Problemas com Cinema-plus 1.2

por isageorge Dom 10 Ago 2014, 20:25

Carissimos,

Venho solicitar ajuda para a remoção de malwares.
Uso Google Chromes como navegador e apos tentar instalar o adoble read, começou a aparecer os malditos anúncios do ad cinema-plus 1.2.
Baixei o programa Spy Hunter 4 para encontrar essa porcaria e ele detectou mais de 4.000 infecções.
Não consigo encontrar de forma nenhuma essa porcaria e não tenho ideia de como tira-lo.
Meu pc normalmente trava e fica lento também.

Abaixo, segue o relatório do HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:25:01, on 10/08/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Windows\Explorer.EXE
C:\Program Files\iSafe\iSafeTray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
C:\Users\Isuara\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
C:\Users\Isuara\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Isuara\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Downloads\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CrossriderApp0060548 - {11111111-1111-1111-1111-110611051148} - C:\Program Files\HQ-Pure1.0\HQ-Pure1.0-bho.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\Isuara\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Isuara\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Isuara\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: googledrivesync.lnk = C:\Program Files\Google\Drive\googledrivesync.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
O8 - Extra context menu item: &Download All using 4shared Desktop - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\4shared Desktop\Desktop.32/D_ALL_LINK
O8 - Extra context menu item: &Download using 4shared Desktop - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\4shared Desktop\Desktop.32/D_ONE_LINK
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Capturar esta página - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Capturar imagem - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Capturar seleção - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Capturar URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Nova nota - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - Unknown owner - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iSafeService - Elex do Brasil Participações Ltda - C:\Program Files\iSafe\iSafeSvc.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

--
End of file - 12327 bytes

por **Power Max** Dom 10 Ago 2014, 20:30

Olá. Primeiramente sugiro que você desinstale este Spyhunter, que é inútil nessa situação.
_____________________________________

Depois de desinstalá-lo, faça o seguinte :

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por isageorge Ter 12 Ago 2014, 17:08

Apos remover o SpyHunter, baixei e executei o AdwCleaner como solicitado e dá o seguinte erro.
Segue anexo em .jpeg
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por **Power Max** Ter 12 Ago 2014, 23:46

inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede. Quando o PC estiver em modo seguro com rede, faça o uso do Adwcleaner como mostra o tutorial que te passei.

Depois disto poste o relatório dele aqui em seu tópico.

por isageorge Sex 15 Ago 2014, 19:12

Segue o relatório:

# AdwCleaner v3.305 - Relatório criado 15/08/2014 às 18:57:02
# Atualizado 14/08/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Isuara - ISAURA-PC
# Executando de : D:\Downloads\adwcleaner_3.305.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

[!] Pasta Deletada : C:\Program Files\iSafe
Pasta Deletada : C:\Program Files\HQ-Pure1.0
Pasta Deletada : C:\Program Files\Common Files\IMGUpdater
Pasta Deletada : C:\Users\Convidado\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\Isuara\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\Isuara\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\ConduitCommon
Pasta Deletada : C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\Extensions\bbrs_002@blabbers.com
Pasta Deletada : C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\Extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com
Arquivo Deletada : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
Arquivo Deletada : C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\searchplugins\bingp.xml
Arquivo Deletada : C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage
Arquivo Deletada : C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage-journal

***** [ Tarefas ] *****

Tarefa Deletedo : globalUpdateUpdateTaskMachineCore
Tarefa Deletedo : globalUpdateUpdateTaskMachineUA

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0060548.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0060548.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0060548.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0060548.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611051148}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622052248}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655055548}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666056648}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611051148}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611051148}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611051148}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\V9
Chave Deletedo : HKCU\Software\AppDataLow\Software\HQ-Pure1.0
Chave Deletedo : HKLM\Software\GlobalUpdate
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\Software\HQ-Pure1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[ Arquivo : C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\prefs.js ]

Linha deletada : user_pref("CT2438727..clientLogIsEnabled", false);
Linha deletada : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Linha deletada : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Linha deletada : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Linha deletada : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Linha deletada : user_pref("CT2438727.AppTrackingLastCheckTime", "Tue May 22 2012 11:12:08 GMT-0300 (Hora oficial do Brasil)");
Linha deletada : user_pref("CT2438727.BrowserCompStateIsOpen_1000515", true);
Linha deletada : user_pref("CT2438727.CT2438727", "CT2438727");
Linha deletada : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
Linha deletada : user_pref("CT2438727.CurrentServerDate", "22-3-2013");
Linha deletada : user_pref("CT2438727.DSInstall", false);
Linha deletada : user_pref("CT2438727.DialogsAlignMode", "LTR");
Linha deletada : user_pref("CT2438727.DialogsGetterLastCheckTime", "Thu Mar 21 2013 19:43:37 GMT-0300");
Linha deletada : user_pref("CT2438727.EMailNotifierPollDate", "Thu Mar 21 2013 19:41:06 GMT-0300");
Linha deletada : user_pref("CT2438727.FirstServerDate", "28-3-2012");
Linha deletada : user_pref("CT2438727.FirstTime", true);
Linha deletada : user_pref("CT2438727.FirstTimeFF3", true);
Linha deletada : user_pref("CT2438727.FixPageNotFoundErrors", true);
Linha deletada : user_pref("CT2438727.GroupingInvalidateCache", false);
Linha deletada : user_pref("CT2438727.GroupingLastCheckTime", "0");
Linha deletada : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
Linha deletada : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Linha deletada : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Linha deletada : user_pref("CT2438727.HPInstall", false);
Linha deletada : user_pref("CT2438727.HasUserGlobalKeys", true);
Linha deletada : user_pref("CT2438727.HomePageProtectorEnabled", false);
Linha deletada : user_pref("CT2438727.HomepageBeforeUnload", "hxxps://www.facebook.com/");
Linha deletada : user_pref("CT2438727.Initialize", true);
Linha deletada : user_pref("CT2438727.InitializeCommonPrefs", true);
Linha deletada : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Linha deletada : user_pref("CT2438727.InstallationType", "DirectDownload");
Linha deletada : user_pref("CT2438727.InstalledDate", "Tue Mar 27 2012 20:46:46 GMT-0300 (Hora oficial do Brasil)");
Linha deletada : user_pref("CT2438727.InvalidateCache", false);
Linha deletada : user_pref("CT2438727.IsAlertDBUpdated", true);
Linha deletada : user_pref("CT2438727.IsGrouping", false);
Linha deletada : user_pref("CT2438727.IsInitSetupIni", true);
Linha deletada : user_pref("CT2438727.IsMulticommunity", false);
Linha deletada : user_pref("CT2438727.IsOpenThankYouPage", true);
Linha deletada : user_pref("CT2438727.IsOpenUninstallPage", true);
Linha deletada : user_pref("CT2438727.IsProtectorsInit", true);
Linha deletada : user_pref("CT2438727.LanguagePackLastCheckTime", "Thu Mar 21 2013 19:43:37 GMT-0300");
Linha deletada : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Linha deletada : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Linha deletada : user_pref("CT2438727.LastLogin_3.10.0.1", "Tue Apr 17 2012 21:29:56 GMT-0300 (Hora oficial do Brasil)");
Linha deletada : user_pref("CT2438727.LastLogin_3.12.0.7", "Wed Apr 25 2012 19:53:10 GMT-0300 (Hora oficial do Brasil)");
Linha deletada : user_pref("CT2438727.LastLogin_3.12.2.3", "Thu Dec 20 2012 14:07:59 GMT-0300");
Linha deletada : user_pref("CT2438727.LastLogin_3.16.0.3", "Thu Mar 21 2013 19:41:29 GMT-0300");
Linha deletada : user_pref("CT2438727.LatestVersion", "3.18.0.7");
Linha deletada : user_pref("CT2438727.Locale", "en");
Linha deletada : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Linha deletada : user_pref("CT2438727.MCDetectTooltipShow", false);
Linha deletada : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Linha deletada : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Linha deletada : user_pref("CT2438727.MyStuffEnabledAtInstallation", true);
Linha deletada : user_pref("CT2438727.OriginalFirstVersion", "3.10.0.1");
Linha deletada : user_pref("CT2438727.RadioLastCheckTime", "0");
Linha deletada : user_pref("CT2438727.RadioLastUpdateIPServer", "0");
Linha deletada : user_pref("CT2438727.RadioLastUpdateServer", "0");
Linha deletada : user_pref("CT2438727.SHRINK_TOOLBAR", 1);
Linha deletada : user_pref("CT2438727.SearchBoxWidth", 100);
Linha deletada : user_pref("CT2438727.SearchCaption", "Zynga Customized Web Search");
Linha deletada : user_pref("CT2438727.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Linha deletada : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Linha deletada : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&SearchSource=2&q=");
Linha deletada : user_pref("CT2438727.SearchInNewTabEnabled", true);
Linha deletada : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Linha deletada : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Thu Mar 21 2013 19:41:06 GMT-0300");
Linha deletada : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Linha deletada : user_pref("CT2438727.SearchInNewTabUserEnabled", false);
Linha deletada : user_pref("CT2438727.SearchProtectorEnabled", false);
Linha deletada : user_pref("CT2438727.SearchProtectorToolbarDisabled", false);
Linha deletada : user_pref("CT2438727.SendProtectorDataViaLogin", true);
Linha deletada : user_pref("CT2438727.ServiceMapLastCheckTime", "Thu Mar 21 2013 19:41:55 GMT-0300");
Linha deletada : user_pref("CT2438727.SettingsLastCheckTime", "Thu Mar 21 2013 19:41:05 GMT-0300");
Linha deletada : user_pref("CT2438727.SettingsLastUpdate", "1359036689");
Linha deletada : user_pref("CT2438727.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2438727&SearchSource=13");
Linha deletada : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Linha deletada : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Thu Mar 21 2013 19:41:05 GMT-0300");
Linha deletada : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1331805997");
Linha deletada : user_pref("CT2438727.ToolbarShrinkedFromSetup", false);
Linha deletada : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");
Linha deletada : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Linha deletada : user_pref("CT2438727.UserID", "UN64587051114461051");
Linha deletada : user_pref("CT2438727.ValidationData_Toolbar", 2);
Linha deletada : user_pref("CT2438727.alertChannelId", "832836");
Linha deletada : user_pref("CT2438727.approveUntrustedApps", true);
Linha deletada : user_pref("CT2438727.backendstorage.currentgame", "63616665");
Linha deletada : user_pref("CT2438727.backendstorage.facebook_mode", "32");
Linha deletada : user_pref("CT2438727.backendstorage.facebook_user_locale", "7074");
Linha deletada : user_pref("CT2438727.components.1000034", true);
Linha deletada : user_pref("CT2438727.components.1000515", false);
Linha deletada : user_pref("CT2438727.components.129509324767711885", true);
Linha deletada : user_pref("CT2438727.components.129665740530401877", true);
Linha deletada : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Thu Mar 21 2013 19:41:08 GMT-0300");
Linha deletada : user_pref("CT2438727.homepageProtectorEnableByLogin", true);
Linha deletada : user_pref("CT2438727.initDone", true);
Linha deletada : user_pref("CT2438727.isAppTrackingManagerOn", false);
Linha deletada : user_pref("CT2438727.myStuffEnabled", true);
Linha deletada : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Linha deletada : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Linha deletada : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Linha deletada : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Linha deletada : user_pref("CT2438727.navigateToUrlOnSearch", false);
Linha deletada : user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,111,129509324767711885,129023982676944454,129665740530401877,1000034,1000080,1000082,1000234,1000515,1000,1001,1002,1003,1004,[...]
Linha deletada : user_pref("CT2438727.revertSettingsEnabled", true);
Linha deletada : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);
Linha deletada : user_pref("CT2438727.searchProtectorEnableByLogin", true);
Linha deletada : user_pref("CT2438727.testingCtid", "");
Linha deletada : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Thu Mar 21 2013 19:41:29 GMT-0300");
Linha deletada : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Thu Mar 21 2013 19:43:37 GMT-0300");
Linha deletada : user_pref("CT2438727.usagesFlag", 2);
Linha deletada : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "wVmmvqqOMqrv5xct1cJIHg==");
Linha deletada : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
Linha deletada : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "0uSPYx+Kl2jpu8sJZMeHjw==");
Linha deletada : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
Linha deletada : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "Dclc8oo4TTv7+mAkSlUSWg==");
Linha deletada : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
Linha deletada : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "cTVrc75U9YwdI74PAhUYFw==");
Linha deletada : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
Linha deletada : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Isuara\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\f9v5k0er.default\\conduitCommon\\modules\\3.16.0.3");
Linha deletada : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
Linha deletada : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Linha deletada : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
Linha deletada : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
Linha deletada : user_pref("CommunityToolbar.ToolbarsList4", "CT2438727");
Linha deletada : user_pref("CommunityToolbar.globalUserId", "daadf4df-c3f0-456e-ab32-ac6e84b554e6");
Linha deletada : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Linha deletada : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Linha deletada : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Mar 21 2013 19:43:36 GMT-0300");
Linha deletada : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Linha deletada : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Linha deletada : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Mar 27 2012 20:46:45 GMT-0300 (Hora oficial do Brasil)");
Linha deletada : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Linha deletada : user_pref("CommunityToolbar.notifications.locale", "en");
Linha deletada : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Linha deletada : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Mar 21 2013 19:41:08 GMT-0300");
Linha deletada : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Linha deletada : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Linha deletada : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Linha deletada : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Linha deletada : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Linha deletada : user_pref("CommunityToolbar.notifications.userId", "4ac6a7d0-0832-47e7-90d6-f9f42e792cc8");
Linha deletada : user_pref("CommunityToolbar.originalHomepage", "hxxps://www.facebook.com/");
Linha deletada : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Linha deletada : user_pref("extensions.Softonic.autoRvrt", "false");
Linha deletada : user_pref("extensions.Softonic.dfltSrch", true);
Linha deletada : user_pref("extensions.Softonic.dnsErr", true);
Linha deletada : user_pref("extensions.Softonic.hmpg", true);
Linha deletada : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=cef83da1000000000000fc8fc4017c07");
Linha deletada : user_pref("extensions.Softonic.newTab", true);
Linha deletada : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=cef83da1000000000000fc8fc4017c07");
Linha deletada : user_pref("extensions.Softonic.rvrt", "false");
Linha deletada : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Linha deletada : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Linha deletada : user_pref("iminent.enableToolbar", "false");
Linha deletada : user_pref("iminent.BirthDate", "1406482514");
Linha deletada : user_pref("iminent.searchindex", "1");
Linha deletada : user_pref("iminent.newtabredirect", "true");
Linha deletada : user_pref("iminent.enableToolbar", "true");
Linha deletada : user_pref("iminent.nomsi", "true");

-\\ Google Chrome v

[ Arquivo : C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [24367 octets] - [12/08/2014 16:55:11]
AdwCleaner[R1].txt - [24451 octets] - [12/08/2014 17:00:28]
AdwCleaner[R2].txt - [24444 octets] - [15/08/2014 18:49:30]
AdwCleaner[S0].txt - [376 octets] - [12/08/2014 16:58:21]
AdwCleaner[S1].txt - [338 octets] - [12/08/2014 17:01:49]
AdwCleaner[S2].txt - [23751 octets] - [15/08/2014 18:57:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [23812 octets] ##########

por **Power Max** Sex 15 Ago 2014, 20:43

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

por isageorge Dom 17 Ago 2014, 16:58

Zoek.exe v5.0.0.0 Updated 15-08-2014
Tool run by Isuara on 17/08/2014 at 16:05:45,41.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: D:\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-16-015228.log 1787 bytes

==== System Restore Info ======================

17/08/2014 16:12:38 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-450319107-1443454657-1460410450-1000\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\prefs.js:
user_pref("browser.startup.homepage", "about:blank");
user_pref("browser.startup.homepage", "about:blank");
user_pref("browser.newtab.url", "about:blank");
user_pref("browser.newtab.url", "about:blank");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?ie=UTF-8&oe=utf-8&q=");
user_pref("keyword.URL", "http://www.google.com/search?ie=UTF-8&oe=utf-8&q=");
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default

user.js not found
---- Lines blabbers modified from prefs.js ----

user_pref("extensions.enabledAddons", "wrc%40avast.com:8.0.1497,FFPDFArchitectConverter%40pdfarchitect.com:1.0,bbrs_002%40blabbers.com:1.0.5,%7B972ce4
user_pref("extensions.enabledAddons", "wrc%40avast.com:8.0.1497,FFPDFArchitectConverter%40pdfarchitect.com:1.0,bbrs_002%40blabbers.com:1.0.5,%7B972ce4
---- FireFox user.js and prefs.js backups ----

prefs_082014_1630_.backup
prefs_082014_2252_.backup

==== Deleting Files \ Folders ======================

C:\register.js deleted
C:\user.js deleted
C:\Users\Isuara\AppData\Roaming\GetRightToGo deleted
C:\Users\Isuara\AppData\Local\CRE deleted
C:\Users\Isuara\AppData\Local\TB deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC deleted
C:\Windows\Tasks\fb5373dc-0f11-4745-a8d6-cc226f766701-1.job deleted
C:\Windows\Tasks\fb5373dc-0f11-4745-a8d6-cc226f766701-10.job deleted
C:\Windows\Tasks\fb5373dc-0f11-4745-a8d6-cc226f766701-11.job deleted
C:\Windows\Tasks\fb5373dc-0f11-4745-a8d6-cc226f766701-3.job deleted
C:\Windows\Tasks\fb5373dc-0f11-4745-a8d6-cc226f766701-4.job deleted
C:\Windows\Tasks\fb5373dc-0f11-4745-a8d6-cc226f766701-5.job deleted
C:\Windows\Tasks\fb5373dc-0f11-4745-a8d6-cc226f766701-5_user.job deleted
C:\Windows\Tasks\fb5373dc-0f11-4745-a8d6-cc226f766701-6.job deleted
C:\Windows\Tasks\fb5373dc-0f11-4745-a8d6-cc226f766701-7.job deleted
C:\Users\Isuara\Searches deleted
C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\jetpack deleted
C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\CT2438727 deleted
"C:\Users\Isuara\AppData\Roaming\minsage" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default
- Undetermined - %ProfilePath%\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com
- 4shared Desktop Plugin - %ProfilePath%\extensions\4sharedCopyLinks.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\Isuara\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\Isuara\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
863FFC28C30385B5ADBF6A6BE5A130E5 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
3C16B6372AEBE923265A4C7048418E04 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
6897943E58D779D1C7CB74191931B1D5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U60
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Isuara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ehhlaekjfiiojlddgndcnefflngfmhen - No path found[]
jdkokpcldhneihjdhigfjmoeojkdcbmg - \C:\Program Files\Iminent\Iminent.crx\[]
nbljechdpodpbchbmjcoamidppmpnmlc - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Isuara\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[11/05/2013 07:20]
ncmdmcjifbkefpaijakdbgfjbpaonjhg - No path found[]

Google Docs - Isuara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Isuara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Isuara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Isuara\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Isuara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
HQ-Pure1.0 - Isuara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom
Google Wallet - Isuara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Isuara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Ginyas Browser Companion - Isuara\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bodddioamolcibagionmmobehnbhiakf
RealPlayer HTML5Video Downloader Extension - Isuara\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Skype Click to Call - Isuara\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Ask Toolbar - Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaaojdbdbhbbkpenbmlejjngphokgnp
Ginyas Browser Companion - Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bodddioamolcibagionmmobehnbhiakf
avast WebRep - Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
RealPlayer HTML5Video Downloader Extension - Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Skype Click to Call - Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Docs - Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki
HQ-Pure1.0 - Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom
Google Wallet - Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Bejeweled - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
Duolingo - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aiahmijlpehemcpleichkcokhegllfjl
ENGLISH MEMORY - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aidhibeakadjobeknimdalmhfekikmaa
Angry Birds - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Lucidchart Diagrams - Online - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apboafhkiegglekeafbckfjldecefkhn
Google Drive - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf
TV - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\beobeededemalmllhkmnkinmfembdimh
YouTube - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Tv Minha Vida Fitness - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\dbaeeppnjdohhnnadfeacglhphjobfpc
Vocabulary2Go.com - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\doeofnfnebdcobjhllepimcjpjbjkmji
Learn English - Treasure Sprint - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\efdenlkkjdodjbkbbmlnijiljofpadoi
Zoho Invoice - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj
English Vocabulary - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ehmpejpojmnjkollhnkioilbibejekoe
Gmail Offline - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk
busuu.com - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\epadnjldocmkadjbopkanclaamocokoo
Sudoku - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\fbldalicehmlaalddffibogeplifangc
Off Road Rally - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gbhibmbedajbmoojnalcbnjjhfgkgnec
Sr. Dinheiro - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gchlfahfcdodhnempckahoanmmaflhkl
Delicious Tools - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gclkcflnjahgejhappicbhcpllkpakej
Fim de Tarde CapitÃ³lio-MG - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gnpbbfioagbpanibaegljpncaliejind
avast Online Security - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gomekmidlodglbbmalcneegieacbdmki
Marvel Comics - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\hjhfaknohpjconjoefidanhihokmkice
HQ-Pure1.0 - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom
Desprotetor de Links - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\imcbnnnoghiihopefblgehihofbfbmei
Password must be between 6 and 64 characters long. - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj
Vagalume - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ipgcdnbeeiajinajlafjcdfhckglcopd
FlyOrDie Backgammon - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\jjajfipfoldnngmddjicblncidmijama
Meet new people on Badoo - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\kmaoahaepmkmdhaohjjakbkeeelpbenb
Blogger - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\lejliakmhcfhakneflmicaoikhbicggc
Guia da Semana - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\llpeeehacmdheefdajbainfmpanommnd
Twoo Notifications - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\mggafhpkgkfebnjfbiefbbbicikgchlf
English vocabulary - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\mgmklfohhllfpjjmjejencmaodgiknmj
Google Wallet - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Bridge the Gap - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nnabcmimfeppcngbeaffbdibagokamji
Last updated at time on date - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ocifcklkibdehekfnmflempfgjhbedch
Meus 5 Minutos - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\odefkccnelomjbieaplhobhjpcakaglb
Lyrics for Google Chrome - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek
OhMyDollz - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\okigcjnedlemakbamnbgkmdoegkhdble
Love Calculator - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\oolmcecgdmgibngcbeedeljjadklplag
Tarifa de T\u00E1xi - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pbldopcdkcepddcophogapjebhfjbpfp
No BBB - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pffipagakjgfndljjpkbdpoimojmgjca
Evernote Web Clipper - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pioclpoplcdbaefihamjohnefbikjilc
Gmail - Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Drive - Isuara\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\apdfllckaahabafndbhieahigkjlhalf
HQ-Pure1.0 - Isuara\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom
Google Wallet - Isuara\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
HQ-Pure1.0 - Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom
Google Wallet - Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Preferences
"homepage": "http://start.iminent.com",
"homepage": "http://www.google.com.br/",
"startup_urls": [ "https://www.facebook.com/", "https://col128.mail.live.com/", "https://www.google.com.br/", "http://desafio101em1001.blogspot.com.br/", "http://www.tumblr.com/dashboard", "https://www.youtube.com/" ],

C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 7\Preferences
"startup_urls": [ "http://www.google.com/" ],

C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Preferences
"homepage": "http://start.iminent.com",
"startup_urls": [ "http://www.google.com/", "https://webmail.salvador.ba.gov.br/" ],

==== Chrome Fix ======================

C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.zynga.com_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.zynga.com_0.localstorage-journal deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bodddioamolcibagionmmobehnbhiakf deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bodddioamolcibagionmmobehnbhiakf deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbljechdpodpbchbmjcoamidppmpnmlc_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_nbljechdpodpbchbmjcoamidppmpnmlc_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\chrome-extension_nbljechdpodpbchbmjcoamidppmpnmlc_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\chrome-extension_nbljechdpodpbchbmjcoamidppmpnmlc_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\chrome-extension_nbljechdpodpbchbmjcoamidppmpnmlc_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Local Storage\chrome-extension_ncmdmcjifbkefpaijakdbgfjbpaonjhg_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Local Storage\chrome-extension_ncmdmcjifbkefpaijakdbgfjbpaonjhg_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Local Storage\chrome-extension_oglbipcbkmlknhfhabolnniekmlhfoek_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Local Storage\chrome-extension_oglbipcbkmlknhfhabolnniekmlhfoek_0.localstorage-journal deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaaaojdbdbhbbkpenbmlejjngphokgnp deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\chrome-extension_aaaaojdbdbhbbkpenbmlejjngphokgnp_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Extensions\ikpbmdkdomofnnkcaoepabekgkedfhom deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Local Storage\chrome-extension_ikpbmdkdomofnnkcaoepabekgkedfhom_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Local Storage\chrome-extension_ikpbmdkdomofnnkcaoepabekgkedfhom_0.localstorage-journal deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Local Storage\chrome-extension_ikpbmdkdomofnnkcaoepabekgkedfhom_0.localstorage deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Local Storage\chrome-extension_ikpbmdkdomofnnkcaoepabekgkedfhom_0.localstorage-journal deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\databases\chrome-extension_ikpbmdkdomofnnkcaoepabekgkedfhom_0 deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Local Extension Settings\ikpbmdkdomofnnkcaoepabekgkedfhom deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\databases\chrome-extension_ikpbmdkdomofnnkcaoepabekgkedfhom_0 deleted successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Local Extension Settings\ikpbmdkdomofnnkcaoepabekgkedfhom deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.bing.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{F992E376-027D-4C35-A2CB-5AB83B06F73C} Bing Url="http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=062413&q={searchTerms}&src=IE-SearchBox"

==== Reset Google Chrome ======================

C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences was reset successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Preferences was reset successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 7\Preferences was reset successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Preferences was reset successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data was reset successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Web Data was reset successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 7\Web Data was reset successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\RealPlayer Cloud.lnk - C:\program files\real\realplayer\RealPlay.exe /launch:desktop
C:\Users\Public\Desktop\subliminal.lnk - C:\proform\SUBLIMINAIS\subliminal.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk - C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk - C:\Windows\system32\fsquirt.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\Montador do RealPlayer.lnk - C:\Program Files\Real\RealPlayer\realtrimmer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Cloud.lnk - C:\program files\real\realplayer\realplay.exe /launch:start_menu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Converter.lnk - C:\Program Files\Real\RealPlayer\realconverter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk - C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ehhlaekjfiiojlddgndcnefflngfmhen deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jdkokpcldhneihjdhigfjmoeojkdcbmg deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ncmdmcjifbkefpaijakdbgfjbpaonjhg deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7130468A-F53F-4698-8C09-A339EA3B05E6} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\A8640317F35F8964C8903A93AEB3506E deleted successfully

==== Empty IE Cache ======================

C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Isuara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Isuara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 6\Cache emptied successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 7\Cache emptied successfully
C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Profile 8\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=813 folders=134 28856517 bytes)

==== Empty Temp Folders ======================

C:\Users\Convidado\AppData\Local\Temp emptied successfully
C:\Users\Isuara\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Isuara\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 17/08/2014 at 16:52:48,48 ======================

por **Power Max** Dom 17 Ago 2014, 17:38

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por isageorge Dom 17 Ago 2014, 23:37

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by Isuara on 17/08/2014 at 23:31:02,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\messenger plus! for skype_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\messenger plus! for skype_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\plusskypeservice_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\plusskypeservice_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644054448}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644054448}

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Isuara\AppData\Roaming\mozilla\firefox\profiles\f9v5k0er.default\minidumps [4 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/08/2014 at 23:35:33,38
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Dom 17 Ago 2014, 23:51

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

por isageorge Dom 24 Ago 2014, 10:54

SEGUE O LOG, COMO NÃO SEI O QUE EXCLUIR, TODOS FICARAM NA QUARENTENA

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 22/08/2014
Hora da Verificação: 15:11:21
Logfile: LOG.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.08.22.07
Rootkit Database: v2014.08.21.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Isuara

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 536318
Tempo Decorrido: 1 hr, 40 min, 46 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 1
PUP.Optional.Iminent.A, HKU\S-1-5-21-450319107-1443454657-1460410450-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, Quarantined, [eab549809edd3303aa4830d0ee1531cf],

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 13
PUP.Optional.CrossRider.A, C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com, Quarantined, [a1fe6762f08ba88e10a08c3609f91fe1],
PUP.Optional.CrossRider.A, C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com\chrome, Quarantined, [a1fe6762f08ba88e10a08c3609f91fe1],
PUP.Optional.CrossRider.A, C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com\chrome\content, Quarantined, [a1fe6762f08ba88e10a08c3609f91fe1],
PUP.Optional.CrossRider.A, C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com\chrome\content\api, Quarantined, [a1fe6762f08ba88e10a08c3609f91fe1],
PUP.Optional.CrossRider.A, C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com\chrome\content\core, Quarantined, [a1fe6762f08ba88e10a08c3609f91fe1],
PUP.Optional.CrossRider.A, C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com\defaults, Quarantined, [a1fe6762f08ba88e10a08c3609f91fe1],
PUP.Optional.CrossRider.A, C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com\defaults\preferences, Quarantined, [a1fe6762f08ba88e10a08c3609f91fe1],
PUP.Optional.CrossRider.A, C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com\extensionData, Quarantined, [a1fe6762f08ba88e10a08c3609f91fe1],
PUP.Optional.CrossRider.A, C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com\extensionData\plugins, Quarantined, [a1fe6762f08ba88e10a08c3609f91fe1],
PUP.Optional.CrossRider.A, C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com\extensionData\userCode, Quarantined, [a1fe6762f08ba88e10a08c3609f91fe1],
PUP.Optional.CrossRider.A, C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com\locale, Quarantined, [a1fe6762f08ba88e10a08c3609f91fe1],
PUP.Optional.CrossRider.A, C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com\locale\en-US, Quarantined, [a1fe6762f08ba88e10a08c3609f91fe1],
PUP.Optional.CrossRider.A, C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\extensions\d55cd0d7-9f24-4660-95b3-188599e8e4f8@6b2faf04-e86f-4bcf-a878-632814acf518.com\skin, Quarantined, [a1fe6762f08ba88e10a08c3609f91fe1],

Arquivos: 21
PUP.Optional.OpenCandy.A, C:\Users\Isuara\.frostwire5\updates\frostwire-5.7.0.windows.coc.premium.exe, Quarantined, [e4bb696028536fc7415781c1b24efa06],
PUP.Optional.IMGUpdater.A, C:\AdwCleaner\Quarantine\C\Program Files\Common Files\IMGUpdater\IMGUpdater.exe.vir, Quarantined, [c5da11b8d1aac96dcb82315f7b865ea2],
PUP.Optional.HQPure.A, C:\AdwCleaner\Quarantine\C\Program Files\HQ-Pure1.0\fb5373dc-0f11-4745-a8d6-cc226f766701-3.exe.vir, Quarantined, [831c5d6cd7a493a39b6fa308a06144bc],
PUP.Optional.HQPure.A, C:\AdwCleaner\Quarantine\C\Program Files\HQ-Pure1.0\fb5373dc-0f11-4745-a8d6-cc226f766701-10.exe.vir, Quarantined, [257a6a5fcbb0ef470802fdae8879916f],
PUP.Optional.HQPure.A, C:\AdwCleaner\Quarantine\C\Program Files\HQ-Pure1.0\fb5373dc-0f11-4745-a8d6-cc226f766701-4.exe.vir, Quarantined, [c7d87c4d671450e61af0733869986f91],
PUP.Optional.HQPure.A, C:\AdwCleaner\Quarantine\C\Program Files\HQ-Pure1.0\fb5373dc-0f11-4745-a8d6-cc226f766701-5.exe.vir, Quarantined, [900f2a9f4833c76f4ac07f2c5ea340c0],
PUP.Optional.HQPure.A, C:\AdwCleaner\Quarantine\C\Program Files\HQ-Pure1.0\HQ-Pure1.0-bho.dll.vir, Quarantined, [752ac3064c2f6acc2dddb1faf30e659b],
PUP.Optional.HQPure.A, C:\AdwCleaner\Quarantine\C\Program Files\HQ-Pure1.0\HQ-Pure1.0-nova.exe.vir, Quarantined, [3c63b3165e1d181e2bdf3e6d8e731ce4],
PUP.Optional.HQPure.A, C:\AdwCleaner\Quarantine\C\Program Files\HQ-Pure1.0\HQ-Pure1.0-novainstaller.exe.vir, Quarantined, [c9d6dfea34477abcaf5b4e5dc73a5ca4],
PUP.Optional.CrossRider.A, C:\AdwCleaner\Quarantine\C\Program Files\HQ-Pure1.0\utils.exe.vir, Quarantined, [009feedbbfbc40f6e45cef5d976936ca],
PUP.Optional.4Shared, C:\Program Files\4shared Desktop\desktop.exe, Quarantined, [a3fc9b2e0d6ee35398f656c822dedd23],
PUP.Optional.ClientConnect, C:\zoek_backup\C_Users_Isuara_AppData_Local_TB\APISupport\APISupport.dll, Quarantined, [a8f732974734f73f69025a51926f1be5],
PUP.Optional.ClientConnect, C:\zoek_backup\C_Users_Isuara_AppData_Local_TB\APISupport\APISupport.old, Quarantined, [7827a3261f5cef47aac1bcef6e93649c],
PUP.Optional.ClientConnect, C:\zoek_backup\C_Users_Isuara_AppData_Local_TB\APISupport\APISupport_2.1.0.7\ApiSupport.dll, Quarantined, [49566c5dd3a8d462fe6d2b8008f91fe1],
PUP.Optional.ClientConnect, C:\zoek_backup\C_Users_Isuara_AppData_Local_TB\APISupport\APISupport_2.1.0.8\ApiSupport.dll, Quarantined, [009fb514a6d560d60665b3f8f9089a66],
PUP.Optional.ClientConnect, C:\zoek_backup\C_Users_Isuara_AppData_Local_TB\APISupport\APISupport_2.2.0.9\ApiSupport.dll, Quarantined, [57485376522973c3e08b3e6d46bbc63a],
PUP.Optional.Conduit.A, C:\zoek_backup\C_Users_Isuara_AppData_Local_TB\APISupport\MiniSP_1.0.2.93\MiniSP.dll, Quarantined, [e5ba389137445dd93a45e65f08f87e82],
PUP.Optional.Softonic.A, D:\Meus documentos\@ DOCUMENTOS ANTIGOS\Aplicativos de Programas\SoftonicDownloader_para_emule.exe, Quarantined, [b1ee16b398e3d264221123099d6449b7],
Hacktool.Agent, D:\Meus documentos\@ DOCUMENTOS ANTIGOS\Arquivos de programa\Ativador Windows 7loader\Windows Loader.exe, Quarantined, [f7a8efda02796cca7b78be973cc55ba5],
PUP.Optional.Conduit.A, C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage, Quarantined, [0d92f2d7017a3501a4edee0f25dd2cd4],
PUP.Optional.Conduit.A, C:\Users\Isuara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage-journal, Quarantined, [dcc3eadf2c4f7db9870a89745da59d63],

Physical Sectors: 0
(No malicious items detected)

(end)

por **Power Max** Dom 24 Ago 2014, 11:22

SEGUE O LOG, COMO NÃO SEI O QUE EXCLUIR, TODOS FICARAM NA QUARENTENA

Pode deixá-los na quarentena.
________________________________________________________________________________

Problemas com Cinema-plus 1.2 772309

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

por isageorge Qua 27 Ago 2014, 19:54

~ Relatório do ZHPDiag v2014.8.24.123 - Nicolas Coolman (24/08/2014)
~ Iniciado por Isuara (27/08/2014 19:05:02)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17239
MFIE: Mozilla Firefox 31.0
GCIE: Google Chrome v36.0.1985.143 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.07

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 ActiveX

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2035 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 16 GB (10%) free of 154 GB

---\\ Modo de conexão ao sistema
~ Computer Name: ISAURA-PC
~ User Name: Isuara
~ All Users Names: Isuara, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Isuara\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Isuara\AppData\Roaming\
~ %Desktop% : C:\Users\Isuara\Desktop\
~ %Favorites% : C:\Users\Isuara\Favorites\
~ %LocalAppData% : C:\Users\Isuara\AppData\Local\
~ %StartMenu% : C:\Users\Isuara\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 16 Go of 154 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 144 Go)
E: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 46 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.B945BAA81B4805AD6BDDF4D026DCFB47] - (.Microsoft Corporation - Internet Extensions para Win32.) (.25/07/2014 - 07:05:23.) -- C:\Windows\System32\wininet.dll [1792512]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/24
~ Mes musiques (My Musics) : 1/56
~ Mes Videos (My Videos) : 1/32
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/24475
~ Mon Bureau (My Desktop) : 1/8782
~ Menu demarrer (Programs) : 1/53
~ Hidden Files: Scanned in 00mn 38s

---\\ Processos lançados
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.3376]
[MD5.5BD2DA256A68E99622D6968330DCC461] - (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe [159456] [PID.3384]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3416]
[MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3464]
[MD5.26B558B2D31C7425B455B00E562EAD93] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [4085896] [PID.3472]
[MD5.06F39071A9E3635F4258FD7F5E3F5988] - (.Nokia - Nokia Suite.) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912] [PID.3532]
[MD5.5425B0E1A2FBEE08E5FE3F8A54FE487F] - (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632] [PID.3596]
[MD5.E72E98FEB4160E8B40075604EFC723EC] - (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe [1067232] [PID.3672]
[MD5.1EAEAFAF61F7DB321A005F8FF64FA8CC] - (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Isuara\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040] [PID.3708]
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.3732]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.3744]
[MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.3752]
[MD5.2F0EAAF91FC7A5C70D1F4BE9B18A1CF5] - (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe [354304] [PID.3824]
[MD5.77FBCE63719BE1DFDA9E5178CD7EE7CF] - (.RealNetworks, Inc. - RealPlayer Cloud Service UI.) -- C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe [822880] [PID.3972]
[MD5.9116C0F06FC27860417172101ECD6ACB] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Isuara\AppData\Roaming\Dropbox\bin\Dropbox.exe [38995480] [PID.3124]
[MD5.208270C9AD3E82F6ABAC870F950E5F0D] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe [13246272] [PID.552]
[MD5.CB627FD736463A5658BC56487E88BD0E] - (.Evernote Corp., 305 Walnut Street, Redwood - Evernote Clipper.) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe [1103200] [PID.2648]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.3768]
[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.4684]
[MD5.58FBD16C4BB84D9F69C25F30DAA4CE31] - (.Nokia - Microsoft Bluetooth Media Server.) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe [158032] [PID.7712]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Users\Isuara\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [PID.5760]
[MD5.C4B1F41CA69F5BBA3FB7631093E58E1A] - (...) -- C:\Users\Isuara\AppData\Local\Google\Update\Install\{3725BE60-E9A7-43E2-BE3E-DC896864EFBC}\37.0.2062.94_36.0.1985.143_chrome_updater.exe [7226448] [PID.7236]
[MD5.77DF2A6EB2EAA6AF4E67CD532D1269F8] - (.Google Inc. - Google Chrome Installer.) -- C:\Users\Isuara\AppData\Local\Temp\CR_0D5B3.tmp\setup.exe [1096520] [PID.7332]
[MD5.072678E0D68E9C3A7960328671134C7B] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [54240] [PID.4944]
[MD5.8C8794A095CEC807ED67ECC50E13225A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8097280] [PID.4608]
~ Processes Running: Scanned in 00mn 08s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\prefs.js
M3 - MFPP: Plugins - [Isuara] -- C:\Users\Isuara\AppData\Roaming\Mozilla\Firefox\Profiles\f9v5k0er.default\searchplugins\Baixaki.xml
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (...) -- C:\Program Files\Google\Picasa3\npPicasa3.dll (.not file.)
P2 - FPN: [HKLM] [@nokia.com/EnablerPlugin] - (...) -- C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll (.not file.)
P2 - FPN: [HKLM] [@Skype Technologies S.A..com/Skype Web Plugin] - (...) -- C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (.not file.)
~ Firefox Browser: 29 Legitimates Filtered in 00mn 02s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} Chave orfã
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} Chave orfã
O2 - BHO: (no name) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} Chave orfã
~ BHO: 10 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKCU\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [Badoo Desktop] . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Isuara\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Isuara\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-450319107-1443454657-1460410450-1000\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKUS\S-1-5-21-450319107-1443454657-1460410450-1000\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKUS\S-1-5-21-450319107-1443454657-1460410450-1000\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-450319107-1443454657-1460410450-1000\..\Run: [Badoo Desktop] . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - HKUS\S-1-5-21-450319107-1443454657-1460410450-1000\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Isuara\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKUS\S-1-5-21-450319107-1443454657-1460410450-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-450319107-1443454657-1460410450-1000\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-450319107-1443454657-1460410450-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Isuara\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-450319107-1443454657-1460410450-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Chave orfã
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} -- C:\Program Files\Evernote\Evernote\EvernoteIE.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF3289E6-B9EF-402C-8A09-B810D91BD87B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D03C8E87-4D2E-460D-8598-24F4FA87191C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF3289E6-B9EF-402C-8A09-B810D91BD87B}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\..\{D03C8E87-4D2E-460D-8598-24F4FA87191C}: DhcpDomain = Realtek
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7BE7113-D7E3-4C6D-8B0E-6D060495F642}: DhcpDomain = domain.invalid
O17 - HKLM\System\CS1\Services\Tcpip\..\{BF3289E6-B9EF-402C-8A09-B810D91BD87B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D03C8E87-4D2E-460D-8598-24F4FA87191C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BF3289E6-B9EF-402C-8A09-B810D91BD87B}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{D03C8E87-4D2E-460D-8598-24F4FA87191C}: DhcpDomain = Realtek
O17 - HKLM\System\CS1\Services\Tcpip\..\{E7BE7113-D7E3-4C6D-8B0E-6D060495F642}: DhcpDomain = domain.invalid
O17 - HKLM\System\CS2\Services\Tcpip\..\{BF3289E6-B9EF-402C-8A09-B810D91BD87B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D03C8E87-4D2E-460D-8598-24F4FA87191C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{BF3289E6-B9EF-402C-8A09-B810D91BD87B}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{D03C8E87-4D2E-460D-8598-24F4FA87191C}: DhcpDomain = Realtek
O17 - HKLM\System\CS2\Services\Tcpip\..\{E7BE7113-D7E3-4C6D-8B0E-6D060495F642}: DhcpDomain = domain.invalid
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.No owner - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: lxbk_device (lxbk_device) . (.No owner - Printer Communication System.) - C:\Windows\system32\lxbkcoms.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) . (...) - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
~ Services: 12 Legitimates Filtered in 00mn 06s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{024D0D42-89F6-4F2E-9D89-AFC3B60A426D}] (...) -- C:\Users\Isuara\Desktop\eMule0.50a-Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{49A93B6F-AB7A-432E-835C-49BE9403760C}] (...) -- D:\Downloads\Aplicativos\Evernote_4.5.8.7356.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7662E1EC-76A8-4B3A-90A9-13CA29EA40BF}] (...) -- C:\Users\Isuara\Desktop\Trabalho\DRUZY\Cha Beleza\A verdade sobre o Marketing de Atra‡Æo\Averdade sobre o Marketing de Atra‡Æo.exe (.not file.) [0]
[MD5.442FD39E8EE70437875B98194AF3242D] [APT] [{E131A7DE-4A4C-487A-8893-D542C0DD9D48}] (...) -- D:\Downloads\vpsupd (1).exe [121397112]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\Tasks\AutoKMS.job [202] =>Trojan.AutoKMS
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-450319107-1443454657-1460410450-1000Core [910]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-450319107-1443454657-1460410450-1000UA [932]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-450319107-1443454657-1460410450-1000Core [1030]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-450319107-1443454657-1460410450-1000UA [1082]
~ Scheduled Task: 33 Legitimates Filtered in 00mn 10s

---\\ Software instalados (042)
O42 - Logiciel: Jimbo v2 - (.Fabrica de Criacao em Comunicacoes SC Ltda.) [HKLM] -- br.com.meubolsoemdia.jimbo
O42 - Logiciel: Jimbo v2 - (.Fabrica de Criacao em Comunicacoes SC Ltda.) [HKLM] -- {7BB2AD50-282C-717A-15A5-568B523AAB1A}
O42 - Logiciel: SilentIdea 3.2.3 - (.www.codelines.com.) [HKLM] -- SilentIdea_is1
O42 - Logiciel: Subliminais - (...) [HKLM] -- Subliminais
~ Logic: 18 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Canasta BV]
[HKCU\Software\GbAs]
[HKCU\Software\MeggieSoft Games]
[HKCU\Software\eBook Maestro Books]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Canasis vB]
~ Key Software: 287 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/08/2012 - 22:20:20 - [] ----D C:\Program Files\Meu Bolso em Dia
O43 - CFD: 17/03/2012 - 11:50:11 - [] ----D C:\Program Files\SilentIdea
O43 - CFD: 04/01/2014 - 11:34:24 - [] ----D C:\Users\Isuara\AppData\Roaming\br.com.meubolsoemdia.jimbo
O43 - CFD: 12/03/2012 - 15:21:14 - [] ----D C:\Users\Isuara\AppData\Roaming\Peace Craft
O43 - CFD: 11/12/2013 - 17:55:58 - [] ----D C:\Users\Isuara\AppData\Roaming\Pmcc
O43 - CFD: 29/07/2014 - 16:44:46 - [] ----D C:\Users\Isuara\AppData\Local\0AD0E4B0-2625-45C5-A6E5-1C4CA234ED4C.aplzod
O43 - CFD: 14/12/2013 - 18:12:29 - [] ----D C:\Users\Isuara\AppData\Local\Pmcc
~ Program Folder: 200 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.1DB0931F8EB4CC5509822B091A67580B] - 15/08/2014 - 22:52:28 ---A- . (...) -- C:\zoek-results2014-08-16-015228.log [1787]
O44 - LFC:[MD5.57A3EA52CC3D1E043857A7388CFB6ED6] - 17/08/2014 - 13:57:24 ---A- . (...) -- C:\Windows\ntbtlog.txt [85874]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 17/08/2014 - 16:05:19 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.54AE8C8BDE3B6F6E91EA721C3BAE5A3F] - 17/08/2014 - 16:52:48 ---A- . (...) -- C:\zoek-results.log [35226]
O44 - LFC:[MD5.D17A8D4F6FD8A4C536CBAB1053C6D4D9] - 23/08/2014 - 07:26:08 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148482]
O44 - LFC:[MD5.CB5E057C8F0D7F076D1C329C14A9A716] - 23/08/2014 - 07:26:08 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [708702]
O44 - LFC:[MD5.F92E4EDC20FFC090A977D58266152836] - 24/08/2014 - 10:42:56 ----- . (...) -- C:\bootsqm.dat [3352]
~ Files: 72 Legitimates Filtered in 00mn 46s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:29/07/2014 - 17:03:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:29/07/2014 - 17:03:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:28/06/2013 - 20:10:21 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:28/06/2013 - 20:10:27 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:29/07/2014 - 17:03:21 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:28/06/2013 - 20:10:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:09/10/2012 - 13:29:58 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46440]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:22/06/2012 - 12:01:32 ---A- . (...) -- C:\Windows\System32\ESGScanner.sys [19984]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 87 Legitimates Filtered in 00mn 09s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 29/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 09/10/2012 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 82 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\users\isuara\appdata\local\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\users\isuara\appdata\local\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] 10677B069AE940B9A632C31C4CDFCDD2 - (Yahoo! Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {F992E376-027D-4C35-A2CB-5AB83B06F73C} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\emule_RASAPI32 =>P2P.eMule
HKLM\SOFTWARE\Microsoft\Tracing\emule_RASMANCS =>P2P.eMule
~ BTK: 333 Legitimates Filtered in 00mn 00s

---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{24F107C1-F884-437d-8631-07DCAAE7250C}] (RegistryAccessor) =>PUP.YetAnotherCleaner
~ BCK: 7312 Legitimates Filtered in 00mn 15s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 10/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 03/05/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/05/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 30/07/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/11/2006 774144 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 18/08/2009 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 29/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 09/10/2012 280168 | (GbpSv) . (...) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Demand 21/02/2014 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 19/02/2008 537256 | (lxbk_device) . (...) - C:\Windows\system32\lxbkcoms.exe
SR - | Auto 08/04/2013 1320496 | (PDF Architect Helper Service) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect\HelperService.exe
SR - | Auto 08/04/2013 799280 | (PDF Architect Service) . (.pdfforge GmbH.) - C:\Program Files\PDF Architect\ConversionService.exe
SR - | Auto 01/08/2014 1141848 | (RealPlayer Cloud Service) . (.RealNetworks, Inc..) - c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe
SR - | Auto 26/06/2014 23552 | (RealPlayerUpdateSvc) . (...) - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
SR - | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 06/08/2014 5052224 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 18s

---\\ Scâner Aditional (088)
Database Version : 13026 - (24/08/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4shared Tools =>Toolbar.4shared
C:\Windows\Tasks\AutoKMS.job =>Trojan.AutoKMS^
[HKCR\CLSID\{24F107C1-F884-437d-8631-07DCAAE7250C}] (RegistryAccessor) =>PUP.YetAnotherCleaner^
~ Additionnel Scan: 342689 Items scanned in 00mn 50s

---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.AutoKMS
~ MSI: 1 link(s) detected in 00mn 00s

~ 871 Legitimates filtered by white list
End of the scan (506 lines in 04mn 40s)(0)

por **joram** Sex 29 Ago 2014, 15:44

Boa Tarde! isageorge

|- O Power Max encontra-se impossibilitado,em atendê-lo e solicitou-me dar prosseguimento no seu caso e de outros Membros.

-/-

|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.

script zhpfix
emptytemp
sysrestore
[MD5.00000000000000000000000000000000] [APT] [{024D0D42-89F6-4F2E-9D89-AFC3B60A426D}] (...) -- C:\Users\Isuara\Desktop\eMule0.50a-Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{49A93B6F-AB7A-432E-835C-49BE9403760C}] (...) -- D:\Downloads\Aplicativos\Evernote_4.5.8.7356.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7662E1EC-76A8-4B3A-90A9-13CA29EA40BF}] (...) -- C:\Users\Isuara\Desktop\Trabalho\DRUZY\Cha Beleza\A verdade sobre o Marketing de Atra‡Æo\Averdade sobre o Marketing de Atra‡Æo.exe (.not file.) [0]
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} Chave orfã
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} Chave orfã
O2 - BHO: (no name) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} Chave orfã
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-450319107-1443454657-1460410450-1000Core [910]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-450319107-1443454657-1460410450-1000UA [932]
O44 - LFC:[MD5.1DB0931F8EB4CC5509822B091A67580B] - 15/08/2014 - 22:52:28 ---A- . (...) -- C:\zoek-results2014-08-16-015228.log [1787]
O44 - LFC:[MD5.54AE8C8BDE3B6F6E91EA721C3BAE5A3F] - 17/08/2014 - 16:52:48 ---A- . (...) -- C:\zoek-results.log [35226]
O44 - LFC:[MD5.F92E4EDC20FFC090A977D58266152836] - 24/08/2014 - 10:42:56 ----- . (...) -- C:\bootsqm.dat [3352]
O39 - APT: - (..) -- C:\Windows\Tasks\AutoKMS.job [202] =>Trojan.AutoKMS
[HKCR\CLSID\{24F107C1-F884-437d-8631-07DCAAE7250C}] (RegistryAccessor) =>PUP.YetAnotherCleaner
C:\Windows\Tasks\AutoKMS.job =>Trojan.AutoKMS^
[HKCR\CLSID\{24F107C1-F884-437d-8631-07DCAAE7250C}] (RegistryAccessor) =>PUP.YetAnotherCleaner^
Firewallraz
emptyclsid
emptyprefetch

|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+

por isageorge Sex 29 Ago 2014, 16:13

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Isuara at 29/08/2014 16:12:26
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Prefetcher vazio

========== Chaves do Registo ==========
ELIMINÉ: CLSID BHO: {3A2D5EBA-F86D-4BD3-A177-019765996711}
ELIMINÉ: CLSID BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
ELIMINÉ: CLSID BHO: {92EF2EAD-A7CE-4424-B0DB-499CF856608E}
ELIMINÉ: HKCR\CLSID\{24F107C1-F884-437d-8631-07DCAAE7250C}

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (None) : MCX-Prov-Out-TCP
ELIMINÉ: FirewallRaz (None) : MCX-McrMgr-Out-TCP
ELIMINÉ: FirewallRaz (None) : {C93A3424-7A99-4AC4-A911-FF8D767AC4EC}
ELIMINÉ: FirewallRaz (Domain) : {22E938EF-1FF5-4CFC-BA00-784FF128127B}
ELIMINÉ: FirewallRaz (Domain) : {9611A34D-D740-4263-8CCC-ED99FC19A5B3}
ELIMINÉ: FirewallRaz (Domain) : {4848AFDD-8193-4307-938F-F468E0F35967}
ELIMINÉ: FirewallRaz (Domain) : {7EC10BE2-DF1D-4494-8B4F-F9504AE061E1}
ELIMINÉ: FirewallRaz (Public) : {835986BD-4AA8-4288-8A05-3B54AF8D35BF}
ELIMINÉ: FirewallRaz (Public) : {CD135482-E67D-4959-9E53-E33C745CB5F0}
ELIMINÉ: FirewallRaz (Public) : {5556FCCA-4A5C-4360-9F79-68691CE5A375}
ELIMINÉ: FirewallRaz (Public) : {7C4B0001-BE08-44DE-8A2D-FC55C3A0287E}
ELIMINÉ: FirewallRaz (Domain) : {F876FD97-4C08-4E36-9E6D-5954565C3151}
ELIMINÉ: FirewallRaz (Domain) : {40447338-A202-444B-A1E9-6A668D8589B9}
ELIMINÉ: FirewallRaz (Public) : {7E685129-BC74-4768-AB9C-188E8C68769A}
ELIMINÉ: FirewallRaz (Public) : {F3116129-2E96-4888-900A-AAEC9EB18553}
ELIMINÉ: FirewallRaz (Private) : TCP Query User{42309847-6CBF-46BF-93B9-9676BFA946EE}C:\windows\kmsemulator.exe
ELIMINÉ: FirewallRaz (Private) : UDP Query User{01E20D87-A844-4742-B8E6-FDE688B0B60B}C:\windows\kmsemulator.exe

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (354) (5.637.030 octets)
ELIMINÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-450319107-1443454657-1460410450-1000core
ELIMINÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-450319107-1443454657-1460410450-1000ua
ELIMINÉ: c:\zoek-results2014-08-16-015228.log
ELIMINÉ: c:\zoek-results.log
ELIMINÉ: c:\bootsqm.dat
ELIMINÉ: c:\windows\tasks\autokms.job

========== Tarefa planificada ==========
ELIMINÉ: {024D0D42-89F6-4F2E-9D89-AFC3B60A426D}
ELIMINÉ: {49A93B6F-AB7A-432E-835C-49BE9403760C}
ELIMINÉ: {7662E1EC-76A8-4B3A-90A9-13CA29EA40BF}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
4 : Chaves do Registo
19 : Valores do Registo
1 : Pastas
7 : Ficheiros
3 : Tarefa planificada
1 : Restauração Sistema

End of clean in 01mn 09s

========== Caminho do ficheiro do relatório ==========
C:\Users\Isuara\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/08/2014 16:12:30 [3018]

por **joram** Sex 29 Ago 2014, 16:57

Boa Tarde! isageorge

|- Como está o computador? O malware,ainda,lhe incomoda?
|- O MBAM detectou muitos PUPS,onde o scan em Eset,pode ser um bom complemento.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Abra a ferramenta AdwCleaner e clique em "Desinstalar".
|- Confirme a solicitação!

-/-

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Salve-o no desktop!
|- Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe <<
|- Aceite o contrato e marque: "YES, I accept the Terms of Use"
|- Clique: "Start"

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Em "Computer scan settings",marque:

<1> Scan archives
<2> Scan for potentially unsafe applications[/b]
<3> Enable Anti-Stealth technology[/b]
<4> Remove found threats[/b]

|- Clique em "Advanced settings".
|- Clique "Change" e marque a caixa "Computador".
|- Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )
|- Ao concluir,clique em "List of found threats".
|- Clique em "Export to text file" e salve o relatório no desktop.
|- Clique "Back" >> "Finish".
|- Poste o relatório!

A+

por isageorge Sex 29 Ago 2014, 17:55

O AdwCleaner informa que a quarentena será esvaziada. Conclui o procedimento?

por **joram** Sex 29 Ago 2014, 19:56

isageorge escreveu:O AdwCleaner informa que a quarentena será esvaziada. Conclui o procedimento?

Boa Noite! isageorge

|- Sim! Conclua o esvaziamento e,à seguir,realize o scan em Eset.
|- Ps: Ao abrir o Gerenciador de Tarefas,notas um alto uso da CPU?

a+

por isageorge Sáb 30 Ago 2014, 10:06

joram escreveu:
isageorge escreveu:O AdwCleaner informa que a quarentena será esvaziada. Conclui o procedimento?
Boa Noite! isageorge

|- Sim! Conclua o esvaziamento e,à seguir,realize o scan em Eset.
|- Ps: Ao abrir o Gerenciador de Tarefas,notas um alto uso da CPU?

a+

Não verifiquei

Segue o relatório do ESET

C:\Users\Isuara\Google Drive\u1210.exe Win32/UltraReach potentially unsafe application deleted - quarantined
C:\Users\Isuara\Google Drive\UFBA\U1301.exe Win32/UltraReach.AF potentially unsafe application deleted - quarantined
C:\Users\Isuara\SkyDrive\Isaura\U1210.exe Win32/UltraReach potentially unsafe application deleted - quarantined
C:\Windows\System32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\zoek_backup\C_Users_Isuara_AppData_Local_Google_Chrome_User Data_Default_Extensions_ikpbmdkdomofnnkcaoepabekgkedfhom\1.26.57_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\zoek_backup\C_Users_Isuara_AppData_Local_Google_Chrome_User Data_Profile 3_Extensions_ikpbmdkdomofnnkcaoepabekgkedfhom\1.26.57_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\zoek_backup\C_Users_Isuara_AppData_Local_Google_Chrome_User Data_Profile 6_Extensions_ikpbmdkdomofnnkcaoepabekgkedfhom\1.26.57_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\zoek_backup\C_Users_Isuara_AppData_Local_Google_Chrome_User Data_Profile 7_Extensions_ikpbmdkdomofnnkcaoepabekgkedfhom\1.26.57_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\zoek_backup\C_Users_Isuara_AppData_Local_Google_Chrome_User Data_Profile 8_Extensions_ikpbmdkdomofnnkcaoepabekgkedfhom\1.26.57_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\zoek_backup\C_Users_Isuara_AppData_Local_TB\APISupport\MiniSP_1.0.2.107\MiniSP.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
D:\Downloads\real takashi.rar a variant of Win32/Packed.Themida.AAE trojan deleted - quarantined
D:\Downloads\yet_another_cleaner_sk.exe a variant of Win32/ELEX.Q potentially unwanted application deleted - quarantined
D:\Downloads\Nova pasta\crack realplayplus 16.rar a variant of Win32/Packed.Themida.AAE trojan deleted - quarantined
D:\Downloads\Nova pasta\crack realplayplus 16\Activator By Latestuploads.com.exe a variant of Win32/Packed.Themida.AAE trojan cleaned by deleting - quarantined
D:\ISAURA-PC\Backup Set 2014-06-24 155700\Backup Files 2014-06-24 155700\Backup files 28.zip a variant of Win32/ELEX.Q potentially unwanted application deleted - quarantined
D:\ISAURA-PC\Backup Set 2014-06-24 155700\Backup Files 2014-06-24 155700\Backup files 66.zip a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
D:\ISAURA-PC\Backup Set 2014-06-24 155700\Backup Files 2014-06-29 190003\Backup files 1.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
D:\ISAURA-PC\Backup Set 2014-06-24 155700\Backup Files 2014-07-21 152017\Backup files 1.zip a variant of Win32/ELEX.AS potentially unwanted application deleted - quarantined
D:\ISAURA-PC\Backup Set 2014-06-24 155700\Backup Files 2014-07-27 190010\Backup files 1.zip Win32/Toolbar.Iminent.I potentially unwanted application deleted - quarantined
D:\ISAURA-PC\Backup Set 2014-06-24 155700\Backup Files 2014-08-03 190006\Backup files 2.zip multiple threats deleted - quarantined
D:\Meus documentos\@ DOCUMENTOS ANTIGOS\Aplicativos de Programas\PDFCreator-1_3_2_setup.exe Win32/OpenCandy potentially unsafe application deleted - quarantined

por **joram** Sáb 30 Ago 2014, 10:27

Bom Dia! isageorge

|- Ficou "enxuto" o scan em Eset,já que não houve detecções de nenhuma quarentena.

-/-

|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Estando na página,clique em Download Now.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Com as caixinhas marcadas,clique Executar!

|- Bom trabalho! Problemas com Cinema-plus 1.2 648673379

|- Tudo Ok?

Abs!

por **joram** Qua 01 Out 2014, 16:24

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Problemas com Cinema-plus 1.2

Problemas com Cinema-plus 1.2

Re: Problemas com Cinema-plus 1.2

Não completa a limpeza

Re: Problemas com Cinema-plus 1.2

Limpeza concluida

Re: Problemas com Cinema-plus 1.2

Analise concluida

Re: Problemas com Cinema-plus 1.2

Analise concluída - JRT.txt

Re: Problemas com Cinema-plus 1.2

Log Malwarebytes Anti-Malware

Re: Problemas com Cinema-plus 1.2

Relatório do ZHPDiag

Re: Problemas com Cinema-plus 1.2

Novo Relatório ZHPFix

Re: Problemas com Cinema-plus 1.2

Duvidas

Re: Problemas com Cinema-plus 1.2

Relatório do ESET

Re: Problemas com Cinema-plus 1.2

Re: Problemas com Cinema-plus 1.2

Re: Problemas com Cinema-plus 1.2

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30