Problemas com certificado ce_umbrella

por vanessa machado Seg 28 Jul 2014, 19:53

Pelo visto eu sou mais uma com este mesmo problema, então gostaria de solicitar a ajuda de vocês para resolver este problema.
Baseado no que vi em outros tópicos baixei o programa adwcleaner e rodei no meu pc. Segue abaixo o resultado.

# AdwCleaner v3.301 - Relatório criado 28/07/2014 às 19:44:03
# Atualizado 28/07/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (32 bits)
# Usuário : usuario - USUARIO-PC
# Executando de : C:\Users\usuario\Contacts\Documents\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : xmkysecqun32

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Users\usuario\AppData\Roaming\baidu
Arquivo Deletada : C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tarefas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKCU\Software\InstallCore

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v

[ Arquivo : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\j2dv9l32.default\prefs.js ]

-\\ Google Chrome v36.0.1985.125

[ Arquivo : C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [12788 octets] - [25/06/2014 23:04:44]
AdwCleaner[R1].txt - [948 octets] - [25/06/2014 23:26:39]
AdwCleaner[R2].txt - [1067 octets] - [25/06/2014 23:54:32]
AdwCleaner[R3].txt - [1366 octets] - [26/06/2014 01:14:25]
AdwCleaner[R4].txt - [1911 octets] - [28/07/2014 19:41:51]
AdwCleaner[S0].txt - [12577 octets] - [25/06/2014 23:07:19]
AdwCleaner[S1].txt - [1005 octets] - [25/06/2014 23:45:05]
AdwCleaner[S2].txt - [1126 octets] - [25/06/2014 23:56:36]
AdwCleaner[S3].txt - [1422 octets] - [26/06/2014 01:15:45]
AdwCleaner[S4].txt - [1889 octets] - [28/07/2014 19:44:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1949 octets] ##########

por **Power Max** Seg 28 Jul 2014, 20:05

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Problemas com certificado ce_umbrella 772309

Problemas com certificado ce_umbrella 772309

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

por vanessa machado Seg 28 Jul 2014, 20:50

Zoek.exe v5.0.0.0 Updated 28-07-2014
Tool run by usuario on 28/07/2014 at 20:14:48,39.

Running in: Normal Mode Internet Access Detected
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\usuario\Contacts\Documents\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

28/07/2014 20:24:01 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\j2dv9l32.default\prefs.js:
user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br");
user_pref("keyword.URL", "http://br.yhs4.search.yahoo.com/yhs/search");

Added to C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\j2dv9l32.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Program Files\Mozilla Firefox\browser\searchplugins\search_the_web.xml deleted
C:\PROGRA~2\Avg_Update_0214d deleted
C:\PROGRA~2\boost_interprocess deleted
C:\Users\usuario\AppData\Local\avgchrome deleted
C:\Users\usuario\Searches deleted
C:\Windows\tasks\0214dUpdateInfo.job deleted
C:\Windows\system32\tasks\0214dUpdateInfo deleted
C:\Windows\System32\InstallUtil.InstallLog deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\usuario\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\j2dv9l32.default
- BonanzaDeals - %ProfilePath%\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\j2dv9l32.default
FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update

==== Deleted Firefox Extensions ======================

C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\j2dv9l32.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi deleted

==== Chrome Look ======================

Google Docs - usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== Reset Google Chrome ======================

C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2292371893-2960214996-2512722399-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully
HKEY_USERS\S-1-5-21-2292371893-2960214996-2512722399-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2292371893-2960214996-2512722399-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D} deleted successfully
HKEY_USERS\S-1-5-21-2292371893-2960214996-2512722399-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873} deleted successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:51689;https=127.0.0.1:51689"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\usuario\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\usuario\AppData\Local\Mozilla\Firefox\Profiles\j2dv9l32.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=14 folders=5 2793185 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\usuario\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\usuario\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 28/07/2014 at 20:42:11,30 ======================

por **Power Max** Seg 28 Jul 2014, 20:57

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

por vanessa machado Seg 28 Jul 2014, 21:33

olá não estou conseguindo executar este programa, aparece muito rápido uma janela com uma mensagem abort.

por **Power Max** Seg 28 Jul 2014, 21:38

inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede (ou Modo seguro). Quando o PC estiver em modo seguro com rede faça a limpeza com o Junkware como lhe passei.

Se mesmo assim não for possível, me avise.

por vanessa machado Seg 28 Jul 2014, 22:00

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by usuario on 28/07/2014 at 21:49:38,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2292371893-2960214996-2512722399-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2292371893-2960214996-2512722399-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateDealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateDealKeeper_RASMANCS

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\usuario\AppData\Roaming\baidu"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/07/2014 at 21:51:51,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Seg 28 Jul 2014, 22:07

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

por vanessa machado Seg 28 Jul 2014, 23:59

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Protection, 28/07/2014 22:11:53, SYSTEM, USUARIO-PC, Protection, Malware Protection, Starting,
Protection, 28/07/2014 22:11:53, SYSTEM, USUARIO-PC, Protection, Malware Protection, Started,
Protection, 28/07/2014 22:11:53, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Starting,
Update, 28/07/2014 22:12:22, SYSTEM, USUARIO-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,
Update, 28/07/2014 22:12:45, SYSTEM, USUARIO-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.28.7,
Protection, 28/07/2014 22:12:46, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Started,
Protection, 28/07/2014 22:14:39, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 28/07/2014 22:14:39, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 28/07/2014 22:14:39, SYSTEM, USUARIO-PC, Protection, Malware Protection, Stopping,
Protection, 28/07/2014 22:14:40, SYSTEM, USUARIO-PC, Protection, Malware Protection, Stopped,
Protection, 28/07/2014 22:15:28, SYSTEM, USUARIO-PC, Protection, Malware Protection, Starting,
Protection, 28/07/2014 22:15:28, SYSTEM, USUARIO-PC, Protection, Malware Protection, Started,
Protection, 28/07/2014 22:15:28, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Starting,
Protection, 28/07/2014 22:15:30, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Started,
Update, 28/07/2014 22:15:46, SYSTEM, USUARIO-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,
Update, 28/07/2014 22:16:12, SYSTEM, USUARIO-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.28.7,
Protection, 28/07/2014 22:16:16, SYSTEM, USUARIO-PC, Protection, Refresh, Starting,
Protection, 28/07/2014 22:16:16, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopping,
Protection, 28/07/2014 22:16:16, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Stopped,
Protection, 28/07/2014 22:16:30, SYSTEM, USUARIO-PC, Protection, Refresh, Success,
Protection, 28/07/2014 22:16:30, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Starting,
Protection, 28/07/2014 22:16:31, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Started,
Protection, 28/07/2014 23:44:53, SYSTEM, USUARIO-PC, Protection, Malware Protection, Starting,
Protection, 28/07/2014 23:44:54, SYSTEM, USUARIO-PC, Protection, Malware Protection, Started,
Protection, 28/07/2014 23:44:54, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Starting,
Protection, 28/07/2014 23:46:10, SYSTEM, USUARIO-PC, Protection, Malicious Website Protection, Started,

(end)

por **Power Max** Ter 29 Jul 2014, 09:42

Siga as dicas abaixo para acessar o Log de verificação do Malwarebytes:

Para isto abra o Malwarebytes > Clique no botão Histórico > Clique em Logs de Aplicativos > E dê um duplo clique com o botão esquerdo do mouse sobre o Log de Verificação mais atual para abri-lo. Isto é mostrado nesta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Na próxima tela que surgirá clique no botão Exportar > e clique na opção Arquivo texto (*.txt):

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Na outra tela que vai aparecer dê um nome para este relatório (como LOG por exemplo) > Clique em Área de Trabalho (para que ele seja salvo no seu Desktop) > Clique em Salvar:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Clique em OK na próxima mensagem que aparece:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Depois disto é só postar este log do Malwarebytes em sua próxima resposta.

por vanessa machado Ter 29 Jul 2014, 16:31

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 28/07/2014
Hora da Verificação: 22:19:34
Logfile: log.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.07.28.07
Rootkit Database: v2014.07.17.01
Licença: Trial
Proteção de Malware: Enabled
Proteção de Site Malicioso: Enabled
Self-protection: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: usuario

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 323570
Tempo Decorrido: 1 hr, 14 min, 0 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 1
PUP.Optional.ContentExplorer.A, C:\Users\usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe, 2840, Delete-on-Reboot, [f0f7772ddf9c6fc7bf487672c83a8878]

Módulos: 0
(No malicious items detected)

Chaves de Registro: 11
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\CLSID\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}, Quarantined, [ac3b9e06c8b344f2121d237ac23f4bb5],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{ba0ab49b-34a1-4c36-bb3b-e6f458974507}, Quarantined, [ac3b9e06c8b344f2121d237ac23f4bb5],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D62014A-A3A3-45C4-AAD8-754A3B854048}, Quarantined, [ac3b9e06c8b344f2121d237ac23f4bb5],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1EC8187A-6435-44E3-BBE4-6CE6D3C69254}, Quarantined, [ac3b9e06c8b344f2121d237ac23f4bb5],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\CLSID\{1EC8187A-6435-44E3-BBE4-6CE6D3C69254}\INPROCSERVER32, Quarantined, [ac3b9e06c8b344f2121d237ac23f4bb5],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Deal Keeper, Quarantined, [895e158f13688ea808cdff4d9d63f808],
PUP.Optional.DealKeeper.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Deal Keeper, Quarantined, [be29ecb847349a9cf190bc11c53d40c0],
PUP.Optional.ContentExplorer.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ContentExplorer, Quarantined, [35b2287cd9a266d0cc3c50989d65bb45],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\Deal Keeper, Quarantined, [3daa8321a9d284b2c1c1b21bb84ab14f],
PUP.Optional.DealKeeper.A, HKU\S-1-5-21-2292371893-2960214996-2512722399-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Deal Keeper, Quarantined, [b730396b06752313295a1cb15ea4b64a],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-2292371893-2960214996-2512722399-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [bc2b64400e6d21154bdbae2427db12ee],

Valores de Registro: 1
PUP.Optional.ContentExplorer.A, HKU\S-1-5-21-2292371893-2960214996-2512722399-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ContentExplorer, "C:\Users\usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe", Quarantined, [f0f7772ddf9c6fc7bf487672c83a8878]

Dados do Registro: 1
PUP.Optional.Hao123.A, HKU\S-1-5-21-2292371893-2960214996-2512722399-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br),Replaced,[33b4267eafcc68ce95fea20b4aba8977]

Pastas: 2
PUP.Optional.DealKeeper.A, C:\Program Files\Deal Keeper, Quarantined, [be29ecb847349a9cf190bc11c53d40c0],
PUP.Optional.ContentExplorer.A, C:\Users\usuario\AppData\Roaming\ContentExplorer, Delete-on-Reboot, [35b2287cd9a266d0cc3c50989d65bb45],

Arquivos: 22
PUP.Optional.DealKeeper.A, C:\Program Files\Deal Keeper\DealKeeperBHO.dll, Quarantined, [ac3b9e06c8b344f2121d237ac23f4bb5],
PUP.Optional.BundleInstaller.A, C:\Users\usuario\AppData\Local\Temp\is1242154493\2698995_stp.EXE, Quarantined, [77700e96067576c0de93087d51b33ac6],
PUP.Optional.Gameo.A, C:\Users\usuario\AppData\Local\Temp\is1242154493\2699882_stp.EXE, Quarantined, [82656c3898e391a52a298bf47e83e31d],
HackTool.Wpakill, C:\Users\usuario\Contacts\Documents\Downloads\RemoveWAT-226.zip, Quarantined, [c7206341cab1bc7ade5520344eb20cf4],
PUP.Optional.DealKeeper.A, C:\Program Files\Deal Keeper\DealKeeperUninstall.exe, Quarantined, [895e158f13688ea808cdff4d9d63f808],
PUP.Optional.PersonalCleaner, C:\$RECYCLE.BIN\S-1-5-21-2292371893-2960214996-2512722399-1000\$RNKZA2Z.exe, Quarantined, [d512564e433837ff81276f3bda2a946c],
PUP.Optional.PersonalCleaner, C:\$RECYCLE.BIN\S-1-5-21-2292371893-2960214996-2512722399-1000\$RVE6I8A.exe, Quarantined, [4d9a2a7a681386b0594fe0ca9371c739],
Trojan.Agent.SVR, C:\AdwCleaner\Quarantine\C\Program Files\003\xmkysecqun32.exe.vir, Quarantined, [43a4762e532844f265c1bbbb28d921df],
PUP.Optional.DealKeeper.A, C:\Program Files\Deal Keeper\DealKeeper.ico, Quarantined, [be29ecb847349a9cf190bc11c53d40c0],
PUP.Optional.DealKeeper.A, C:\Program Files\Deal Keeper\0, Quarantined, [be29ecb847349a9cf190bc11c53d40c0],
PUP.Optional.DealKeeper.A, C:\Program Files\Deal Keeper\7za.exe, Quarantined, [be29ecb847349a9cf190bc11c53d40c0],
PUP.Optional.DealKeeper.A, C:\Program Files\Deal Keeper\updateDealKeeper.exe, Quarantined, [be29ecb847349a9cf190bc11c53d40c0],
PUP.Optional.DealKeeper.A, C:\Program Files\Deal Keeper\updateDealKeeper.InstallState, Quarantined, [be29ecb847349a9cf190bc11c53d40c0],
PUP.Optional.Superfish.A, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [e4032c78ef8cec4a3da6627be61ce020],
PUP.Optional.Superfish.A, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [9057970d9be0360013d0667709f926da],
PUP.Optional.ContentExplorer.A, C:\Users\usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe, Delete-on-Reboot, [f0f7772ddf9c6fc7bf487672c83a8878],
PUP.Optional.ContentExplorer.A, C:\Users\usuario\AppData\Roaming\ContentExplorer\RootCert.cer, Quarantined, [35b2287cd9a266d0cc3c50989d65bb45],
PUP.Optional.ContentExplorer.A, C:\Users\usuario\AppData\Roaming\ContentExplorer\makecert.exe, Quarantined, [35b2287cd9a266d0cc3c50989d65bb45],
PUP.Optional.ContentExplorer.A, C:\Users\usuario\AppData\Roaming\ContentExplorer\uninstall.exe, Quarantined, [35b2287cd9a266d0cc3c50989d65bb45],
PUP.Optional.Hao123.A, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br" ],), Replaced,[885fd5cf0d6ef73f56ec4a9da064e51b]
PUP.Optional.Hao123.A, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br",), Replaced,[4c9ba103c9b261d551f28a5d61a308f8]
PUP.Optional.Hao123.A, C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\j2dv9l32.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=incore_pay_hp_01_hao123_br") Wink

, Replaced,[38aff4b00972d462d46b6483b54fea16]

Physical Sectors: 0
(No malicious items detected)

(end)

por **Power Max** Ter 29 Jul 2014, 16:37

Desative temporariamente seu antivirus para evitar conflitos.

Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Execute-o da forma indicada nesta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Shortcut_Module_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).

por vanessa machado Ter 29 Jul 2014, 17:50

¤¤¤¤¤¤¤¤¤¤ | AdsFix | g3n-h@ckm@n | 29.07.2014.4

¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 16:51:22 - 29/07/2014

Atualizado : 29/07/2014 | 18.55 Por g3n-h@ckm@n

Contact : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Assistance : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedbacks : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Boot: Normal boot

[usuario (Administrator)] - [USUARIO-PC] - (brasil [0416])
SID = S-1-5-21-2292371893-2960214996-2512722399-1000

Sistema : Windows 7 Home Premium (32 bits) HomePremium Service Pack 1

Memória RAM = Total (MB) : 1563 | Livre (MB) : 888
Pagefile = Total (MB) : 3125 | Livre (MB) : 2036
Virtual = Total (MB) : 2097 | Livre (MB) : 1937

Registro protegido, restabelecer : C:\AdsFix\Save\Clean\ERDNT.exe

¤¤¤¤¤¤¤¤¤¤ | Windows atualizado

Por último descoberta : 2014-07-29 19:32:04
Carregado último ones : 2014-07-22 00:33:14
Instalado último ones : 2014-07-22 02:44:57
Próxima procura : 2014-07-30 15:15:11

¤¤¤¤¤¤¤¤¤¤ | Navegadores

IE : 11.0.9600.17207 (© Microsoft Corporation. Todos os direitos reservados.)
GC : 36.0.1985.125 (Copyright 2012 Google Inc. All rights reserved.)

¤¤¤¤¤¤¤¤¤¤ | Security

AM : Malwarebytes' Anti-Malware (1.0.0.532) []
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Ordem
AS: Windows Defender [Manual(3)] = Ordem
FW: Windows FireWall Service [Auto(2)] = Ordem

Colocação apagada em um modo auxiliar !

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

¤¤¤¤¤¤¤¤¤¤ | Processos mortos

960 | [Owner : SISTEMA |Parent : 728] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (3.2.2.0) = C:\PROGRA~1\GbPlugin\gbpsv.exe
1664 | [Owner : SISTEMA |Parent : 728] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1808 | [Owner : SISTEMA |Parent : 728] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - (14.0.0.4714) = C:\Program Files\AVG\AVG2014\avgwdsvc.exe
1836 | [Owner : SISTEMA |Parent : 728] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (3.0.2.0) = C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
580 | [Owner : usuario |Parent : 728] - (.Microsoft Corporation - Processo de Host para Tarefas do Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
1952 | [Owner : usuario |Parent : 1284] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
2544 | [Owner : usuario |Parent : 328] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.0.0.532) = C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
2908 | [Owner : usuario |Parent : 1952] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) - (6.5.11.1) = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
2980 | [Owner : usuario |Parent : 1952] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) - (14.0.0.4714) = C:\Program Files\AVG\AVG2014\avgui.exe
3996 | [Owner : usuario |Parent : 2980] - (.Microsoft Corporation - Carregador CTF.) - (6.1.7600.16385) = C:\Windows\System32\ctfmon.exe
3352 | [Owner : SISTEMA |Parent : 728] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) - (2.0.14.1) = C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3680 | [Owner : SISTEMA |Parent : 728] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
3532 | [Owner : SISTEMA |Parent : 728] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) - (6.5.2.1) = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
632 | [Owner : SERVIÇO DE REDE |Parent : 728] - (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
632 | [Owner : SERVIÇO DE REDE |Parent : 728] - (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
2928 | [Owner : SISTEMA |Parent : 728] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - (14.0.0.4714) = C:\Program Files\AVG\AVG2014\avgwdsvc.exe
3132 | [Owner : SISTEMA |Parent : 728] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (3.2.2.0) = C:\PROGRA~1\GbPlugin\gbpsv.exe

¤¤¤¤¤¤¤¤¤¤ | RUN

04 - HKLM\..\Run : [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-21-2292371893-2960214996-2512722399-1000\..\Run : [ares] "C:\Program Files\Ares\Ares.exe" -h
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

¤¤¤¤¤¤¤¤¤¤ | Serviços

funcionando : MMCSS
funcionando : Dhcp
Serviço parado : Dhcp
funcionando : WMPNetworkSvc
Serviço parado : WMPNetworkSvc
funcionando : TcpIp
funcionando : SSDPSRV
funcionando : MPSSvc
Serviço parado : MPSSvc
funcionando : Rasman
Serviço parado : Rasman
funcionando : LanmanServer
funcionando : DNScache
Serviço parado : DNScache
Apagado prosperamente : HKLM\..\ControlSet001\Services\Bprotect : 4, 4, 4, 7875
Apagado prosperamente : HKLM\..\ControlSet002\Services\Bprotect : 4, 4, 4, 7875
Apagado prosperamente : HKLM\..\CurrentControlSet\Services\BprotectEx : 1

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\Windows\System32\Drivers\etc\hosts : Reponha para zerar prosperamente

¤¤¤¤¤¤¤¤¤¤ | Registro

Apagado prosperamente : HKU\S-1-5-21-2292371893-2960214996-2512722399-1000\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Apagado prosperamente : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Deal Keeper
Apagado prosperamente : HKLM\Software\Microsoft\Tracing\ContentExplorer_RASAPI32
Apagado prosperamente : HKLM\Software\Microsoft\Tracing\ContentExplorer_RASMANCS
Apagado prosperamente : HKU\S-1-5-21-2292371893-2960214996-2512722399-1000\SOFTWARE\ContentExplorer
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} : ShopperReports.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} : alotBHO.dll;alotBHO.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} : ShoppingReport.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} : PCTBrowserDefender.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} : BabylonToolbar.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825} : PCTBrowserDefender.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{57F02779-3D88-4958-8AD3-83C12D86ADC7} : advancedsearchbar.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} : alot.dll;alot.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} : SuperfishIEAddon.dll;SuperfishIEAddon.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} : BabylonToolbar.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} : ShoppingReport.dll
Apagado prosperamente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CDEEC43D-3572-4E95-A2A5-F519D29F00C0} : advancedsearchbar.dll
Apagado prosperamente : HKLM\Software\Classes\Installer\Features\675BF87B4BB899746B210AB247ABD00F : AvgAddonsFea
Apagado prosperamente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D : 02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP\UserSettings
Apagado prosperamente : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]|[C:\Program Files\Iminent\inst\Bootstrapper\]
Apagado prosperamente : [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]|[C:\Program Files\Iminent\]
Apagado prosperamente : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29B9B919-4559-43DD-BF88-72A974CBA539} : \{FEF10F74-A6EC-45F6-81F0-F7B450185F7B}
Apagado prosperamente : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater
Apagado prosperamente : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FEF10F74-A6EC-45F6-81F0-F7B450185F7B}

¤¤¤¤¤¤¤¤¤¤ | Offsets

¤¤¤¤¤¤¤¤¤¤ | reparsepoint

¤¤¤¤¤¤¤¤¤¤ | Arquivos

Apagado prosperamente : C:\Windows\System32\Tasks\{FEF10F74-A6EC-45F6-81F0-F7B450185F7B} = Bundled software uninstaller
Apagado prosperamente : C:\Users\usuario\AppData\Roaming\1H1Q
Apagado prosperamente : C:\Users\usuario\AppData\Local\Temp\Deal Keeper
Apagado prosperamente : C:\Users\usuario\AppData\Local\Temp\jrt\browsermngr_keys.cfg (.- .)
Apagado prosperamente : C:\Users\usuario\AppData\Local\Temp\jrt\browsermngr_values.cfg (.- .)
Apagado prosperamente : C:\Users\usuario\AppData\Local\Temp\jrt\FFbrowsermngr.dat (.- .)

¤¤¤¤¤¤¤¤¤¤ | .LNK

¤¤¤¤¤¤¤¤¤¤ | Extensão desconhecida abrindo

¤¤¤¤¤¤¤¤¤¤ | Proxy

Apagado prosperamente : S-1-5-21-2292371893-2960214996-2512722399-1000 : Proxyserver -> http=127.0.0.1:50917;https=127.0.0.1:50917

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Consertado : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [HKLM\Software\Microsoft\Internet Explorer\AboutURLs]|[Tabs] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Consertado : [HKU\S-1-5-21-2292371893-2960214996-2512722399-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

¤¤¤¤¤¤¤¤¤¤ | Google Chrome

Apagado prosperamente : HKLM\Software\Policies\Google
[usuario] Reponha para zerar prosperamente : SearchURL

¤¤¤¤¤¤¤¤¤¤ | Firefox

[usuario] Apagado prosperamente : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\j2dv9l32.default\sessionstore.js

¤¤¤¤¤¤¤¤¤¤ | SeaMonkey

¤¤¤¤¤¤¤¤¤¤ | Pale moon

¤¤¤¤¤¤¤¤¤¤ | Opera

¤¤¤¤¤¤¤¤¤¤ | StartMenuInternet

Consertado : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"

¤¤¤¤¤¤¤¤¤¤ | AppCertDlls | AppInit_DLLs

¤¤¤¤¤¤¤¤¤¤ | Javascript

¤¤¤¤¤¤¤¤¤¤ | Firewall

¤¤¤¤¤¤¤¤¤¤ | ADS

C:\Windows\System32:
Apagado prosperamente :684BD1E8_Uni.gbp

C:\Windows\System32\drivers:
Apagado prosperamente :GbpKmAp.lst

¤¤¤¤¤¤¤¤¤¤ | Arquivos temporários

[All Users] Arquivos temporários Apagado : 0 Ko
[Default] Arquivos temporários Apagado : 0 Ko
[Default User] Arquivos temporários Apagado : 0 Ko
[Public] Arquivos temporários Apagado : 0 Ko
[Todos os Usuários] Arquivos temporários Apagado : 0 Ko
[usuario] Arquivos temporários Apagado : 10623 Ko
[Usuário Padrão] Arquivos temporários Apagado : 0 Ko
[C:\Windows\Temp] Arquivos temporários Apagado : 832 Ko
[C:\Temp] Arquivos temporários Apagado : 0 Ko

Serviço reiniciado : MPSsvc

Outros relatórios

Colocação restabelecida em um modo auxiliar

¤¤¤¤¤¤¤¤¤¤ | Explorer.exe

¤¤¤¤¤¤¤¤¤¤ | Listing

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files

[04/09/2013 11:06:06] - |D| - C:\Program Files\7-Zip
[28/10/2013 15:24:56] - |D| - C:\Program Files\Ares
[28/03/2013 17:35:52] - |SHD| - C:\Program Files\Arquivos Comuns
[28/03/2013 17:44:14] - |D| - C:\Program Files\AVAST Software
[02/06/2014 23:39:34] - |D| - C:\Program Files\AVG
[04/09/2013 11:02:25] - |D| - C:\Program Files\Baidu Security
[21/07/2014 23:06:32] - |D| - C:\Program Files\Baidu-Security-2014-4.4.4.73687
[13/07/2009 23:37:05] - |D| - C:\Program Files\Common Files
[14/07/2009 01:41:57] - |ASH| - C:\Program Files\desktop.ini
[14/07/2009 01:52:30] - |D| - C:\Program Files\DVD Maker
[02/05/2014 23:33:40] - |D| - C:\Program Files\GbPlugin
[17/05/2013 15:01:16] - |D| - C:\Program Files\Google
[08/07/2013 13:35:47] - |D| - C:\Program Files\Hewlett-Packard
[28/04/2013 19:32:15] - |HD| - C:\Program Files\InstallShield Installation Information
[13/07/2009 23:37:05] - |D| - C:\Program Files\Internet Explorer
[04/09/2013 14:35:00] - |D| - C:\Program Files\Java
[28/07/2014 22:11:04] - |D| - C:\Program Files\Malwarebytes Anti-Malware
[30/05/2014 15:26:07] - |D| - C:\Program Files\Microsoft.NET
[25/06/2014 22:48:51] - |D| - C:\Program Files\Mozilla Firefox
[14/07/2009 01:52:30] - |D| - C:\Program Files\MSBuild
[14/07/2009 01:52:30] - |D| - C:\Program Files\Reference Assemblies
[28/07/2014 21:25:52] - |D| - C:\Program Files\Tweaks
[14/07/2009 01:53:23] - |HD| - C:\Program Files\Uninstall Information
[14/07/2009 01:52:30] - |D| - C:\Program Files\Windows Defender
[13/07/2009 23:37:05] - |D| - C:\Program Files\Windows Mail
[14/07/2009 01:52:30] - |D| - C:\Program Files\Windows Media Player
[13/07/2009 23:37:05] - |D| - C:\Program Files\Windows NT
[14/07/2009 01:52:30] - |D| - C:\Program Files\Windows Photo Viewer
[14/07/2009 01:52:30] - |D| - C:\Program Files\Windows Portable Devices
[14/07/2009 01:52:30] - |D| - C:\Program Files\Windows Sidebar

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files\Common Files

[13/07/2009 23:37:05] - |D| - C:\Program Files\Common Files\microsoft shared
[13/07/2009 23:37:05] - |D| - C:\Program Files\Common Files\Services
[28/03/2013 17:35:52] - |SHD| - C:\Program Files\Common Files\Sistema
[13/07/2009 23:37:05] - |D| - C:\Program Files\Common Files\SpeechEngines
[13/07/2009 23:37:05] - |D| - C:\Program Files\Common Files\System
[28/03/2013 17:56:33] - |D| - C:\Program Files\Common Files\Windows Live

¤¤¤¤¤¤¤¤¤¤ | C:\Users\usuario\AppData\Roaming

[01/04/2013 13:20:12] - |D| - C:\Users\usuario\AppData\Roaming\Adobe
[02/06/2014 23:43:26] - |D| - C:\Users\usuario\AppData\Roaming\AVG2014
[04/09/2013 11:02:24] - |D| - C:\Users\usuario\AppData\Roaming\Baidu Security
[08/07/2013 13:36:52] - |D| - C:\Users\usuario\AppData\Roaming\hpqLog
[28/03/2013 17:36:45] - |D| - C:\Users\usuario\AppData\Roaming\Identities
[01/04/2013 15:04:03] - |D| - C:\Users\usuario\AppData\Roaming\Macromedia
[28/03/2013 17:36:04] - |D| - C:\Users\usuario\AppData\Roaming\Media Center Programs
[28/03/2013 17:36:04] - |SD| - C:\Users\usuario\AppData\Roaming\Microsoft
[28/03/2013 17:55:55] - |D| - C:\Users\usuario\AppData\Roaming\Mozilla
[02/06/2014 23:42:08] - |D| - C:\Users\usuario\AppData\Roaming\TuneUp Software
[20/12/2013 20:22:05] - |A| - C:\Users\usuario\AppData\Roaming\WB.CFG

¤¤¤¤¤¤¤¤¤¤ | C:\Users\usuario\AppData\Local

[01/04/2013 13:20:12] - |D| - C:\Users\usuario\AppData\Local\Adobe
[26/06/2014 00:48:37] - |D| - C:\Users\usuario\AppData\Local\Apps
[28/10/2013 15:25:07] - |D| - C:\Users\usuario\AppData\Local\Ares
[09/07/2013 08:35:05] - |A| - C:\Users\usuario\AppData\Local\AtStart.txt
[02/06/2014 23:36:28] - |D| - C:\Users\usuario\AppData\Local\Avg2014
[28/03/2013 17:36:05] - |SHD| - C:\Users\usuario\AppData\Local\Dados de aplicativos
[26/06/2014 00:48:36] - |D| - C:\Users\usuario\AppData\Local\Deployment
[28/03/2013 21:20:13] - |D| - C:\Users\usuario\AppData\Local\Diagnostics
[09/07/2013 08:35:05] - |A| - C:\Users\usuario\AppData\Local\DSwitch.txt
[31/05/2013 19:39:15] - |D| - C:\Users\usuario\AppData\Local\ElevatedDiagnostics
[30/05/2014 10:49:55] - |SHD| - C:\Users\usuario\AppData\Local\EmieSiteList
[30/05/2014 10:49:55] - |SHD| - C:\Users\usuario\AppData\Local\EmieUserList
[15/04/2014 00:31:51] - |D| - C:\Users\usuario\AppData\Local\GAS Tecnologia
[28/03/2013 17:49:58] - |A| - C:\Users\usuario\AppData\Local\GDIPFONTCACHEV1.DAT
[17/05/2013 16:04:24] - |D| - C:\Users\usuario\AppData\Local\Google
[28/03/2013 17:36:05] - |SHD| - C:\Users\usuario\AppData\Local\Histórico
[28/07/2014 23:42:09] - |AH| - C:\Users\usuario\AppData\Local\IconCache.db
[01/04/2013 15:04:03] - |D| - C:\Users\usuario\AppData\Local\Macromedia
[02/06/2014 23:36:28] - |D| - C:\Users\usuario\AppData\Local\MFAData
[28/03/2013 17:36:04] - |D| - C:\Users\usuario\AppData\Local\Microsoft
[28/03/2013 21:58:58] - |D| - C:\Users\usuario\AppData\Local\Microsoft Games
[28/03/2013 18:05:57] - |D| - C:\Users\usuario\AppData\Local\Microsoft Help
[28/03/2013 17:55:55] - |D| - C:\Users\usuario\AppData\Local\Mozilla
[15/04/2014 00:31:31] - |D| - C:\Users\usuario\AppData\Local\Programs
[09/07/2013 08:35:05] - |A| - C:\Users\usuario\AppData\Local\QSwitch.txt
[28/07/2014 20:39:30] - |D| - C:\Users\usuario\AppData\Local\Temp
[28/03/2013 17:36:05] - |SHD| - C:\Users\usuario\AppData\Local\Temporary Internet Files
[28/03/2013 17:36:10] - |D| - C:\Users\usuario\AppData\Local\VirtualStore
[28/03/2013 17:56:34] - |D| - C:\Users\usuario\AppData\Local\Windows Live

¤¤¤¤¤¤¤¤¤¤ | C:\ProgramData

[10/09/2013 21:26:43] - |D| - C:\ProgramData\4shared Desktop
[28/03/2013 17:42:19] - |D| - C:\ProgramData\Adobe
[14/07/2009 01:53:55] - |SHD| - C:\ProgramData\Application Data
[28/03/2013 17:44:14] - |D| - C:\ProgramData\AVAST Software
[02/06/2014 23:41:08] - |D| - C:\ProgramData\AVG2014
[04/09/2013 11:04:02] - |D| - C:\ProgramData\Baidu Security
[02/06/2014 23:36:29] - |HD| - C:\ProgramData\Common Files
[28/03/2013 17:35:52] - |SHD| - C:\ProgramData\Dados de aplicativos
[14/07/2009 01:53:55] - |SHD| - C:\ProgramData\Desktop
[28/03/2013 17:35:52] - |SHD| - C:\ProgramData\Documentos
[14/07/2009 01:53:55] - |SHD| - C:\ProgramData\Documents
[14/07/2009 01:53:55] - |SHD| - C:\ProgramData\Favorites
[28/03/2013 17:35:52] - |SHD| - C:\ProgramData\Favoritos
[15/04/2014 00:31:52] - |D| - C:\ProgramData\GAS Tecnologia
[02/05/2014 23:33:40] - |D| - C:\ProgramData\GbPlugin
[02/06/2014 23:37:33] - |D| - C:\ProgramData\Log
[28/07/2014 22:11:04] - |D| - C:\ProgramData\Malwarebytes
[28/03/2013 17:35:52] - |SHD| - C:\ProgramData\Menu Iniciar
[02/06/2014 23:36:27] - |D| - C:\ProgramData\MFAData
[13/07/2009 23:37:05] - |SD| - C:\ProgramData\Microsoft
[28/03/2013 18:05:04] - |D| - C:\ProgramData\Microsoft Help
[28/03/2013 17:35:52] - |SHD| - C:\ProgramData\Modelos
[03/04/2013 13:55:40] - |D| - C:\ProgramData\Mozilla
[29/10/2013 19:20:37] - |D| - C:\ProgramData\Oracle
[14/07/2009 01:53:55] - |SHD| - C:\ProgramData\Start Menu
[04/09/2013 14:22:02] - |D| - C:\ProgramData\Sun
[14/07/2009 01:53:55] - |SHD| - C:\ProgramData\Templates

[X] : [1109 Ko]

Elementos analisados : 59003 | Modificados : 4 | Infetado : 40

¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤ | 17:40:23 | [20 Ko]

por **Power Max** Ter 29 Jul 2014, 18:03

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

por vanessa machado Ter 29 Jul 2014, 18:14

~ Relatório do ZHPDiag v2014.7.29.110 - Nicolas Coolman (29/07/2014)
~ Iniciado por usuario (29/07/2014 18:08:08)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.3986
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 14 Stepping 12, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1526 MB (27% free)
System Restore: Activé (Enable)
System drive C: has 73 GB (68%) free of 107 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: usuario
~ All Users Names: usuario, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\usuario\AppData\Roaming\
~ %Desktop% : C:\Users\usuario\Desktop\
~ %Favorites% : C:\Users\usuario\Favorites\
~ %LocalAppData% : C:\Users\usuario\AppData\Local\
~ %StartMenu% : C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 73 Go of 107 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 5 Go)
E: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 0/0
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/16
~ Mon Bureau (My Desktop) : 11/363
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 01s

---\\ Processos lançados
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2608]
[MD5.8F89E6CB82E6DB45BC993D423CD0FDBD] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [323640] [PID.3744]
[MD5.A8B68D4A0B815294819E2647D54A7686] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [5179408] [PID.3792]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3416]
[MD5.9C41C4C252E978B5BABAF4C19BEC48CB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8083456] [PID.448]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 03s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\j2dv9l32.default\prefs.js
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehuni.dll
~ BHO: 2 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
O4 - HKCU\..\Run: [ares] C:\Program Files\Ares\Ares.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2292371893-2960214996-2512722399-1000\..\Run: [ares] C:\Program Files\Ares\Ares.exe (.not file.)
~ Application: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A31D932-1CE1-4770-BA4D-2B74DB29FF98}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5A31D932-1CE1-4770-BA4D-2B74DB29FF98}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A31D932-1CE1-4770-BA4D-2B74DB29FF98}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 6 Legitimates Filtered in 00mn 19s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{90D9F014-9FCA-46B0-A88B-8B6C72D8BD7D}] (...) -- C:\Users\usuario\Downloads\auxsetup_x86.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 6 Legitimates Filtered in 00mn 10s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 87 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AdsFix]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\GbAs]
[HKLM\Software\AdsFix]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\Chew7]
~ Key Software: 91 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/05/2014 - 10:58:40 - [] ----D C:\Program Files\Ares
O43 - CFD: 04/09/2013 - 11:02:25 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 21/07/2014 - 23:06:32 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 28/07/2014 - 23:27:53 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 04/09/2013 - 11:02:24 - [] ----D C:\Users\usuario\AppData\Roaming\Baidu Security
O43 - CFD: 28/10/2013 - 15:25:10 - [] ----D C:\Users\usuario\AppData\Local\Ares
~ Program Folder: 102 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 28/07/2014 - 20:13:29 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.29748854EBF605B49F8794653AC184F0] - 28/07/2014 - 20:42:11 ----- . (...) -- C:\zoek-results.log [14035]
O44 - LFC:[MD5.3E9F567A2BBEDBFB88B5BE432F59CF9A] - 28/07/2014 - 21:43:29 ---A- . (...) -- C:\Windows\ntbtlog.txt [732292]
O44 - LFC:[MD5.43417309B327EA750C60235E54ACD635] - 29/07/2014 - 17:40:23 ---A- . (...) -- C:\AdsFix_29_07_2014_17_40_23.txt [19647]
~ Files: 56 Legitimates Filtered in 00mn 11s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:28/06/2013 - 00:13:36 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:28/06/2013 - 00:13:36 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:28/06/2013 - 00:13:36 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:05/05/2014 - 09:42:00 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:02/05/2014 - 23:34:09 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:14/11/2006 - 17:35:20 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\Windows\System32\Drivers\rixdptsk.sys [37376]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 92 Legitimates Filtered in 00mn 08s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 05/05/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 12/05/2014 - C:\Windows\system32\drivers\mwac.sys (MBAMWebAccessControl) .(.Malwarebytes Corporation - Malwarebytes Web Access Control.) - LEGACY_MBAMWEBACCESSCONTROL
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 135 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.39C1BF49FFA2E76B5CB931EECDC3969A] [SPRF][29/07/2014] (.No owner - AdsFix.) -- C:\Users\usuario\Desktop\AdsFix.exe [2974208]
~ Files: 1 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 27/06/2014 3241488 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
SS - | Auto 26/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 26/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/06/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
SR - | Demand 12/01/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Auto 05/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 15s

---\\ Scâner Aditional (088)
Database Version : 13026 - (29/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 131246 Items scanned in 00mn 36s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 5 Legitimates Filtered in 00mn 00s

~ 641 Legitimates filtered by white list
End of the scan (398 lines in 02mn 38s)(0)

por **Power Max** Ter 29 Jul 2014, 18:20

No momento estou no celular, mas amanhã te passo o Script para remover os problemas encontrados pelo ZHPDiag, OK?

por vanessa machado Ter 29 Jul 2014, 18:23

ok. Fico no aguardo. Obrigado

por **Power Max** Qua 30 Jul 2014, 11:14

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Problemas com certificado ce_umbrella 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por vanessa machado Qua 30 Jul 2014, 20:16

Rapport de ZHPFix 2014.7.27.5 par Nicolas Coolman, Update du 27/07/2014
Fichier d'export Registre :
Run by usuario at 30/07/2014 20:14:37
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 21s)

========== Recapitulativo ==========

End of clean in 00mn 57s

========== Caminho do ficheiro do relatório ==========
C:\Users\usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/07/2014 20:14:59 [402]

por **Power Max** Qua 30 Jul 2014, 20:23

Parece que você não fez corretamente. Faça novamente exatamente como lhe passei na resposta anterior e poste o novo relatório que ele irá criar.

por vanessa machado Qua 30 Jul 2014, 21:45

Rapport de ZHPFix 2014.7.27.5 par Nicolas Coolman, Update du 27/07/2014
Fichier d'export Registre :
Run by usuario at 30/07/2014 21:44:55
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 14s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos

========== Valores do Registo ==========
ELIMINÉ RunValue: ares
ELIMINÉ RunValue: Sidebar

========== Preferências do navegador ==========
AGORA Chrome File: C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
ELIMINÉ Chrome Site: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ Chrome Site: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (2) (832 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {90D9F014-9FCA-46B0-A88B-8B6C72D8BD7D}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
7 : Chaves do Registo
2 : Valores do Registo
1 : Pastas
2 : Ficheiros
3 : Preferências do navegador
1 : Tarefa planificada
1 : Restauração Sistema

End of clean in 01mn 53s

========== Caminho do ficheiro do relatório ==========
C:\Users\usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/07/2014 20:14:59 [483]
C:\Users\usuario\AppData\Roaming\ZHP\ZHPFix[R2].txt - 30/07/2014 21:45:09 [1651]

por **Power Max** Qua 30 Jul 2014, 22:15

Valeu, agora está certo.
_________________________

Problemas com certificado ce_umbrella 772309

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Obs : como estou acessando pelo celular, amanhã te passo o próximo procedimento.

por vanessa machado Qua 30 Jul 2014, 22:40

Tranquilo, aguardo respostas. Mas observei que parou de aparecer a janela do certificado umbrella.

~ Relatório do ZHPDiag v2014.7.29.110 - Nicolas Coolman (29/07/2014)
~ Iniciado por usuario (30/07/2014 22:33:49)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v14.0.3986
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 14 Stepping 12, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1526 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 73 GB (68%) free of 107 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: usuario
~ All Users Names: usuario, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\usuario\AppData\Roaming\
~ %Desktop% : C:\Users\usuario\Desktop\
~ %Favorites% : C:\Users\usuario\Favorites\
~ %LocalAppData% : C:\Users\usuario\AppData\Local\
~ %StartMenu% : C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 73 Go of 107 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 5 Go)
E: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 0/0
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/17
~ Mon Bureau (My Desktop) : 11/364
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.41ADF70111483C1E5E81EE4E8F0B0D57] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe [846864] [PID.352]
[MD5.78BC21F8BB27A68895377070B727B8E2] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe [642576] [PID.388]
[MD5.591A7E5FC4A8121B2ABF4E768B64ABA7] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [527928] [PID.952]
[MD5.20B2C28E3914C6837B30D44D31D2A294] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488] [PID.1752]
[MD5.13BB5F8819F90CE30A967FD94823E21B] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328] [PID.1772]
[MD5.D84AEA3F3329D622DFC1297DDDF6163B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.1808]
[MD5.4F45ED469906494F9BF754E476390DBD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472] [PID.2020]
[MD5.D8DB2DA1AD3C96D2A9898068F309EB57] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe [838672] [PID.1916]
[MD5.77505EFF423AFD7A2B41C0EFF919C935] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe [656912] [PID.1932]
[MD5.4FBC630768570E6AC35C3DE8F6EC79F5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [6970168] [PID.2372]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.3812]
[MD5.8F89E6CB82E6DB45BC993D423CD0FDBD] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [323640] [PID.3440]
[MD5.A8B68D4A0B815294819E2647D54A7686] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [5179408] [PID.3652]
[MD5.FDF273A845F1FFCCEADF363AAF47582F] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [229944] [PID.2388]
[MD5.C7A0E61D5714AC20DE52D4F66EC773B8] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [227896] [PID.3360]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.1656]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.6028]
[MD5.9C41C4C252E978B5BABAF4C19BEC48CB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8083456] [PID.5084]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 05s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\j2dv9l32.default\prefs.js
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehuni.dll
~ BHO: 2 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A31D932-1CE1-4770-BA4D-2B74DB29FF98}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5A31D932-1CE1-4770-BA4D-2B74DB29FF98}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A31D932-1CE1-4770-BA4D-2B74DB29FF98}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginUni . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 6 Legitimates Filtered in 00mn 16s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 5 Legitimates Filtered in 00mn 11s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
~ Drivers: 79 Legitimates Filtered in 00mn 03s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AdsFix]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKLM\Software\AdsFix]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Chew7]
~ Key Software: 88 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/05/2014 - 10:58:40 - [] ----D C:\Program Files\Ares
O43 - CFD: 28/10/2013 - 15:25:10 - [] ----D C:\Users\usuario\AppData\Local\Ares
~ Program Folder: 98 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 28/07/2014 - 20:13:29 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.29748854EBF605B49F8794653AC184F0] - 28/07/2014 - 20:42:11 ----- . (...) -- C:\zoek-results.log [14035]
O44 - LFC:[MD5.3E9F567A2BBEDBFB88B5BE432F59CF9A] - 28/07/2014 - 21:43:29 ---A- . (...) -- C:\Windows\ntbtlog.txt [732292]
O44 - LFC:[MD5.43417309B327EA750C60235E54ACD635] - 29/07/2014 - 17:40:23 ---A- . (...) -- C:\AdsFix_29_07_2014_17_40_23.txt [19647]
~ Files: 56 Legitimates Filtered in 00mn 42s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:28/06/2013 - 00:13:36 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:28/06/2013 - 00:13:36 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:28/06/2013 - 00:13:36 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:05/05/2014 - 09:42:00 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:02/05/2014 - 23:34:09 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:14/11/2006 - 17:35:20 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\Windows\System32\Drivers\rixdptsk.sys [37376]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 92 Legitimates Filtered in 00mn 08s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 05/05/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 12/05/2014 - C:\Windows\system32\drivers\mwac.sys (MBAMWebAccessControl) .(.Malwarebytes Corporation - Malwarebytes Web Access Control.) - LEGACY_MBAMWEBACCESSCONTROL
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 135 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.39C1BF49FFA2E76B5CB931EECDC3969A] [SPRF][29/07/2014] (.No owner - AdsFix.) -- C:\Users\usuario\Desktop\AdsFix.exe [2974208]
~ Files: 1 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 26/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 26/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 27/06/2014 3241488 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
SR - | Auto 17/06/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
SR - | Demand 12/01/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Auto 05/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 27s

---\\ Scâner Aditional (088)
Database Version : 13026 - (29/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 131185 Items scanned in 00mn 57s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s

~ 625 Legitimates filtered by white list
End of the scan (397 lines in 03mn 39s)(0)

por **Power Max** Qua 30 Jul 2014, 22:49

Consegui montar o Script no celular.

Problemas com certificado ce_umbrella 772309

Selecione e copie todo o texto destacado em vermelho abaixo que te passei.
_____________________________________________________________________________________________________________

Problemas com certificado ce_umbrella 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por vanessa machado Qui 31 Jul 2014, 19:21

Rapport de ZHPFix 2014.7.27.5 par Nicolas Coolman, Update du 27/07/2014
Fichier d'export Registre :
Run by usuario at 31/07/2014 19:18:05
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 08s)
Reparação de atalhos do navegador

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema

End of clean in 01mn 43s

========== Caminho do ficheiro do relatório ==========
C:\Users\usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/07/2014 20:14:59 [483]
C:\Users\usuario\AppData\Roaming\ZHP\ZHPFix[R2].txt - 30/07/2014 21:45:09 [1733]
C:\Users\usuario\AppData\Roaming\ZHP\ZHPFix[R3].txt - 31/07/2014 19:18:14 [939]

por Conteúdo patrocinado

Problemas com certificado ce_umbrella

Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

(RESOLVIDO ) PROBLEMAS COM CERTIFICADO CE UMBRELLA

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

(RESOLVIDO ) PROBLEMAS COM CERTIFICADO CE UMBRELLA

Re: Problemas com certificado ce_umbrella

(RESOLVIDO ) PROBLEMAS COM CERTIFICADO CE UMBRELLA

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Re: Problemas com certificado ce_umbrella

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30