Remoçao de virus indesejaveis

por marcelobicca Sex 23 maio 2014, 22:06

ola eu passaei o programa adwcleaner e foi este relatorio

# AdwCleaner v3.210 - Relatório criado 23/05/2014 às 21:00:28
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Marcelo-PC - MARCELO
# Executando de : C:\Documents and Settings\Marcelo-PC\Meus documentos\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : IePluginService
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\apn
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\BonanzaDealsLive
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\IePluginService
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\QuickSet
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\rvlkl
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\SaveSenseLive
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\WinterSoft
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\WPM
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Download kEeper
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\DownloaD kkeepEr
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Downlooad keepeer
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\SearchNewTab
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\surf aned keep
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\YoutubeAdblocker
Pasta Deletada : C:\Arquivos de programas\AskPartnerNetwork
Pasta Deletada : C:\Arquivos de programas\BonanzaDeals
Pasta Deletada : C:\Arquivos de programas\BonanzaDealsLive
Pasta Deletada : C:\Arquivos de programas\Mobogenie
Pasta Deletada : C:\Arquivos de programas\SaveSense
Pasta Deletada : C:\Arquivos de programas\SaveSenseLive
Pasta Deletada : C:\Arquivos de programas\SupTab
Pasta Deletada : C:\Arquivos de programas\WebSearch
Pasta Deletada : C:\Arquivos de programas\Plus-HD-4.4
Pasta Deletada : C:\Arquivos de programas\Download kEeper
Pasta Deletada : C:\Arquivos de programas\DownloaD kkeepEr
Pasta Deletada : C:\Arquivos de programas\Downlooad keepeer
Pasta Deletada : C:\Arquivos de programas\SearchNewTab
Pasta Deletada : C:\Arquivos de programas\surf aned keep
Pasta Deletada : C:\Arquivos de programas\YoutubeAdblocker
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\BonanzaDealsLive
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\genienext
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\iLivid
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\Mobogenie
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\Popajar
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\PriceMeter
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\SaveSenseLive
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\SearchProtect
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\Plus-HD-4.4
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\awesomehp
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\EZDownloader
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Funmoods
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\newnext.me
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\OpenCandy
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\SaveSense
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\SupTab
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\UpdaterEX
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Menu Iniciar\Programas\SaveSense
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Mozilla\Firefox\Profiles\elwicow1.default\somotomoviestoolbar1
Pasta Deletada : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Mozilla\Firefox\Profiles\elwicow1.default\Extensions\7d04e0dd-e717-4311-bcbc-b7636adb99a5@300322bc-0824-4364-854a-6105e7ba1d2f.com
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\rvlkl.lnk
Arquivo Deletada : C:\Documents and Settings\Marcelo-PC\daemonprocess.txt
Arquivo Deletada : C:\Documents and Settings\Marcelo-PC\Menu Iniciar\Programas\iLivid.lnk
Arquivo Deletada : C:\Documents and Settings\Marcelo-PC\Desktop\iLivid.lnk
Arquivo Deletada : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Mozilla\Firefox\Profiles\elwicow1.default\searchplugins\WebSearch.xml
Arquivo Deletada : C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Arquivo Deletada : C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-4.4-chromeinstaller.job
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-4.4-codedownloader.job
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-4.4-enabler.job
Arquivo Deletada : C:\WINDOWS\Tasks\Plus-HD-4.4-firefoxinstaller.job

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Deletedo : HKCU\Software\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Valor Deletedo : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Valor Deletedo : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039676.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039676.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039676.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0039676.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{379D6345-4845-60D2-D392-983FD207F646}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{44B69201-7A1A-3333-77D6-254BEC25AE34}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6D6D7E62-EFA5-BE3B-81BC-3CFECA6E9889}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A45CCABD-8CED-6E42-C6C6-F92A3EF5BA18}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A9FAD26C-5A09-67B9-0A22-08954EE9B8EC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE460B67-7305-3E2A-D713-A97887FD2B97}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CBB1E76E-7C1E-A772-7D46-1DC57ED296F6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311961176}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322962276}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355965576}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366966676}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344964476}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311961176}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{379D6345-4845-60D2-D392-983FD207F646}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44B69201-7A1A-3333-77D6-254BEC25AE34}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D6D7E62-EFA5-BE3B-81BC-3CFECA6E9889}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A45CCABD-8CED-6E42-C6C6-F92A3EF5BA18}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A9FAD26C-5A09-67B9-0A22-08954EE9B8EC}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE460B67-7305-3E2A-D713-A97887FD2B97}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBB1E76E-7C1E-A772-7D46-1DC57ED296F6}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311961176}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{379D6345-4845-60D2-D392-983FD207F646}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44B69201-7A1A-3333-77D6-254BEC25AE34}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6D6D7E62-EFA5-BE3B-81BC-3CFECA6E9889}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A45CCABD-8CED-6E42-C6C6-F92A3EF5BA18}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A9FAD26C-5A09-67B9-0A22-08954EE9B8EC}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE460B67-7305-3E2A-D713-A97887FD2B97}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CBB1E76E-7C1E-A772-7D46-1DC57ED296F6}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{379D6345-4845-60D2-D392-983FD207F646}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44B69201-7A1A-3333-77D6-254BEC25AE34}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6D6D7E62-EFA5-BE3B-81BC-3CFECA6E9889}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A45CCABD-8CED-6E42-C6C6-F92A3EF5BA18}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A9FAD26C-5A09-67B9-0A22-08954EE9B8EC}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AE460B67-7305-3E2A-D713-A97887FD2B97}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBB1E76E-7C1E-A772-7D46-1DC57ED296F6}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30dd72ec-ef06-4d8a-9863-bb51f731a4f3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c7384153-bfec-44c1-aa2f-3486b9dea06a}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cdd16dd7-cf45-48ab-b3e4-1358109b0346}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{db94f07b-f18f-41f7-8ff5-2aa8b9cbf20e}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\iLivid\iLivid.exe]
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\iLivid\iLivid.exe]
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\ilivid
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\Popajar
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\SmileysWeLove
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKCU\Software\Plus-HD-4.4
Chave Deletedo : HKCU\Software\AppDataLow\SProtector
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\Plus-HD-4.4
Chave Deletedo : HKLM\Software\awesomehpSoftware
Chave Deletedo : HKLM\Software\IePlugin
Chave Deletedo : HKLM\Software\SafetyNut
Chave Deletedo : HKLM\Software\SaveSense
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\SProtector
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\Software\Plus-HD-4.4
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-4.4
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ARQUIV~1\SupTab\SEARCH~1.DLL
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Mozilla Firefox v

[ Arquivo : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Mozilla\Firefox\Profiles\elwicow1.default\prefs.js ]

Linha deletada : user_pref("browser.search.order.1", "WebSearch");
Linha deletada : user_pref("browser.search.defaultenginename", "WebSearch");
Linha deletada : user_pref("browser.search.selectedEngine", "WebSearch");
Linha deletada : user_pref("browser.search.defaulturl", "hxxp://websearch.search-guide.info/?pid=1696&r=2013/11/05&hid=17125323401355557606&lg=EN&cc=BR&unqvl=40&l=1&q=");
Linha deletada : user_pref("browser.search.order.1,S", "WebSearch");
Linha deletada : user_pref("browser.search.defaultenginename,S", "WebSearch");
Linha deletada : user_pref("browser.search.selectedEngine,S", "WebSearch");
Linha deletada : user_pref("keyword.URL", "hxxp://websearch.search-guide.info/?pid=1696&r=2013/11/05&hid=17125323401355557606&lg=EN&cc=BR&unqvl=40&l=1&q=");

-\\ Google Chrome v32.0.1700.102

[ Arquivo : C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [26419 octets] - [23/05/2014 20:43:29]
AdwCleaner[S0].txt - [23665 octets] - [23/05/2014 21:00:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23726 octets] ##########

aguardo contato

por **Power Max** Sex 23 maio 2014, 22:12

Olá Marcelo.

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Remoçao de virus indesejaveis 772309

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

por marcelobicca Sáb 24 maio 2014, 18:31

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Marcelo-PC on s b 24/05/2014 at 17:14:15,12.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Marcelo-PC\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

24/5/2014 17:16:38 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Documents and Settings\MARCEL~1\Dados de aplicativos\Mozilla\Firefox\Profiles\elwicow1.default\prefs.js:
user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=sft_hp_hao123_br");

Added to C:\Documents and Settings\MARCEL~1\Dados de aplicativos\Mozilla\Firefox\Profiles\elwicow1.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Documents and Settings\Marcelo-PC\AppData\LocalLow\{379D6345-4845-60D2-D392-983FD207F646} deleted
C:\Documents and Settings\Marcelo-PC\AppData\LocalLow\{44B69201-7A1A-3333-77D6-254BEC25AE34} deleted
C:\Documents and Settings\Marcelo-PC\AppData\LocalLow\{6D6D7E62-EFA5-BE3B-81BC-3CFECA6E9889} deleted
C:\Documents and Settings\Marcelo-PC\AppData\LocalLow\{A45CCABD-8CED-6E42-C6C6-F92A3EF5BA18} deleted
C:\Documents and Settings\Marcelo-PC\AppData\LocalLow\{A9FAD26C-5A09-67B9-0A22-08954EE9B8EC} deleted
C:\Documents and Settings\Marcelo-PC\AppData\LocalLow\{AE460B67-7305-3E2A-D713-A97887FD2B97} deleted
C:\Documents and Settings\Marcelo-PC\AppData\LocalLow\{CBB1E76E-7C1E-A772-7D46-1DC57ED296F6} deleted
C:\Documents and Settings\Marcelo-PC\.android deleted
C:\Arquivos de programas\Sk.Enhancer deleted
C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk deleted
C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\SmileysWeLove deleted
C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\DRPSu deleted
C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\GetRightToGo deleted
C:\Documents and Settings\NetworkService\Dados de aplicativos\SaveSense deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\YoutubeBookmark deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\boost_interprocess deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallMate deleted
C:\WINDOWS\tasks\At12.job deleted
C:\WINDOWS\tasks\At1.job deleted
C:\WINDOWS\tasks\At2.job deleted
C:\WINDOWS\tasks\At3.job deleted
C:\WINDOWS\tasks\At4.job deleted
C:\Documents and Settings\MARCEL~1\Dados de aplicativos\Mozilla\Firefox\Profiles\elwicow1.default\extensions\staged deleted
C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\unins000.exe deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\a58d3b21c78f61e5\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\a58d3b21c78f61e5\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.old" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\a58d3b21c78f61e5\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\a58d3b21c78f61e5\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}.old" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\a58d3b21c78f61e5\{C1A27135-69EB-8D44-7358-34727DD7B820}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\a58d3b21c78f61e5\{C1A27135-69EB-8D44-7358-34727DD7B820}.old" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\a58d3b21c78f61e5\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\a58d3b21c78f61e5\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.old" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\a58d3b21c78f61e5\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\a58d3b21c78f61e5\{E32743D3-5789-6E4F-3998-06FB87C9214B}.old" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\a58d3b21c78f61e5" deleted
"C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\GrabPro" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [02/11/2013 07:37]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8874}"="C:\Documents and Settings\Marcelo-PC\Configura‡äes locais\Dados de aplicativos\GAS Tecnologia\GBBD\abn\xpi" [18/12/2013 10:26]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\MARCEL~1\Dados de aplicativos\Mozilla\Firefox\Profiles\elwicow1.default
- SaveSense - C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Mozilla\Firefox\Profiles\elwicow1.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
- SaveSense - %ProfilePath%\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
- SmileysWeLove: Smileys for use with Facebook GMail and more - %ProfilePath%\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Mozilla\Firefox\Profiles\elwicow1.default
025BBEF5A248B09BDC6684747F6EB5BC - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
C2321043FA2CA4C32FF449DE6116B5D9 - C:\WINDOWS\system32\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director
14365399E83D7BC15760E8676E890C87 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
F9174E52953C2EDB35E4E634F6228F66 - C:\WINDOWS\system32\npptools.dll - Sistema operacional Microsoft® Windows®

==== Deleted Firefox Extensions ======================

C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Mozilla\Firefox\Profiles\elwicow1.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36} deleted
C:\Documents and Settings\MARCEL~1\Dados de aplicativos\Mozilla\Firefox\Profiles\elwicow1.default\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Arquivos de programas\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[31/10/2013 16:08]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 14:24]
pppagaglfkmlpgobnlenhknilehpmcbo - C:\Arquivos de programas\PSafe\PSafeAV\safemon\360webshield.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Documents and Settings\Marcelo-PC\Configura‡äes locais\Dados de aplicativos\GAS Tecnologia\GBBD\abn\sf.crx[03/01/2014 12:46]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=bbl_pay_hp_02_hao123_br"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on Users Desktops ======================

C:\Documents and Settings\Marcelo-PC\Desktop\Atalho para Sims2EP2.lnk - C:\Arquivos de programas\EA GAMES\The Sims 2 Deluxe\EP2\TSBin\Sims2EP2.exe
C:\Documents and Settings\Marcelo-PC\Desktop\Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marcelo-PC\Desktop\Internet.lnk -
C:\Documents and Settings\Marcelo-PC\Desktop\Meus documentos.lnk - C:\Documents and Settings\Marcelo-PC\Meus documentos
C:\Documents and Settings\Marcelo-PC\Desktop\PhotoScape.lnk - C:\Arquivos de programas\PhotoScape\PhotoScape.exe
C:\Documents and Settings\Marcelo-PC\Desktop\TibiaTunnel.lnk - C:\Arquivos de programas\TibiaTunnel\TibiaTunnel.exe

==== shortcuts on All Users Desktop ======================

C:\Documents and Settings\All Users\Desktop\CCleaner.lnk - C:\Arquivos de programas\CCleaner\CCleaner.exe
C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series.lnk - C:\Arquivos de programas\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe -Start UDCDevicePage
C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk - C:\Arquivos de programas\Real\RealPlayer\realplay.exe /launch:desktop
C:\Documents and Settings\All Users\Desktop\Skype.lnk - C:\WINDOWS\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk - C:\Arquivos de programas\TeamSpeak 3 Client\ts3client_win32.exe
C:\Documents and Settings\All Users\Desktop\Tibia.lnk - C:\Arquivos de programas\Tibia\Tibia.exe
C:\Documents and Settings\All Users\Desktop\VLC media player.lnk - C:\Arquivos de programas\VideoLAN\VLC\vlc.exe

==== shortcuts in All Users Start Menu ======================

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Word 2003.lnk - C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Arquivos de programas\Microsoft Silverlight\4.0.60310.0\Silverlight.Configuration.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Tibiacast\Readme.lnk - C:\WINDOWS\Installer\{78AE9107-5BF4-43CC-AA47-233C985138BE}\_33F157A5739B2A7AF47D11.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Tibiacast\Tibiacast.lnk - C:\WINDOWS\Installer\{78AE9107-5BF4-43CC-AA47-233C985138BE}\_71E40EA9B281194CC64493.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\TibiaTunnel\TibiaTunnel.lnk - C:\Arquivos de programas\TibiaTunnel\TibiaTunnel.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\TibiaTunnel\Uninstall TibiaTunnel.lnk - C:\Arquivos de programas\TibiaTunnel\unins000.exe

==== shortcuts in Quick Launch ======================

C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar Microsoft Office Outlook.lnk - C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE /recycle
C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Arquivos de programas\PhotoScape\PhotoScape.exe
C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1DEACCF8-D45B-8835-C199-909027186463} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5B6C3D44-66EC-CC82-B246-221D73DC7108} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{664EF162-19DB-EA44-80DB-CBFF4C80BE28} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{815B715A-0C87-031E-B2BE-73E134907AC3} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C73F85DB-8D00-2E1F-FF17-6C9CCD6AE799} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ED4B5001-A925-7130-59B7-460C3F65389F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F7E52B19-0142-9435-285C-258A780DA17C} deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvUpdater deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Marcelo-PC\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=136 folders=67 15375374 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== EOF on s b 24/05/2014 at 17:30:42,39 ======================

por **Power Max** Sáb 24 maio 2014, 18:33

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por marcelobicca Sáb 24 maio 2014, 20:26

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Marcelo-PC on s b 24/05/2014 at 19:14:10,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu"

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on s b 24/05/2014 at 19:19:17,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Sáb 24 maio 2014, 20:30

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

por marcelobicca Sáb 24 maio 2014, 22:39

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/5/2014)
~ Iniciado por Marcelo-PC (24/5/2014 21:37:12)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found

---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v32.0.1700.102 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2007

---\\ Softwares d'optimização do sistema
CCleaner v4.07

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1789 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 99 GB (66%) free of 149 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MARCELO
~ User Name: Marcelo-PC
~ All Users Names: SUPPORT_388945a0, Marcelo-PC, HelpAssistant, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Marcelo-PC\Desktop\
~ %Favorites% : C:\Documents and Settings\Marcelo-PC\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Marcelo-PC\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 99 Go of 149 Go)
E: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 15:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.E2FFA50357056ADE4FCDB5FD09F9D2FF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/3/2014 - 13:58:35.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 15:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 09:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 07:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 08:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 07:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 14:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 05:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 14:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 07:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 07:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 08:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 09:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 08:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 08:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 15:34:10.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 08:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 14:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 14:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/2340
~ Mes musiques (My Musics) : 1/208
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 2/7450
~ Mon Bureau (My Desktop) : 0/1416
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 09s

---\\ Processos lançados
[MD5.7A189530FD0CFD415DBE41123F8A6A59] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1376]
[MD5.E4B4751917DE8620B58A5C91062BBC5F] - (.Motorola Inc. - SM56 Modem Helper.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe [1466368] [PID.1984]
[MD5.A846816E1C18A53BEBD02CB08F351552] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [20118088] [PID.1992]
[MD5.736E57247F12EACECDB224B8D1F7F187] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe [3568312] [PID.2032]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254336] [PID.2040]
[MD5.77430E8234A0050ECCC5E2F5B30A7BEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.1280]
[MD5.A6CCD2E757C35B16A1A0DC5D9DC3FB84] - (...) -- C:\WINDOWS\system32\LocalServer\service.exe [89992] [PID.1352]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.1544]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2356]
[MD5.C89DE637D974C281F5562C03A9EF15FA] - (.TibiaTunnel - TibiaTunnel.) -- C:\Arquivos de programas\TibiaTunnel\TibiaTunnel.exe [2144768] [PID.3260]
[MD5.6C50ED401AC0E8D7D19C059EC891C584] - (.www.networktunnel.net - ss5cap engine.) -- C:\Arquivos de programas\TibiaTunnel\ss5capengine_tibiatunnel.exe [1442160] [PID.3768]
[MD5.F33F8BCDD0E5CE9552F12C79BE908BC5] - (.PuTTY - PuTTY Tray.) -- C:\Arquivos de programas\TibiaTunnel\putty.exe [659456] [PID.2880]
[MD5.9D4A0ECBF734E2EECDD5B473A2D705FE] - (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe [20922016] [PID.1100]
[MD5.9B593137FBCC7C1E5D0E4A422749D9A5] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [866584] [PID.3116]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [7879168] [PID.2304]
~ Processes Running: Scanned in 00mn 01s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_abn.dll
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SMSERIAL] . (.Motorola Inc. - SM56 Modem Helper.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SiSPower] . (.Silicon Integrated Systems Corporation - Dynamic link library for setting Power Sche.) -- C:\WINDOWS\system32\SiSPower.dll
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-117609710-515967899-1801674531-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Network Tunnel Lab - Network Tunnel Lab LSP.) -- C:\WINDOWS\system32\networkdlllsp.dll
~ Winsock: 4 Legitimates Filtered in 00mn 00s

---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E54FBCD-7FF8-4D22-B62E-C50DCF22DA32}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E54FBCD-7FF8-4D22-B62E-C50DCF22DA32}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E54FBCD-7FF8-4D22-B62E-C50DCF22DA32}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: LocalServiceSystem (LocalServiceSystem) . (...) - C:\WINDOWS\system32\LocalServer\service.exe
~ Services: 6 Legitimates Filtered in 00mn 04s

---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\Web\Wallpaper\Alegria.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (EfiMon) . (.360安全中心 - 360Efimon Driver.) - C:\WINDOWS\system32\Drivers\Efimon.sys
O41 - Driver: ({c70d4e8d-761d-40c7-82e8-a90cc6de86c6}t) . (.StdLib - StdLib.) - C:\WINDOWS\system32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}t.sys =>PUP.LinkiDoo
~ Drivers: 93 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\GbAs]
[HKLM\Software\Baidu Security]
[HKLM\Software\Sakura]
[HKLM\Software\iBot]
~ Key Software: 334 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/3/2014 - 17:10:11 - [] ----D C:\Arquivos de programas\Baidu Security
O43 - CFD: 22/3/2014 - 08:56:09 - [0] ----D C:\Arquivos de programas\BeatTool
O43 - CFD: 14/5/2014 - 08:52:23 - [0] ----D C:\Arquivos de programas\RBM
O43 - CFD: 31/10/2013 - 12:07:22 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 31/10/2013 - 12:07:12 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 20/4/2014 - 14:28:03 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
O43 - CFD: 22/1/2014 - 19:53:30 - [] ----D C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\360safe
O43 - CFD: 22/1/2014 - 20:02:41 - [] ----D C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\360WD
O43 - CFD: 22/1/2014 - 19:49:26 - [] ----D C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\rmi
O43 - CFD: 31/10/2013 - 12:50:43 - [] R---D C:\Documents and Settings\Marcelo-PC\Menu Iniciar\Programas\Acessórios
O43 - CFD: 4/11/2013 - 03:31:07 - [] R---D C:\Documents and Settings\Marcelo-PC\Menu Iniciar\Programas\Inicializar
~ Program Folder: 124 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.EE19B3C971CA2687953766098B4791E2] - 12/5/2014 - 14:29:27 ---A- . (.StdLib - StdLib.) -- C:\WINDOWS\system32\Drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}t.sys [55232] =>PUP.LinkiDoo
O44 - LFC:[MD5.02393E44034EF9021A44798AA590C993] - 13/5/2014 - 19:04:30 ---A- . (...) -- C:\WINDOWS\win.ini [675]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 23/5/2014 - 20:44:05 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576]
O44 - LFC:[MD5.BF6AC5B002BFD091AAF77EC38184B74A] - 24/5/2014 - 17:30:42 ---A- . (...) -- C:\zoek-results.log [17909]
O44 - LFC:[MD5.7848C96520C7A4707D723F34BE627FEF] - 24/5/2014 - 19:41:27 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.AF92F3CF1DE69502D66677FDAEEA61E0] - 24/5/2014 - 19:41:28 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
~ Files: 14 Legitimates Filtered in 00mn 03s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Naver\LINE\Line.exe" [Enabled] .(...) -- C:\Arquivos de programas\Naver\LINE\Line.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\TibiaTunnel\TibiaTunnel.exe" [Enabled] .(.TibiaTunnel.) -- C:\Arquivos de programas\TibiaTunnel\TibiaTunnel.exe
~ Keys Export: 11 Legitimates Filtered in 00mn 00s

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
~ MWPS: 8 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/10/2013 - 16:08:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:31/10/2013 - 16:08:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [178304] =>.ALWIL Software
O58 - SDL:28/10/2001 - 11:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:22/1/2014 - 19:53:07 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\WINDOWS\system32\Drivers\efimon.sys [23624]
O58 - SDL:13/4/2008 - 05:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:22/1/2014 - 19:53:08 ---A- . (.360安全中心 - 360安全卫士 - HookPort.) -- C:\WINDOWS\system32\Drivers\hookport.sys [75832]
O58 - SDL:28/10/2001 - 11:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:28/10/2001 - 11:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:24/4/2014 - 12:27:02 ---A- . (.StdLib - StdLib.) -- C:\WINDOWS\system32\Drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}t.sys [55232] =>PUP.LinkiDoo
O58 - SDL:28/10/2001 - 11:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:28/10/2001 - 11:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:28/10/2001 - 11:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:28/10/2001 - 11:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:13/4/2008 - 05:50:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:28/10/2001 - 11:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:28/10/2001 - 11:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:28/10/2001 - 11:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:28/10/2001 - 11:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:28/10/2001 - 11:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:13/4/2008 - 05:49:48 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:13/4/2008 - 05:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:13/4/2008 - 05:49:40 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:13/4/2008 - 05:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:13/4/2008 - 05:49:42 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 50 Legitimates Filtered in 00mn 01s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 22/1/2014 - C:\WINDOWS\system32\Drivers\Efimon.sys (EfiMon) .(.360安全中心 - 360Efimon Driver.) - LEGACY_EFIMON
O64 - Services: CurCS - 22/1/2014 - C:\WINDOWS\system32\Drivers\Hookport.sys (HookPort) .(.360安全中心 - 360安全卫士 - HookPort.) - LEGACY_HOOKPORT
O64 - Services: CurCS - 28/1/2014 - C:\WINDOWS\system32\LocalServer\service.exe (LocalServiceSystem) .(...) - LEGACY_LOCALSERVICESYSTEM
O64 - Services: CurCS - 14/8/2013 - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks Downloader Resolver Service) .(...) - LEGACY_REALNETWORKS_DOWNLOADER_RESOLVER_SERVICE
O64 - Services: CurCS - 24/4/2014 - C:\WINDOWS\system32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}t.sys ({c70d4e8d-761d-40c7-82e8-a90cc6de86c6}t) .(.StdLib - StdLib.) - LEGACY_{C70D4E8D-761D-40C7-82E8-A90CC6DE86C6}T =>PUP.LinkiDoo
~ Legacy: 132 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B6D15B4B36E63F6F63D1FC793BD96D8A] [SPRF][4/11/2013] (...) -- C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\unins000.dat [15366]
[MD5.77120B7C8FE0983B6E84B9A19649B39A] [SPRF][18/12/2011] (...) -- C:\Documents and Settings\Marcelo-PC\Desktop\NeoMc.exe [9728]
[MD5.FB9DA1DD951232244203558A96E8FF66] [SPRF][7/2/2013] (.No owner - AntiDust Tool.) -- C:\Arquivos de programas\AntiDust.exe [50330]
~ Files: 3 Legitimates Filtered in 00mn 00s

---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{0E80F46B-7BBF-3FEC-63DE-52F62BD67E77}] (Download keeper) =>PUP.DownloadKeeper
[HKCR\CLSID\{21D47F3F-C6DD-55C8-C0E1-DA593FE6D1F7}] (YoutubeAdblocker) =>PUP.Multiplug
[HKCR\CLSID\{70C80620-8D49-DE4F-9280-791DEFDDCB38}] (SearchNewTab) =>Adware.FastSaveApp
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense
~ BCK: 4765 Legitimates Filtered in 00mn 06s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/5/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 30/1/2014 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 30/1/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SR - | Auto 8/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 14/4/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 28/1/2014 89992 | (LocalServiceSystem) . (...) - C:\WINDOWS\system32\LocalServer\service.exe
SR - | Auto 14/8/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
~ Services: Scanned in 00mn 07s

---\\ Scâner Aditional (088)
Database Version : 13029 - (24/5/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4

[HKCR\CLSID\{0E80F46B-7BBF-3FEC-63DE-52F62BD67E77}] (Download keeper) =>PUP.DownloadKeeper^
[HKCR\CLSID\{21D47F3F-C6DD-55C8-C0E1-DA593FE6D1F7}] (YoutubeAdblocker) =>PUP.Multiplug^
[HKCR\CLSID\{70C80620-8D49-DE4F-9280-791DEFDDCB38}] (SearchNewTab) =>Adware.FastSaveApp^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class) =>PUP.SaveSense^
~ Additionnel Scan: 167956 Items scanned in 00mn 28s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DownloadKeeper
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.FastSaveApp
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SaveSense
~ MSI: 4 link(s) detected in 00mn 00s

~ 774 Legitimates filtered by white list
End of the scan (455 lines in 01mn 11s)(0)

por **Power Max** Sáb 24 maio 2014, 22:57

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Remoçao de virus indesejaveis 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por marcelobicca Dom 25 maio 2014, 13:26

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Marcelo-PC at 25/5/2014 12:25:21
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
{C70D4E8D-761D-40C7-82E8-A90CC6DE86C6}T Parado

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: {c70d4e8d-761d-40c7-82e8-a90cc6de86c6}t
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKCR\CLSID\{0E80F46B-7BBF-3FEC-63DE-52F62BD67E77}
ELIMINÉ: HKCR\CLSID\{21D47F3F-C6DD-55C8-C0E1-DA593FE6D1F7}
ELIMINÉ: HKCR\CLSID\{70C80620-8D49-DE4F-9280-791DEFDDCB38}
ELIMINÉ: HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}

========== Valores do Registo ==========
ELIMINÉ AAKE KeyValue: C:\Arquivos de programas\Naver\LINE\Line.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\{c70d4e8d-761d-40c7-82e8-a90cc6de86c6}t.sys
ELIMINÉ Temporários windows (121) (2.236.122 octets)
ELIMINÉ Flash Cookies (1) (234 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
10 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Estado dos serviços
1 : Restauração Sistema

End of clean in 00mn 12s

========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 25/5/2014 12:25:23 [1836]

por **Power Max** Dom 25 maio 2014, 13:54

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por marcelobicca Dom 25 maio 2014, 23:19

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/5/2014)
~ Iniciado por Marcelo-PC (25/5/2014 22:17:07)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found

---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v32.0.1700.102 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2007

---\\ Softwares d'optimização do sistema
CCleaner v4.07

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1789 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 103 GB (68%) free of 149 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MARCELO
~ User Name: Marcelo-PC
~ All Users Names: SUPPORT_388945a0, Marcelo-PC, HelpAssistant, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Marcelo-PC\Desktop\
~ %Favorites% : C:\Documents and Settings\Marcelo-PC\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Marcelo-PC\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 103 Go of 149 Go)
E: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 15:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.E2FFA50357056ADE4FCDB5FD09F9D2FF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/3/2014 - 13:58:35.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 15:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 09:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 07:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 08:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 07:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 14:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 05:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 14:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 07:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 07:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 08:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 09:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 08:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 08:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 15:34:10.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 08:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 14:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 14:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/2340
~ Mes musiques (My Musics) : 1/208
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 2/7444
~ Mon Bureau (My Desktop) : 0/1419
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 14s

---\\ Processos lançados
[MD5.7A189530FD0CFD415DBE41123F8A6A59] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1352]
[MD5.E4B4751917DE8620B58A5C91062BBC5F] - (.Motorola Inc. - SM56 Modem Helper.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe [1466368] [PID.256]
[MD5.A846816E1C18A53BEBD02CB08F351552] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [20118088] [PID.264]
[MD5.736E57247F12EACECDB224B8D1F7F187] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe [3568312] [PID.396]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254336] [PID.388]
[MD5.77430E8234A0050ECCC5E2F5B30A7BEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.1504]
[MD5.A6CCD2E757C35B16A1A0DC5D9DC3FB84] - (...) -- C:\WINDOWS\system32\LocalServer\service.exe [89992] [PID.1440]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.1944]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2744]
[MD5.C89DE637D974C281F5562C03A9EF15FA] - (.TibiaTunnel - TibiaTunnel.) -- C:\Arquivos de programas\TibiaTunnel\TibiaTunnel.exe [2144768] [PID.3936]
[MD5.6C50ED401AC0E8D7D19C059EC891C584] - (.www.networktunnel.net - ss5cap engine.) -- C:\Arquivos de programas\TibiaTunnel\ss5capengine_tibiatunnel.exe [1442160] [PID.1620]
[MD5.F33F8BCDD0E5CE9552F12C79BE908BC5] - (.PuTTY - PuTTY Tray.) -- C:\Arquivos de programas\TibiaTunnel\putty.exe [659456] [PID.1752]
[MD5.2AA1614EE07205B6E508358CEC3DC39F] - (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Arquivos de programas\TeamSpeak 3 Client\ts3client_win32.exe [9266120] [PID.2352]
[MD5.9B593137FBCC7C1E5D0E4A422749D9A5] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [866584] [PID.2044]
[MD5.DDBE89226D55D694F1B7B3DD0C324640] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Arquivos de programas\RealNetworks\RealDownloader\recordingmanager.exe [233048] [PID.3844]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [7879168] [PID.3804]
~ Processes Running: Scanned in 00mn 02s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\Marcelo-PC\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_abn.dll
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SMSERIAL] . (.Motorola Inc. - SM56 Modem Helper.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SiSPower] . (.Silicon Integrated Systems Corporation - Dynamic link library for setting Power Sche.) -- C:\WINDOWS\system32\SiSPower.dll
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-117609710-515967899-1801674531-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Network Tunnel Lab - Network Tunnel Lab LSP.) -- C:\WINDOWS\system32\networkdlllsp.dll
~ Winsock: 4 Legitimates Filtered in 00mn 00s

---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E54FBCD-7FF8-4D22-B62E-C50DCF22DA32}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E54FBCD-7FF8-4D22-B62E-C50DCF22DA32}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E54FBCD-7FF8-4D22-B62E-C50DCF22DA32}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: LocalServiceSystem (LocalServiceSystem) . (...) - C:\WINDOWS\system32\LocalServer\service.exe
~ Services: 6 Legitimates Filtered in 00mn 05s

---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\Web\Wallpaper\Alegria.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\Web\Wallpaper\Alegria.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (EfiMon) . (.360安全中心 - 360Efimon Driver.) - C:\WINDOWS\system32\Drivers\Efimon.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\GbAs]
[HKLM\Software\Sakura]
[HKLM\Software\iBot]
~ Key Software: 333 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/5/2014 - 08:52:23 - [0] ----D C:\Arquivos de programas\RBM
O43 - CFD: 31/10/2013 - 12:07:22 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 31/10/2013 - 12:07:12 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 22/1/2014 - 19:53:30 - [] ----D C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\360safe
O43 - CFD: 22/1/2014 - 20:02:41 - [] ----D C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\360WD
O43 - CFD: 22/1/2014 - 19:49:26 - [] ----D C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\rmi
O43 - CFD: 31/10/2013 - 12:50:43 - [] R---D C:\Documents and Settings\Marcelo-PC\Menu Iniciar\Programas\Acessórios
O43 - CFD: 4/11/2013 - 03:31:07 - [] R---D C:\Documents and Settings\Marcelo-PC\Menu Iniciar\Programas\Inicializar
~ Program Folder: 121 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.02393E44034EF9021A44798AA590C993] - 13/5/2014 - 19:04:30 ---A- . (...) -- C:\WINDOWS\win.ini [675]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 23/5/2014 - 20:44:05 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576]
O44 - LFC:[MD5.BF6AC5B002BFD091AAF77EC38184B74A] - 24/5/2014 - 17:30:42 ---A- . (...) -- C:\zoek-results.log [17909]
O44 - LFC:[MD5.CBCE2AC97F5ED16DED0A02B435ABC1ED] - 25/5/2014 - 18:49:31 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.C778C72A930C51D21DD0134B7350EFC9] - 25/5/2014 - 18:49:32 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
~ Files: 14 Legitimates Filtered in 00mn 06s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\TibiaTunnel\TibiaTunnel.exe" [Enabled] .(.TibiaTunnel.) -- C:\Arquivos de programas\TibiaTunnel\TibiaTunnel.exe
~ Keys Export: 10 Legitimates Filtered in 00mn 00s

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
~ MWPS: 8 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/10/2013 - 16:08:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:31/10/2013 - 16:08:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [178304] =>.ALWIL Software
O58 - SDL:28/10/2001 - 11:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:22/1/2014 - 19:53:07 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\WINDOWS\system32\Drivers\efimon.sys [23624]
O58 - SDL:13/4/2008 - 05:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:22/1/2014 - 19:53:08 ---A- . (.360安全中心 - 360安全卫士 - HookPort.) -- C:\WINDOWS\system32\Drivers\hookport.sys [75832]
O58 - SDL:28/10/2001 - 11:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:28/10/2001 - 11:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:28/10/2001 - 11:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:28/10/2001 - 11:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:28/10/2001 - 11:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:28/10/2001 - 11:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:13/4/2008 - 05:50:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:28/10/2001 - 11:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:28/10/2001 - 11:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:28/10/2001 - 11:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:28/10/2001 - 11:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:28/10/2001 - 11:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:13/4/2008 - 05:49:48 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:13/4/2008 - 05:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:13/4/2008 - 05:49:40 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:13/4/2008 - 05:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:13/4/2008 - 05:49:42 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 49 Legitimates Filtered in 00mn 03s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 22/1/2014 - C:\WINDOWS\system32\Drivers\Efimon.sys (EfiMon) .(.360安全中心 - 360Efimon Driver.) - LEGACY_EFIMON
O64 - Services: CurCS - 22/1/2014 - C:\WINDOWS\system32\Drivers\Hookport.sys (HookPort) .(.360安全中心 - 360安全卫士 - HookPort.) - LEGACY_HOOKPORT
O64 - Services: CurCS - 28/1/2014 - C:\WINDOWS\system32\LocalServer\service.exe (LocalServiceSystem) .(...) - LEGACY_LOCALSERVICESYSTEM
O64 - Services: CurCS - 14/8/2013 - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks Downloader Resolver Service) .(...) - LEGACY_REALNETWORKS_DOWNLOADER_RESOLVER_SERVICE
~ Legacy: 133 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B6D15B4B36E63F6F63D1FC793BD96D8A] [SPRF][4/11/2013] (...) -- C:\Documents and Settings\Marcelo-PC\Dados de aplicativos\unins000.dat [15366]
[MD5.77120B7C8FE0983B6E84B9A19649B39A] [SPRF][18/12/2011] (...) -- C:\Documents and Settings\Marcelo-PC\Desktop\NeoMc.exe [9728]
[MD5.FB9DA1DD951232244203558A96E8FF66] [SPRF][7/2/2013] (.No owner - AntiDust Tool.) -- C:\Arquivos de programas\AntiDust.exe [50330]
~ Files: 3 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/5/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 30/1/2014 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 30/1/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SR - | Auto 8/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 14/4/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 28/1/2014 89992 | (LocalServiceSystem) . (...) - C:\WINDOWS\system32\LocalServer\service.exe
SR - | Auto 14/8/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
~ Services: Scanned in 00mn 09s

---\\ Scâner Aditional (088)
Database Version : 13029 - (24/5/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 167951 Items scanned in 00mn 33s

~ 758 Legitimates filtered by white list
End of the scan (421 lines in 01mn 32s)(0)

por **Power Max** Seg 26 maio 2014, 00:00

Como está o PC depois destes procedimentos?

por marcelobicca Seg 26 maio 2014, 10:25

ola acredito que esteja melhor estava precupado com algumas travadas que ele tinha constante, chevaga a travar por alguns segundos e voltava.

agora pode me dizem quais virus estava no pc e o que eles faziam ?

por **Power Max** Seg 26 maio 2014, 10:55

Basicamente o que havia no seu PC eram adwares (que alteram a página inicial dos navegadores, mostram propagandas irritantes, etc.).

isso aí!

Fico feliz que o problema tenha sido resolvido.

Remoçao de virus indesejaveis 772309

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

Remoçao de virus indesejaveis 772309

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

Remoçao de virus indesejaveis 648673379

Foi um prazer ajudar. Conte sempre conosco!

por **Danii** Seg 26 maio 2014, 11:12

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Remoçao de virus indesejaveis

Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Re: Remoçao de virus indesejaveis

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30