - 18:22:39 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 64 Legitimates Filtered in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [Pierre Cardoso - 3dkhh8bj.default-1379274333240] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0CFC0FF2-7D28-4419-B506-086356381DDA} - (Americanas.com.br) - http://www.americanas.com
O69 - SBI: SearchScopes [HKCU] {0D763647-EF4D-4055-AA9E-5AA247285547} - (Saraiva.com) - http://www.livrariasaraiva.com
O69 - SBI: SearchScopes [HKCU] {5D3373DE-E345-414F-9E6C-5EA687463EA2} - (Submarino.com) - http://www.submarino.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9AFB250B-3A9F-4BE3-BA52-E5235AC5E952} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {E354496C-DDB9-47A7-A193-3ED9DEE8EA88} - (Bondfaro) - http://www.bondfaro.com
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D96EC2DE0DF19F3323E0CECFB49FCAFF] [sPRF][09/12/2013] (...) -- C:\Users\Pierre Cardoso\AppData\Roaming\unins000.dat [33278]
[MD5.C11706D2FD4AFCB8B0D6DAA0EF55D2C8] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\Rar.exe [403968]
[MD5.8C458DC9E7DC6EC0DC5F24C999AFA4C7] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\RarExt64.dll [193536]
[MD5.AD08FE53A5E484EA568D60544EF3F05C] [sPRF][25/04/2012] (...) -- C:\Program Files (x86)\rarnew.dat [20]
[MD5.8C95C6D737C450F0B847C22B9BA88766] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\UnRAR.exe [266240]
[MD5.BD3165A325F222F642F743B6CF2937ED] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\WinRAR.exe [1150464]
[MD5.76CDB2BAD9582D23C1F6F4D868218D6C] [sPRF][25/04/2012] (...) -- C:\Program Files (x86)\zipnew.dat [22]
~ Files: 12 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{A1092867-F199-4D94-A2A5-3CDF72CE0F5A}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{2D5B64E1-7283-4B78-ACB9-A7604D60BF6B}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLord_RASAPI32 =>Adware.WhenUSave
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLord_RASMANCS =>Adware.WhenUSave
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
~ BTK: 613 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 22/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 10/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 15/03/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Demand 04/01/2012 718888 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 30/08/2011 140672 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE64.exe
SR - | Auto 08/09/2009 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 04/06/2014 430160 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 04/06/2014 430160 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 02/10/2009 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 20/08/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 15/03/2013 877856 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 14/03/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 05s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:13/04/2012 - 22:09:43 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
~ Emulateurs: Scanned in 00mn 05s



---\\ Scâner Aditional (088)
Database Version : 13026 - (16/06/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 396051 Items scanned in 00mn 39s



---\\ Informações complémentaires do módulos
~ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ =>.Browser Helper Objects do navegador (02)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
=>Adware.WhenUSave
~ MSI: 1 link(s) detected in 00mn 00s



~ 1001 Legitimates filtered by white list
End of the scan (474 lines in 01mn 24s)(0)

[moicanofacul 0]

Precisei desligar o computador por 10 minutos e, ao religar, ele faz uma verificação de disco que nunca vi: