[Arquivado] Virus Itau e Caixa

[Lango 0]

Olá. Peço ajuda para remover uma praga que infectou todas as máquinas da casa. Ele direciona a página do itaú para itau.com e no site da caixa, ou dá mensagem de servidor fora do ar ou entra no site do internetbanking, mas apresenta falha nos itens de segurança.

 

abaixo o log do hijackthi da minha máquina.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:16:12, on 20/09/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Vono\Vono\Vono Manager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Users\Dionei\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\mobsync.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dionei\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dionei\Downloads\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Dionei\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dionei\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [spotify] "C:\Users\Dionei\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Dionei\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} (Gif89 Lite +Audio Class) - https://br.mydlink.com/8D/activeX//DCS-93x/aplugLiteDL.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginCef - C:\PROGRAM FILES\GBPLUGIN\gbiehCef.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo Security Solutions, Inc. - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\PROGRA~1\GbPlugin\GbpSv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: SetupARService - Realtek Semiconductor. - C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Vono Manager (Vono_Manager) - - C:\Program Files\Vono\Vono\Vono Manager.exe

--
End of file - 12132 bytes

[DigRam 144]

Bom Dia! Lango

 

> Baixe: < > ( ... par Xplode )

 

> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!

 

< >

 

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

 

 

> Ps: Dê início ao scan,clicando em "Examinar".

 

< >

 

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

 

A+

[Lango 0]

# AdwCleaner v3.310 - Relatório criado 20/09/2014 às 11:31:28
# Atualizado 12/09/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : Dionei - DIONEI-PC
# Executando de : C:\Users\Dionei\Desktop\adwcleaner_3.310.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\GboxUpdater
Pasta Deletada : C:\ProgramData\Premium
Pasta Deletada : C:\ProgramData\Bcool
Pasta Deletada : C:\Program Files\Claro
Pasta Deletada : C:\Program Files\v-Grabber
Pasta Deletada : C:\Users\Dionei\AppData\Local\OpenCandy
Pasta Deletada : C:\Users\Dionei\AppData\Local\Temp\apn
Pasta Deletada : C:\Users\Dionei\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\Dionei\AppData\LocalLow\Toolbar4
Pasta Deletada : C:\Users\Dionei\AppData\LocalLow\Bcool
Pasta Deletada : C:\Users\Dionei\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Dionei\AppData\Roaming\registry mechanic

***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Chave Deletedo : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Chave Deletedo : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Chave Deletedo : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Chave Deletedo : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Chave Deletedo : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Chave Deletedo : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Chave Deletedo : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Chave Deletedo : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Chave Deletedo : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Chave Deletedo : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Chave Deletedo : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82EA3E77-7BD2-4744-A8F2-670770767EC5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82EA3E77-7BD2-4744-A8F2-670770767EC5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82EA3E77-7BD2-4744-A8F2-670770767EC5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\SProtector
Chave Deletedo : HKCU\Software\SweetIM
Chave Deletedo : HKCU\Software\YahooPartnerToolbar
Chave Deletedo : HKLM\SOFTWARE\AVG Secure Search
Chave Deletedo : HKLM\SOFTWARE\Conduit
Chave Deletedo : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Chave Deletedo : HKLM\SOFTWARE\Iminent
Chave Deletedo : HKLM\SOFTWARE\SweetIM
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16455

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v32.0.2 (x86 pt-BR)

[ Arquivo : C:\Users\Dionei\AppData\Roaming\Mozilla\Firefox\Profiles\tj3jjsgt.default\prefs.js ]


-\\ Google Chrome v

[ Arquivo : C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [13378 octets] - [20/09/2014 11:18:31]
AdwCleaner[s0].txt - [12975 octets] - [20/09/2014 11:31:28]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [13036 octets] ##########

[DigRam 144]

Bom Dia! Lando

 

> Se as máquinas estão em rede,recomendo que desligue a que está sendo limpa,dessa rede.

>

> Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )

 

> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

 

> Execute o ícone do pergaminho. ( ZHPDiag )

 

 

> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )

> Ps: Como o log será extenso,envie-o à Pjjoint.malekal.

 

> Ou acesse: < >

 

> Maiores informações: < |Link| >

 

A+

[Lango 0]

Bom Dia! Lango

 

> Baixe: < > ( ... par Xplode )

 

> Ao acessar,clique em "Download Now".

>

> Salve-o no desktop!

 

< >

 

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

 

 

> Ps: Dê início ao scan,clicando em "Examinar".

 

< >

 

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.

> Copie o log ou clique "Relatório".

> Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

 

A+

ok

boa tarde... segue o link. grato.

 

 

http://cjoint.com/?DIusB0Iiw74

[DigRam 144]

Boa Tarde! Lango

 

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

 

Script ZHPFix
FirewallRaz
EmptyPrefetch
ShortcutFix
EmptyCLSID
EmptyTemp
EmptyFlash
[MD5.DEBA5093D7DE0313E6BD3BE6C3E496E2] [sPRF][10/06/2013] (.No owner - Setup/Uninstall.) -- C:\Users\Dionei\AppData\Roaming\unins000.exe [720594]
HKLM\SOFTWARE\Microsoft\Tracing\1ClickDownloader_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\1ClickDownloader_RASMANCS
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}]
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2275131048-4184961829-573946149-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2275131048-4184961829-573946149-1000Core.job [1056]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2275131048-4184961829-573946149-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2275131048-4184961829-573946149-1000Core [1056]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2275131048-4184961829-573946149-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2275131048-4184961829-573946149-1000UA.job [1078]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-2275131048-4184961829-573946149-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2275131048-4184961829-573946149-1000UA [1078]
O43 - CFD: 25/02/2014 - 13:14:14 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 27/06/2012 - 20:47:02 - [] ----D C:\Program Files\SProtector =>PUP.Mocaflix
O43 - CFD: 27/06/2012 - 16:20:03 - [] ----D C:\ProgramData\OptimizerPro =>PUP.OptimizerPro
O43 - CFD: 13/07/2013 - 11:09:33 - [0] ----D C:\Program Files\GUM4DE1.tmp
O43 - CFD: 12/07/2013 - 21:17:41 - [0] ----D C:\Program Files\GUM7DB7.tmp
O43 - CFD: 09/07/2013 - 23:21:03 - [0] ----D C:\Program Files\GUMA786.tmp
O43 - CFD: 19/08/2014 - 21:51:34 - [0] ----D C:\Program Files\GUMAFF1.tmp
O43 - CFD: 05/07/2013 - 07:03:43 - [0] ----D C:\Program Files\GUMBBA3.tmp
C:\Program Files\SProtector
C:\ProgramData\InstallMate
C:\ProgramData\OptimizerPro

 

> Abra a ferramenta ZHPFix. < >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!

 

A+

[Lango 0]

Rapport de ZHPFix 2014.4.7.2 par Nicolas Coolman, Update du 07/04/2014
Fichier d'export Registre :
Run by Dionei at 20/09/2014 15:42:31
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit (Build 7600)

Reciclagem vazia (00mn 44s)
Prefetcher vazio
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\1ClickDownloader_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\1ClickDownloader_RASMANCS
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (162)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: C:\ProgramData\boost_interprocess
ELIMINÉ: C:\Program Files\SProtector
ELIMINÉ: C:\ProgramData\OptimizerPro
ELIMINÉ: C:\Program Files\GUM4DE1.tmp
ELIMINÉ: C:\Program Files\GUM7DB7.tmp
ELIMINÉ: C:\Program Files\GUMA786.tmp
ELIMINÉ: C:\Program Files\GUMAFF1.tmp
ELIMINÉ: C:\Program Files\GUMBBA3.tmp
ELIMINÉ: c:\programdata\installmate

========== Ficheiros ==========
ELIMINÉ Temporários windows (70065) (1.459.286.251 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\windows\tasks\facebookupdatetaskusers-1-5-21-2275131048-4184961829-573946149-1000core.job
ELIMINÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-2275131048-4184961829-573946149-1000core
ELIMINÉ: c:\windows\tasks\facebookupdatetaskusers-1-5-21-2275131048-4184961829-573946149-1000ua.job
ELIMINÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-2275131048-4184961829-573946149-1000ua


========== Recapitulativo ==========
4 : Chaves do Registo
3 : Valores do Registo
12 : Pastas
6 : Ficheiros


End of clean in 06mn 59s

========== Caminho do ficheiro do relatório ==========
C:\Users\Dionei\AppData\Roaming\ZHP\ZHPFix[R1].txt - 20/09/2014 15:43:16 [2137]

[DigRam 144]

Boa Tarde! Lango

 

> Remova as ferramentas que foram empregadas e estabeleça ponto de restauro com a DelFix.
> Seus navegadores serão redefinidos pela ferramente Adware Removal Tool,e caso não goste dos resultados,utilize o Ponto de Restauração criado pela DelFix.
>
> Baixe: |DelFix| ( ... de Xplode )

 

 

> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.

 

 

> Com as caixinhas marcadas,clique Executar!
>
>
> Baixe: < Adware Removal Tool > ( ... by techsupportall.com )
> Salve-a no desktop!

 

 

> Execute o arquivo Adware-Removal-Tool-v3.5.exe <<

 

 

> Dê início a verificação,clicando em Scan.

 

 

> Ao concluir seu prescan,clique OK.
> Ps: Cada guia irá mostrar o que será removido!

 

 

> Clique "Next" >> Aguarde!

< Computador >> Windows (C:) >> Program Files >> Adware-Removal-Tool >> Reports >> Repair_Logs_2014_09_dia_h_min_seg.txt <<

> Poste o relatório!

 

Abs!

[Lango 0]

Boa Tarde! Lango

 

> Remova as ferramentas que foram empregadas e estabeleça ponto de restauro com a DelFix.

> Seus navegadores serão redefinidos pela ferramente Adware Removal Tool,e caso não goste dos resultados,utilize o Ponto de Restauração criado pela DelFix.

>

> Baixe: |DelFix| ( ... de Xplode )

 

 

> Estando na página,clique em Download Now.

> Salve-a em um local conveniente! ( desktop! )

> Feche aplicativos que estejam abertos.

 

 

> Com as caixinhas marcadas,clique Executar!

>

>

> Baixe: < Adware Removal Tool > ( ... by techsupportall.com )

> Salve-a no desktop!

 

 

> Execute o arquivo Adware-Removal-Tool-v3.5.exe <<

 

 

> Dê início a verificação,clicando em Scan.

 

 

> Ao concluir seu prescan,clique OK.

> Ps: Cada guia irá mostrar o que será removido!

 

 

> Clique "Next" >> Aguarde!

< Computador >> Windows (C:) >> Program Files >> Adware-Removal-Tool >> Reports >> Repair_Logs_2014_09_dia_h_min_seg.txt <<

> Poste o relatório!

 

Abs!

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

Adware Removal Tool v3.9

Time: 2014_09_20_17_11_36

OS: Windows 7 - 32 Bit

Account Name: Dionei

U0L0S5

 

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

 

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}

 

\\ Finished

 

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

Adware Removal Tool v3.9

Time: 2014_09_20_17_11_36

OS: Windows 7 - 32 Bit

Account Name: Dionei

U0L0S5

 

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

 

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid

Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}

Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}

 

\\ Finished

 

DigRam, as ações feitas aqui valem para os outros PC's infectados?

[DigRam 144]

Boa Noite! Lango

 

 

DigRam, as ações feitas aqui valem para os outros PC's infectados?

> Sim! Mas esbarram no script de ZHPDiag,lançado em ZHPFix,que você não saberia elaborar.

> Como está o PC? Já o testou para acessar algum Banco?

> Caso queira,pode executar este Antimalware,na detecção de PUPs.

>

• Baixe: < Emsisoft Anti-Malware >
• Execute seu instalador: "EmsisoftAntiMalwareSetup.exe"
• Na próxima tela,escolha o seu idioma preferido e clique em "OK"
• Selecione a opção "Aceito o contrato de licença" e clique em "install".
• Na tela de licença,clique no botão "next".
• À seguir,selecione: "atualizar idiomas adicionais de"
• Clique em "Avançar".
• Agora,clique sobre a opção "computador scan".
• Escolha "Smart" e clique "scan".
• Ao concluir,ponha os itens encontrados em quarentena.
• Clique "relatório" >> Copie e cole para o Bloco de Notas.
• Clique: Avançar >> Avançar >> Concluir >> Poste o log.

A+

[Lango 0]

Caro DigRam,

Após passar em Emsissoft, testei o site do itau e da caixa e continuam com o mesmo problema.

Emsisoft Anti-Malware Anti-Malware - Versão 9.0

Última atualização 20/09/2014 22:07:54

User account: Dionei-PC\Dionei

Configuração do exame:

Tipo de exame: Exame Inteligente

arquivos: Rootkits, Memória, Rastros, C:\Windows\, C:\Program Files\

Detect PUPs: Ligado

Análise de arquivos: Desligado

Análise de ADS: Ligado

Extensão de arquivo: Desligado

Caching avançado: Ligado

Acesso direto ao disco: Desligado

Início do exame: 20/09/2014 22:52:19

C:\Users\Dionei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Passware\ detectados: Application.Win32.PassRecover (A)

Key: HKEY_USERS\S-1-5-21-2275131048-4184961829-573946149-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} detectados: Application.Win32.WSearch (A)

Analisados: 150743

Achado 2

Fim do exame: 21/09/2014 00:36:21

Duração do exame: 1:44:02

Key: HKEY_USERS\S-1-5-21-2275131048-4184961829-573946149-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} Em quarentena Application.Win32.WSearch (A)

C:\Users\Dionei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Passware\ Em quarentena Application.Win32.PassRecover (A)

Em quarentena 2

[DigRam 144]

Bom Dia! Lango

 

Após passar em Emsissoft, testei o site do itau e da caixa e continuam com o mesmo problema.

Então você terá que resetar o Modem ou Roteador,caso o tenha,e reconfigurá-lo(s) novamente. Pois existe grande probabilidade de estarem sequestrados. ( Rooter hijacker )
Ps: Contate um técnico da operadora,para essa empreitada caso não saiba fazê-lo. Depois me comunique os resultados.

Após o reset,baixe e execute o HitmanPro.

>

>

> Faça o download do HitmanPro.

 

< HitmanPro (32bit) >

< HitmanPro (64bit) > << Somente para sistemas 64bits

 

> Salve-o em Arquivos de programas ou Program Files.
> Clique direito em "HitmanPro.exe" e execute-o como administrador.
> Clique "Próximo" >> Aceite o Acordo de licença.
> Clique "Próximo" e aguarde a finalização do escaneamento.
> Caso o engenho tenha dificuldades ao iniciar,utilize o modo "Force Breach".
> Basta manter apertada a tecla "Ctrl" esquerda,enquanto você inicia o HitmanPro com duplo clique em seu ícone.
> Ao concluir,clique "Próximo" e ative a licença gratuita.

 

 

> Clique,novamente,em "Próximo" para que ocorra a remoção dos objetos detectados.
> Ao concluir,clique "Guardar relatório" e escolha seu desktop!
> Poste o relatório!

 

Abs!

[Lango 0]

DigRam, após seguir as instruções, aparentemente o internetbanking da caixa voltou a funcionar, mas ao acessar o itau.com.br, contonuo a ser redirecionado para itau.com

 

 

HitmanPro 3.7.9.225
www.hitmanpro.com

   Computer name . . . . : DIONEI-PC
   Windows . . . . . . . : 6.1.0.7600.X86/2
   User name . . . . . . : Dionei-PC\Dionei
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2014-09-21 16:55:15
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 14m 27s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 43

   Objects scanned . . . : 1.362.546
   Files scanned . . . . : 37.827
   Remnants scanned  . . : 512.303 files / 812.416 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : 84D89458
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\DRIVERS\atapi.sys
      StartIo  . . . . . : 00000000 +0
      IRP_MJ_SCSI  . . . : 840581E8 +0
   Solution
      DriverObject . . . : 84D89458
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\DRIVERS\atapi.sys
      StartIo  . . . . . : 00000000 +0
      IRP_MJ_SCSI  . . . : 88C8F44E \SystemRoot\system32\DRIVERS\ataport.SYS+25678

Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}\ (YTDownloader) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{5252AC41-94BB-11D1-B2E7-444553540000}\ (YTDownloader) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{82351440-9094-11D1-A24B-00A0C932C7DF}\ (YTDownloader) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}\ (YTDownloader) -> Deleted
   HKLM\SOFTWARE\Microsoft\Tracing\TBNotifier_RASAPI32\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Tracing\TBNotifier_RASMANCS\ (AskBar) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.buscape.com.br
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.egrana.com.br
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.globo.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.dialhost.com.br
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:adservingml.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww488.smartadserver.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:www5.smartadserver.com
   C:\Users\Dionei\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Dionei\AppData\Roaming\Mozilla\Firefox\Profiles\tj3jjsgt.default\cookies.sqlite:ads.yahoo.com
   C:\Users\Dionei\AppData\Roaming\Mozilla\Firefox\Profiles\tj3jjsgt.default\cookies.sqlite:doubleclick.net
   C:\Users\Dionei\AppData\Roaming\Mozilla\Firefox\Profiles\tj3jjsgt.default\cookies.sqlite:serving-sys.com
   C:\Users\Dionei\AppData\Roaming\Mozilla\Firefox\Profiles\tj3jjsgt.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Dionei\AppData\Roaming\Mozilla\Firefox\Profiles\tj3jjsgt.default\cookies.sqlite:www.googleadservices.com

Grato!

[DigRam 144]

Boa Noite! Lango

 

> Vamos pesquisar pela presença de rootkit ,impedindo seu acesso.

>

> Baixe: |TDSSKiller.zip|

>
> Salve-o no disco local e descompacte-o,direcionando-o ao desktop. ( Área de trabalho! )
> Feche aplicações que estejam abertas! <- Importante!
> Desabilite seu antivírus e/ou antispyware. <- Importante!
> Execute-o com um duplo clique em TDSSKiller.exe

 

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

 

> Caso prefira executá-lo por linha de comando,digite ou cole a linha,em destaque,no executar.
> Vá em Iniciar -> Executar -> Digite a LC -> Clique OK.
> Ps: Essa modalidade na execução,somente funcionará se TDSSKiller.exe estiver no desktop.
> Ps: Para Windows Vista ou 7,clique direito no arquivo e execute-o como administrador.

 

 

> Na tela principal,siga a ordem numérica até a obtenção do relatório.

 

 

> Em "Change parameters",marque todas as caixinhas.
> Á seguir,clique em "Start scan"

 

 

> Ao concluir,clique em "Skip" para detecções suspeitas.

 

> Clique em "Continue". < >

 

> Ao concluir,clique em "Report".

> Poste-o em: < cjoint.com >

 

> Ou... < myfile.tk >

 

> Ou... < 1fichier.com >

 

A+

[Lango 0]

Boa noite, segue link do relatório. Mais uma vez, grato.

 

http://cjoint.com/?DIwdLWdfzhD

[DigRam 144]

Bom Dia! Lango

 

---------
---------
22:31:29.0882 0x12c8 Scan finished
22:31:29.0882 0x12c8 ===============================
22:31:29.0929 0x1410 Detected object count: 0
22:31:29.0929 0x1410 Actual detected object count: 0
---------
---------
> Setores ocultos no disco não foram estabelecidos,portanto,não há presença de rootkits.
> A Master Boot Record (MBR),apresenta-se íntegra...
>
< virus bancário estabelece proxy para roubar informações >

>

> Agora,nos resta a pesquisa por proxy estabelecido por cavalo de tróia,segundo artigo que publiquei no secsecurity.

> Baixe: < > ( ... by OldTimer Tools )

 

> Salve-o no desktop!
> Duplo clique em OTL.exe >> Executar ou

 

> Ps: Tendo dificuldades ao executar OTL.exe,delete o arquivo e baixe-o daqui ou aqui.

 

 

> Configure a ferramenta,segundo a screenshot!

>
> Em "Exame Extra do Registro",assinale "Nenhum".

 

SAVEMBR:0
*crack* /s
*keygen* /s
*serial* /s
*AutoKMS* /s
*loader* /s
*netsvcs*
*msconfig*
*activex*
*drivers32*
%SYSTEMDRIVE%\*.*
%APPDATA%\Local\*.
%APPDATA%\*.exe /s
%APPDATA%\*.
%systemdrive%\drivers\*.exe
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.* /90
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
%systemdrive%\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.*
%systemdrive%\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.*
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
/md5start
services.exe
/md5stop
%windir%\tasks\*.* /s

 

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto!
> Clique na área "Exames Personalizados/Correções".

 

 

> Clique em Ok para procurar um arquivo com exame personalizado.
> Clique "Abrir". ( scan.txt )

 

 

> Após colar as informações na área branca,clique em

 

> Concluindo,poste o relatório: OTL.txt << Link ao relatório!

> Para enviar,acesse: < >

 

> Maiores informações: < |Link| >

 

Abs!

[Lango 0]

Boa noite. Segue o link. Aproveito para informar que descobri o seguinte: só sou direcionado para o itau.com quando digito na barra de endereços do navegador. Se eu procurar (no google, por exemplo) e clicar no link do itaú, sou direcionado para o site correto...

 

http://cjoint.com/?DIxayAP7x3O

 

Obrigado,

 

Lango

[DigRam 144]

Bom Dia! Lango

 

> Estou removendo suas configurações de rede,mas coloquei instruções no script,para nova configuração.

> Elas estão em vermelho escuro,e se lhe são conhecidas,pode removê-las do script.
> Execute o OTL.exe.
> Copie estas informações que estão em vermelho,para o campo da ferramenta. ( "Exames Personalizados Correções" )

 

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva394.sys -- (XDva394)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva390.sys -- (XDva390)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva389.sys -- (XDva389)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ai4eulfu)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Users\Dionei\Downloads\THALES\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Users\Dionei\Downloads\THALES\Veetle\Player\npvlc.dll File not found
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O13 - gopher Prefix: missing
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O33 - MountPoints2\{097a0a61-4583-11e0-85ac-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{097a0a61-4583-11e0-85ac-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0d717c6f-477d-11e0-85ca-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{0d717c6f-477d-11e0-85ca-00235aef66bf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{27511c25-43e9-11df-80ab-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{27511c25-43e9-11df-80ab-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{27511c28-43e9-11df-80ab-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{27511c28-43e9-11df-80ab-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{317b0a7e-5cbc-11e3-b7c7-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{317b0a7e-5cbc-11e3-b7c7-00235aef66bf}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{3b0b3b6b-421a-11e1-92bd-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{3b0b3b6b-421a-11e1-92bd-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4748df39-9af1-11e3-995d-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{4748df39-9af1-11e3-995d-00235aef66bf}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{489d30b6-4ae0-11df-9f59-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{489d30b6-4ae0-11df-9f59-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4a2417fc-3abb-11e1-b18b-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{4a2417fc-3abb-11e1-b18b-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{55e57397-4ef7-11e0-b093-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{55e57397-4ef7-11e0-b093-00235aef66bf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{68e2bbde-356f-11e1-a4a9-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{68e2bbde-356f-11e1-a4a9-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{68e2bbf5-356f-11e1-a4a9-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{68e2bbf5-356f-11e1-a4a9-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{68e2bdfe-356f-11e1-a4a9-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{68e2bdfe-356f-11e1-a4a9-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{68e2be12-356f-11e1-a4a9-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{68e2be12-356f-11e1-a4a9-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{68e2be26-356f-11e1-a4a9-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{68e2be26-356f-11e1-a4a9-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8c9941f5-3bec-11e1-a7c7-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{8c9941f5-3bec-11e1-a7c7-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b14407f2-4584-11e0-86be-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{b14407f2-4584-11e0-86be-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cb95cb05-8d8e-11e2-a3bf-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{cb95cb05-8d8e-11e2-a3bf-00235aef66bf}\Shell\AutoRun\command - "" = E:\SISetup.exe
O33 - MountPoints2\{e96baef1-a485-11e3-84e5-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{e96baef1-a485-11e3-84e5-00235aef66bf}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{f7418216-9e34-11e3-a2a6-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{f7418216-9e34-11e3-a2a6-00235aef66bf}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{fc53eb72-40c1-11df-bad0-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{fc53eb72-40c1-11df-bad0-00235aef66bf}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fc53eb82-40c1-11df-bad0-00235aef66bf}\Shell - "" = AutoRun
O33 - MountPoints2\{fc53eb82-40c1-11df-bad0-00235aef66bf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DBC416F8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:010ADD2C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

 

:reg

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"Gopher"="gopher://"
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings"=hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,\
01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00
"SavedLegacySettings"=hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,\
00,00,c0,a8,83,41,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

 

:Files
C:\Users\Dionei\AppData\Local\{*}
ipconfig /flushdns /c
ipconfig /renew /c

 

:Commands
[CREATERESTOREPOINT]
[purity]
[resethosts]
[emptytemp]
[Reboot]

 

> Clique no botão Consertar.
> Aguarde a conclusão!
> O computador vai reiniciar!
> Ao surgir,novamente,clique "Executar".

 

 

> Para versões em Inglês,clique em "Run Fix".
> Para versões em Português,clique em "Consertar".
> Poste o relatório: C:\_OTL\MovedFiles\*.log

 

A+

[Lango 0]

Boa noite DigRam,

 

Ainda não segui os procedimentos por 2 motivos: primeiro, porque preciso utilizar o PC no trabalho e segundo porque fiquei meio na dúvida com relação à instrução, conforme abaixo:

 

> Estou removendo suas configurações de rede,mas coloquei instruções no script,para nova configuração.

> Elas estão em vermelho escuro,e se lhe são conhecidas,pode removê-las do script. (o vermelho escuro é a configuração a ser removida ou nova??)

 

Esclareço que trabalho no TJPR e os técnicos fizeram alguns ajustes para que eu pudesse acessar a rede corporativa.

 

Grato,

 

Dionei

[DigRam 144]

Boa Noite! Lango

 

 

Esclareço que trabalho no TJPR e os técnicos fizeram alguns ajustes para que eu pudesse acessar a rede corporativa.

> Já removi as entradas referentes ao domínio do TJPR.

> Pode executar o script na OTL.

 

A+