wrapper z5x.net

por JapaJP Sáb 22 Fev 2014, 07:19

Opa, estou precisando de uma ajuda, não estou conseguindo remover. Utilizei o SpywareTerminator 2012, Malwarebytes, e não consigo remover o wrapper z5x.net. Gostaria de saber os procedimentos para remoção, esta demonstrando os problemas padrões, computador com algumas travadas, e pop do site.

por **Power Max** Sáb 22 Fev 2014, 10:48

Olá JapaJP. Seja bem vindo ao Fórum PC Brasil.

wrapper z5x.net 772309

Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

*Execute-o e clique no botão Main Menu.

* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].

*Um relatório será apresentado.

*Selecione todo o conteúdo deste relatório e copie (Ctrl+c).

Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.

Ficamos no aguardo de sua resposta.

por JapaJP Sáb 22 Fev 2014, 17:44

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:44:07, on 22/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\DiskDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
C:\Users\I7\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\I7\AppData\Local\Temp\ASCDownloader\ActionCenterDownloader.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\I7\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Advanced SystemCare Ultimate] "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe" /Auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Monitor da tecnologia Intel® Turbo Boost 2.6.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AdvancedSystemCareAntivirus (ASCAntivirusSrv) - IOBit - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: EasyAntiCheat - Unknown owner - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.6 (TurboBoost) - Intel(R) Corporation - C:\PROGRAM FILES\INTEL\TURBOBOOST\TURBOBOOST.EXE
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13060 bytes

por **Power Max** Sáb 22 Fev 2014, 17:52

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por JapaJP Sáb 22 Fev 2014, 18:33

# AdwCleaner v3.019 - Relatório criado 22/02/2014 às 18:24:54
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : I7 - OWAKIZASHI
# Executando de : C:\Users\I7\Downloads\AdwCleaner.exe
# Opção : Examinar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Windows\System32\Tasks\UpdaterEX
Arquivo Encontrado : C:\Windows\Tasks\UpdaterEX.job
Pasta Encontrado C:\Program Files (x86)\Common Files\Tencent
Pasta Encontrado C:\Program Files (x86)\Tencent
Pasta Encontrado C:\ProgramData\Tencent
Pasta Encontrado C:\Users\I7\AppData\Local\Temp\Tencent
Pasta Encontrado C:\Users\I7\AppData\Roaming\Tencent
Pasta Encontrado C:\Users\I7\AppData\Roaming\UpdaterEX
Pasta Encontrado C:\Windows\SysWOW64\AI_RecycleBin

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Encontrada : HKCU\Software\APN PIP
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Chave Encontrada : HKCU\Software\Softonic
Chave Encontrada : HKCU\Software\TENCENT
Chave Encontrada : HKCU\Software\UpdaterEX
Chave Encontrada : [x64] HKCU\Software\APN PIP
Chave Encontrada : [x64] HKCU\Software\Softonic
Chave Encontrada : [x64] HKCU\Software\TENCENT
Chave Encontrada : [x64] HKCU\Software\UpdaterEX
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Encontrada : HKLM\Software\TENCENT
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v33.0.1750.117

[ Arquivo : C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2838 octets] - [22/02/2014 18:24:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2898 octets] ##########

por **Power Max** Sáb 22 Fev 2014, 18:36

Clique no botão Limpar para remover os problemas. Clique em Ok e depois poste o novo relatório que ele irá criar.

por JapaJP Sáb 22 Fev 2014, 18:45

# AdwCleaner v3.019 - Relatório criado 22/02/2014 às 18:38:27
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : I7 - OWAKIZASHI
# Executando de : C:\Users\I7\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Tencent
Pasta Deletada : C:\Program Files (x86)\Tencent
Pasta Deletada : C:\Program Files (x86)\Common Files\Tencent
Pasta Deletada : C:\Windows\SysWOW64\AI_RecycleBin
Pasta Deletada : C:\Users\I7\AppData\Local\Temp\Tencent
Pasta Deletada : C:\Users\I7\AppData\Roaming\Tencent
Pasta Deletada : C:\Users\I7\AppData\Roaming\UpdaterEX
Arquivo Deletada : C:\Windows\Tasks\UpdaterEX.job
Arquivo Deletada : C:\Windows\System32\Tasks\UpdaterEX

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\TENCENT
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKLM\Software\TENCENT
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v33.0.1750.117

[ Arquivo : C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2998 octets] - [22/02/2014 18:24:54]
AdwCleaner[S0].txt - [2675 octets] - [22/02/2014 18:38:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2735 octets] ##########

por **Power Max** Sáb 22 Fev 2014, 18:47

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por JapaJP Sáb 22 Fev 2014, 19:03

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by I7 on 22/02/2014 at 18:57:35,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/02/2014 at 19:02:22,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Sáb 22 Fev 2014, 19:07

Neste computador você tem o navegador Mozilla Firefox?

por JapaJP Sáb 22 Fev 2014, 19:09

Não, Chrome, IE

por **Power Max** Sáb 22 Fev 2014, 19:10

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por JapaJP Sáb 22 Fev 2014, 19:28

Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by I7 on 22/02/2014 at 19:12:54,87.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\I7\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22/02/2014 19:13:45 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\ProgramData\ProductData deleted
C:\ProgramData\Package Cache deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\I7\AppData\Roaming\Netscape\Navigator\Profiles\ndnzfmmr.default
- Undetermined - C:\Program Files (x86)\Netscape\Navigator 9\extensions\netscape9migrator@flock.com
- Undetermined - C:\Program Files (x86)\Netscape\Navigator 9\extensions\netstripe@netscape.com

==== Firefox Plugins ======================

==== Chrome Look ======================

Google Docs - I7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - I7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - I7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - I7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - I7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - I7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_artigos.softonic.com.br_0.localstorage deleted successfully
C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_artigos.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook-messenger-for-windows.en.softonic.com_0.localstorage deleted successfully
C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook-messenger-for-windows.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_noticias.softonic.com.br_0.localstorage deleted successfully
C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_noticias.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_samsung-pc-studio.softonic.com.br_0.localstorage deleted successfully
C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_samsung-pc-studio.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_spyware-terminator.softonic.com.br_0.localstorage deleted successfully
C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_spyware-terminator.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_23053.15945.filter.blutonicsearch.com_0.localstorage deleted successfully
C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_23053.15945.filter.blutonicsearch.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.folha.uol.com.br/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.folha.uol.com.br/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{9AD6DDC1-CB99-451E-A3D5-DD9DC7C6F664}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{9AD6DDC1-CB99-451E-A3D5-DD9DC7C6F664} Google Url="http://www.google.com/search?q={searchTerms}"
{9AD6DDC1-CB99-451E-A3D5-DD9DC7C6F664} Google Url="http://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4127277485-4039902626-1899093428-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================

==== shortcuts on Users Desktops ======================

C:\Users\I7\Desktop\659-GPU-Z.0.7.4 - Atalho.lnk - C:\Users\I7\Downloads\659-GPU-Z.0.7.4.exe
C:\Users\I7\Desktop\Aion.lnk - C:\Program Files (x86)\NCWest\NCLauncher\NCLauncher.exe /LauncherID:"NCWest" /CompanyID:"12" /LUpdateAddr:"updater.nclauncher.ncsoft.com" /GameID:"AION"
C:\Users\I7\Desktop\AMD Gaming Evolved.lnk - C:\Program Files (x86)\Raptr\raptrstub.exe
C:\Users\I7\Desktop\Fraps.lnk - C:\Fraps\fraps.exe
C:\Users\I7\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --restore-last-session
C:\Users\I7\Desktop\MSI Afterburner.lnk - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Users\I7\Desktop\Razer Synapse 2.0.lnk - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe -launch
C:\Users\I7\Desktop\½£Áé_ÌÚÑ¶.lnk -
C:\Users\I7\Desktop\?????.lnk -
C:\Users\I7\Desktop\Nova pasta (2)\Aion Arena.lnk - C:\Program Files (x86)\NCSoft\Aion\Aion Arena.exe
C:\Users\I7\Desktop\Nova pasta (2)\Aion Brasil Server 4.0 - Atalho.lnk - C:\Program Files (x86)\NCSoft\Aion\Aion Brasil Server 4.0.exe
C:\Users\I7\Desktop\Nova pasta (2)\Battlefield 4(64 bit).lnk - C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
C:\Users\I7\Desktop\Nova pasta (2)\Battlefield 4.lnk - C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
C:\Users\I7\Desktop\Nova pasta (2)\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\I7\Desktop\Nova pasta (2)\Free Video Converter.lnk - C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe
C:\Users\I7\Desktop\Nova pasta (2)\Monitor da tecnologia Intel® Turbo Boost 2.6.lnk -
C:\Users\I7\Desktop\Nova pasta (2)\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\I7\Desktop\Nova pasta (2)\Overwolf.lnk - C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
C:\Users\I7\Desktop\Nova pasta (2)\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Users\I7\Desktop\Nova pasta (2)\Viber.lnk - C:\Users\I7\AppData\Local\Viber\Viber.exe
C:\Users\I7\Desktop\Nova pasta (2)\µTorrent.lnk -
C:\Users\I7\Desktop\Nova pasta (2)\????.lnk -
C:\Users\I7\Desktop\Nova pasta (2)\????.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ASRock eXtreme Tuner.lnk - C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
C:\Users\Public\Desktop\ASRock XFast RAM.lnk - C:\Program Files (x86)\ASRock Utility\XFast RAM\XFastRAM.exe
C:\Users\Public\Desktop\CPUID CPU-Z.lnk - C:\Program Files (x86)\CPUID\CPU-Z\cpuz.exe
C:\Users\Public\Desktop\DriverEasy.lnk - C:\Program Files (x86)\Easeware\DriverEasy\DriverEasy.exe
C:\Users\Public\Desktop\Jogar League Of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\osu.lnk -
C:\Users\Public\Desktop\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Public\Desktop\Razer Game Booster.lnk - C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe
C:\Users\Public\Desktop\TERA-Launcher.lnk - C:\Program Files (x86)\TERA\TERA-Launcher.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - C:\Program Files (x86)\Sony\Vegas Pro 12.0\vegas120.exe
C:\Users\Public\Desktop\XFast USB.LNK - C:\Program Files (x86)\XFastUSB\XFastUsb.exe

==== shortcuts in Users Start Menu ======================

C:\Users\I7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\MSI Afterburner On-Screen Display Server.lnk - C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Users\I7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\MSI Afterburner.lnk - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Users\I7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\ReadMe.lnk - C:\Program Files (x86)\MSI Afterburner\Doc\ReadMe.pdf
C:\Users\I7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\Uninstall.lnk - C:\Program Files (x86)\MSI Afterburner\Uninstall.exe
C:\Users\I7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\MSI Afterburner localization reference.lnk - C:\Program Files (x86)\MSI Afterburner\SDK\Doc\Localization reference.pdf
C:\Users\I7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\MSI Afterburner skin format reference.lnk - C:\Program Files (x86)\MSI Afterburner\SDK\Doc\USF skin format reference.pdf
C:\Users\I7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner\SDK\Samples.lnk - C:\Program Files (x86)\MSI Afterburner\SDK\Samples
C:\Users\I7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor da tecnologia Intel® Turbo Boost 2.6.lnk -

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AA1000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy\DriverEasy.lnk - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy\Uninstall DriverEasy.lnk - C:\Program Files\Easeware\DriverEasy\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online Beta\The Elder Scrolls Online Beta - Uninstall.lnk - C:\Program Files (x86)\Zenimax Online\Launcher\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online Beta\The Elder Scrolls Online Beta.lnk - C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe /InstallOrRun "ESO_Beta"

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MarbleStation.lnk - C:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Aion.lnk - C:\Program Files (x86)\NCWest\NCLauncher\NCLauncher.exe /LauncherID:"NCWest" /CompanyID:"12" /LUpdateAddr:"updater.nclauncher.ncsoft.com" /GameID:"AION"
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Arcane Saga Online.lnk - C:\NetmarbleGlobal\ArcaneSaga\ArcaneSaga.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Fraps.lnk - C:\Fraps\fraps.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --restore-last-session
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Jogar League Of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Monitor da tecnologia Intel® Turbo Boost 2.6.lnk -
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MSI Afterburner.lnk - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera12.15 1748.lnk - C:\Program Files (x86)\Opera\opera.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\osu.lnk -
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Razer Game Booster.lnk - C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamSpeak 3 Client.lnk - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TERA-Launcher.lnk - C:\Program Files (x86)\TERA\TERA-Launcher.exe
C:\Users\I7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwiftToDoList deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viber deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14CUC90H will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XOMNORH will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32JICAE9 will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33XVF0E4 will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IB48VSG will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4H243HVK will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ASZI39D will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8VW57Z6F will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGIAT8BK will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIQ19CE3 will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I36VI1HA will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IM28VPCF will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9L3N9VW will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU7MHT1L will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PI110DWN will be deleted at reboot
C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0KAO3MG will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\I7\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=44 folders=37 35109805 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\I7\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\I7\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14CUC90H" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XOMNORH" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32JICAE9" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33XVF0E4" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IB48VSG" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4H243HVK" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ASZI39D" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8VW57Z6F" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FGIAT8BK" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIQ19CE3" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I36VI1HA" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IM28VPCF" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9L3N9VW" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU7MHT1L" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PI110DWN" not found
"C:\Users\I7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V0KAO3MG" not found

==== EOF on 22/02/2014 at 19:25:40,87 ======================

por **Power Max** Sáb 22 Fev 2014, 19:38

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por JapaJP Sáb 22 Fev 2014, 19:45

~ Relatório do ZHPDiag v2014.2.17.15 - Nicolas Coolman (17/02/2014)
~ Iniciado por I7 (22/02/2014 19:44:03)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v33.0.1750.117 (Defaut)
OPIE: Opera v12.16

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Microsoft Security Client v4.4.0304.0
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v3.24 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 16280 MB (81% free)
System Restore: Activé (Enable)
System drive C: has 440 GB (47%) free of 931 GB

---\\ Modo de conexão ao sistema
~ Computer Name: OWAKIZASHI
~ User Name: I7
~ All Users Names: I7, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\I7\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\I7\AppData\Roaming\
~ %Desktop% : C:\Users\I7\Desktop\
~ %Favorites% : C:\Users\I7\Favorites\
~ %LocalAppData% : C:\Users\I7\AppData\Local\
~ %StartMenu% : C:\Users\I7\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 440 Go of 931 Go)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/11/2013 - 04:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.28/11/2012 - 01:27:04.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/103
~ Mes Videos (My Videos) : 2/20
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 1/217
~ Mon Bureau (My Desktop) : 1/2920
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3628]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3516]
[MD5.C8A8321292A459B0A17FB39A782A5C74] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [806096] [PID.4320]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.2072]
[MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8338432] [PID.5956]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1780]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1976]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2008]
[MD5.7C725A94A89E3C1EA7D492D5E79698A2] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864] [PID.1144]
[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.1304]
[MD5.FEFA32073D77BB9C741A63B6286479F6] - (.Razer Inc. - RzKLService.) -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472] [PID.1772]
[MD5.0F97E7A47A52F4A36969F0FC319654C2] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136] [PID.2064]
[MD5.BF5D3A2624177C413680DEF19A465AF8] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.1464]
[MD5.3EA307C51069BC72DD74A4964F2A30A9] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [366552] [PID.3436]
[MD5.83FF82FE209E7997067B375DAD6CF23D] - (.Intel Corporation - Intel(R) Integrated Clock Controller Servic.) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752] [PID.3880]
~ Processes Running: Scanned in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 17 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: ASRock eXtreme Tuner.lnk . (...) -- C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
O4 - GS\Desktop [Public]: ASRock XFast RAM.lnk . (...) -- C:\Program Files (x86)\ASRock Utility\XFast RAM\XFastRAM.exe (.not file.)
O4 - GS\Desktop [Public]: DriverEasy.lnk . (...) -- C:\Program Files (x86)\Easeware\DriverEasy\DriverEasy.exe (.not file.)
O4 - GS\Desktop [Public]: osu!.lnk . (.ppy - osu!.) -- C:\Program Files (x86)\osu!\osu!.exe
O4 - GS\Desktop [Public]: PokerStars.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O4 - GS\Desktop [Public]: Razer Game Booster.lnk . (.Razer Inc. - RazerGameBooster.) -- C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe
O4 - GS\Desktop [Public]: TERA-Launcher.lnk . (.Solid State Networks - TERA.) -- C:\Program Files (x86)\TERA\TERA-Launcher.exe
O4 - GS\Desktop [Public]: Vegas Pro 12.0 (64-bit).lnk . (...) -- C:\Program Files (x86)\Sony\Vegas Pro 12.0\vegas120.exe (.not file.)
O4 - GS\Desktop [Public]: XFast USB.LNK . (.FNet Co., Ltd. - XFast USB.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
O4 - GS\Program [Public]: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe
O4 - GS\QuickLaunch [I7]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [I7]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [I7]: MarbleStation.lnk . (.CJ E&M - Netmarble Launcher.) -- C:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe
O4 - GS\QuickLaunch [I7]: PokerStars.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O4 - GS\TaskBar [I7]: Aion.lnk . (.NCSOFT Corporation - NCLauncher Module.) -- C:\Program Files (x86)\NCWest\NCLauncher\NCLauncher.exe
O4 - GS\TaskBar [I7]: Arcane Saga Online.lnk . (.CJ Internet Game Studio - Arcane Saga Online.) -- C:\NetmarbleGlobal\ArcaneSaga\ArcaneSaga.exe
O4 - GS\TaskBar [I7]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [I7]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [I7]: Monitor da tecnologia Intel® Turbo Boost 2.6.lnk . (...) -- C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe (.not file.)
O4 - GS\TaskBar [I7]: Opera12.15 1748.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe
O4 - GS\TaskBar [I7]: osu!.lnk . (.ppy - osu!.) -- C:\Program Files (x86)\osu!\osu!.exe
O4 - GS\TaskBar [I7]: Razer Game Booster.lnk . (.Razer Inc. - Razer Game Booster.) -- C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
O4 - GS\TaskBar [I7]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\TaskBar [I7]: TERA-Launcher.lnk . (.Solid State Networks - TERA.) -- C:\Program Files (x86)\TERA\TERA-Launcher.exe
O4 - GS\Program [I7]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [I7]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [I7]: 659-GPU-Z.0.7.4 - Atalho.lnk . (.techPowerUp ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - GPU-Z - Video card Information Utility.) -- C:\Users\I7\Downloads\659-GPU-Z.0.7.4.exe
O4 - GS\Desktop [I7]: Aion.lnk . (.NCSOFT Corporation - NCLauncher Module.) -- C:\Program Files (x86)\NCWest\NCLauncher\NCLauncher.exe
O4 - GS\Desktop [I7]: AMD Gaming Evolved.lnk . (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr\raptrstub.exe
O4 - GS\Desktop [I7]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [I7]: MSI Afterburner.lnk . (...) -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
O4 - GS\Desktop [I7]: Razer Synapse 2.0.lnk . (.Razer Inc. - Razer Synapse.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
O4 - GS\Desktop [I7]: ½£Áé_ÌÚÑ¶.lnk . (...) -- C:\Program Files (x86)\ÌÚÑ¶ÓÎÏ·\½£Áé_ÌÚÑ¶\TCLS\Launcher.exe (.not file.)
O4 - GS\Desktop [I7]: 아키에이지.lnk . (.XLGames Corporation - ArcheAge patch..) -- C:\Program Files (x86)\ArcheAge\Bin32\patcher.exe
~ Global Startup: 91 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [I7]: Monitor da tecnologia Intel® Turbo Boost 2.6.lnk . (...) -- C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe (.not file.)
O4 - HKLM\..\Run: [XFast LAN] . (.cFos Software GmbH - cFosSpeed Window.) -- C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
O4 - HKLM\..\Run: [XboxStat] . (.Microsoft Corporation - XBoxStat.exe.) -- C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (.not file.)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (.not file.)
O4 - HKCU\..\Run: [ASRockXTU] Chave orfã
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\I7\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [NCUpdateHelper] . (.NCSOFT Corporation - NCUpdateHelper Module.) -- C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4127277485-4039902626-1899093428-1001\..\Run: [ASRockXTU] Chave orfã
O4 - HKUS\S-1-5-21-4127277485-4039902626-1899093428-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-4127277485-4039902626-1899093428-1001\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\I7\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF57C130-929A-42AD-BA4E-9DED912CB607}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CF57C130-929A-42AD-BA4E-9DED912CB607}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CF57C130-929A-42AD-BA4E-9DED912CB607}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DriverEasy Scheduled Scan.job [400]
[MD5.00000000000000000000000000000000] [APT] [{F7BBB124-A74F-456A-AA19-43439498EA1E}] (...) -- C:\Users\I7\Desktop\Nova pasta (2)\Nova pasta (2)\????????\Setup.exe (.not file.) [0]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 00s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (QMUdisk) . (. - .) - C:\Program Files (x86)\Tencent\QQPCMgr\8.7.10504.206\QMUdisk64.sys (.not file.) =>Adware.TencentAddressBar
~ Drivers: 69 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: Aion Arena - (...) [HKLM][64Bits] -- Aion Arena
O42 - Logiciel: ArcheAge - (.XLGAMES.) [HKLM][64Bits] -- ArcheAge
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: ½£Áé_ÌÚÑ¶ - (.Tencent.) [HKLM][64Bits] -- ½£Áé_ÌÚÑ¶ =>Adware.TencentAddressBar
~ Logic: 29 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ArcaneSaga]
[HKCU\Software\Audiggle LTD]
[HKCU\Software\Dextronet]
[HKCU\Software\Pando Networks]
[HKCU\Software\TesSafe]
[HKLM\Software\Wow6432Node\CJ Games Global]
[HKLM\Software\Wow6432Node\En Masse Entertainment]
[HKLM\Software\Wow6432Node\NetmarbleGlobal]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Vigil Games]
[HKLM\Software\Wow6432Node\Zenimax_Online]
~ Key Software: 398 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05/06/2013 - 01:23:57 - [54,807] ----D C:\Program Files (x86)\ArcheAge
O43 - CFD: 11/10/2013 - 16:58:27 - [1,042] ----D C:\Program Files (x86)\Audiggle
O43 - CFD: 05/10/2013 - 20:02:32 - [3,737] ----D C:\Program Files (x86)\DExUS
O43 - CFD: 30/06/2013 - 02:17:43 - [0,008] ----D C:\Program Files (x86)\Direct IP
O43 - CFD: 07/01/2014 - 21:24:52 - [0] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 13/11/2013 - 19:09:45 - [76,689] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 05/11/2013 - 12:26:37 - [0] ----D C:\Program Files (x86)\ReducetheLag
O43 - CFD: 05/06/2013 - 01:28:13 - [1,102] ----D C:\Program Files (x86)\xlgames
O43 - CFD: 06/02/2014 - 11:08:43 - [0] ----D C:\ProgramData\Elder Scrolls Online
O43 - CFD: 22/02/2014 - 07:14:32 - [0] ----D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
O43 - CFD: 22/02/2014 - 07:14:31 - [0] ----D C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
O43 - CFD: 02/12/2013 - 00:03:41 - [0,002] ----D C:\Users\I7\AppData\Roaming\Dextronet
O43 - CFD: 08/11/2013 - 15:53:19 - [0] ----D C:\Users\I7\AppData\Roaming\library_dir
O43 - CFD: 11/10/2013 - 16:57:12 - [0,001] ----D C:\Users\I7\AppData\Local\Audiggle_LTD
O43 - CFD: 14/11/2013 - 17:52:43 - [2,113] ----D C:\Users\I7\AppData\Local\PokerStars
O43 - CFD: 27/06/2013 - 23:19:52 - [0,001] ----D C:\Users\I7\AppData\Local\Urautog_soluções_em_Tecno
O43 - CFD: 03/11/2013 - 16:28:55 - [0] ----D C:\Users\I7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aion Arena
O43 - CFD: 05/06/2013 - 01:17:26 - [0] ----D C:\Users\I7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcheAge
O43 - CFD: 06/12/2013 - 03:29:50 - [0,002] ----D C:\Users\I7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚÑ¶ÓÎÏ·
O43 - CFD: 02/01/2014 - 18:13:48 - [0] ----D C:\Users\I7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
~ Program Folder: 242 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/02/2014 - 06:36:07 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 22/02/2014 - 19:12:37 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.CAECD830A1B88027C6BBAC32D6A3A93F] - 22/02/2014 - 19:25:40 ---A- . (...) -- C:\zoek-results.log [23725]
O44 - LFC:[MD5.187DE1C16AC3CA727DA7CEDA16F870C8] - 22/02/2014 - 19:27:41 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148158]
O44 - LFC:[MD5.A15BA5F82251FE6E958816B68DED4B18] - 22/02/2014 - 19:27:41 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [708378]
~ Files: 13 Legitimates Filtered in 00mn 00s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\MarbleStation [Key] . (.CJ E&M - Netmarble Launcher.) -- C:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe
~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.508401A63E6B1CBF0B9C9A011498731F] - 17/10/2013 - 13:17:41 ---A- . (.FNet Co., Ltd. - FNetTbos.sys.) -- C:\Windows\System32\Drivers\FNETTBOH_305.SYS [32320]
O58 - SDL:[MD5.7C3C4B4C951EC1BDFD4F769D05E2CC68] - 18/05/2013 - 08:35:02 ---A- . (.FNet Co., Ltd. - FNetUrPx.sys.) -- C:\Windows\System32\Drivers\FNETURPX.SYS [15936]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.5AB18D8055A4280C0F377A6262F3157E] - 24/07/2012 - 09:37:56 ---A- . (.No owner - ISCT and IFFS Driver.) -- C:\Windows\System32\Drivers\ISCTD64.sys [46016]
O58 - SDL:[MD5.A1973C20C6837FA453445AEF8FCF7EF4] - 17/05/2013 - 12:27:56 ---A- . (.Windows (R) Win 7 DDK provider - Maelstrom VAD Audio driver.) -- C:\Windows\System32\Drivers\RzMaelstromVAD.sys [40696]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.B9657A0AFF28C1CB114ACC0CB93EE4BB] - 06/11/2013 - 01:10:50 ---A- . (.Windows (R) Win 7 DDK provider - Spyware Terminator 2012 driver.) -- C:\Windows\System32\Drivers\stflt.sys [51496]
O58 - SDL:[MD5.4FDAE53D8E5CDC5D0AE32D637EDC2378] - 04/12/2013 - 01:38:14 ---A- . (.电脑管家 - 电脑管家-驱动模块.) -- C:\Windows\System32\Drivers\TFsFltX64.sys [87864]
O58 - SDL:[MD5.6237921ABDB53B8F1A5C24E4B77244DF] - 27/01/2014 - 20:13:29 ---A- . (...) -- C:\Windows\System32\EasyAntiCheat.sys [199512]
O58 - SDL:[MD5.3151D9E8B0CB8FFDFF63E2266F907A66] - 06/12/2013 - 03:30:38 ---A- . (.TENCENT - TesSafe64 NT Driver.) -- C:\Windows\System32\TesSafe.sys [159160] =>Adware.TencentAddressBar
O58 - SDL:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - 04/01/2008 - 13:34:42 ----- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216]
O58 - SDL:[MD5.EDAA17CE771C696655B6585F7CAD2100] - 04/01/2008 - 13:34:48 ----- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys [11832]
~ Drivers: 20 Legitimates Filtered in 00mn 00s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Opera.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {9AD6DDC1-CB99-451E-A3D5-DD9DC7C6F664} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.A7EC6ECCD90D8B155B1AAC6F658D3EE2] [SPRF][28/05/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.0840EB50F38B3A9BBA2D24780AEB07A6] [SPRF][22/02/2014] (...) -- C:\Users\I7\Desktop\AdwCleaner.exe [1241834]
~ Files: 3 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{3A2ED5FA-1948-4BE8-BA43-AAFED48B7070}C:\program files (x86)\xlgames\xlkcsdownload\xlkcsdownload.exe" | In - Private - P6 - TRUE | .(.Kamuse, Incorporated - xlKCS-Download.) -- C:\program files (x86)\xlgames\xlkcsdownload\xlkcsdownload.exe
O87 - FAEL: "UDP Query User{3B67163C-23D9-439A-86EC-B6EF1CE097D0}C:\program files (x86)\xlgames\xlkcsdownload\xlkcsdownload.exe" | In - Private - P17 - TRUE | .(.Kamuse, Incorporated - xlKCS-Download.) -- C:\program files (x86)\xlgames\xlkcsdownload\xlkcsdownload.exe
O87 - FAEL: "{838757E0-A7A0-425C-880C-2A17196812E5}" | In - None - P17 - TRUE | .(.Kamuse, Incorporated - xlKCS-Download.) -- C:\Program Files (x86)\xlgames\xlKCSDownload\xlKCSDownload.exe
O87 - FAEL: "{F9E9093C-4A27-4919-A50C-9AA6B5F1C52B}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\TERA\Client\TERA.exe (.not file.)
O87 - FAEL: "{55B32596-B77B-460A-8C22-7F442D09E768}" |Out - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\TERA\Client\TERA.exe (.not file.)
O87 - FAEL: "{68FE9A55-74B0-4B67-A6C0-9C626281F88E}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\TERA\Client\TERA.exe (.not file.)
O87 - FAEL: "{7DC56E4B-D4C9-4C77-8B7E-C740FD631693}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\TERA\Client\TERA.exe (.not file.)
O87 - FAEL: "{D0EF624D-338E-4F83-A5B1-7968E965500A}" | In - None - P6 - TRUE | .(.No owner - Thu Jun 14 19:32:20 2012.) -- C:\Program Files (x86)\TERA\Client\TL.exe
O87 - FAEL: "{700D1498-F052-47AA-ABF5-E6556D60088E}" | Out - None - P6 - TRUE | .(.No owner - Thu Jun 14 19:32:20 2012.) -- C:\Program Files (x86)\TERA\Client\TL.exe
O87 - FAEL: "{EE64F034-2FBA-43AF-A623-5D1476498CF8}" | In - None - P17 - TRUE | .(.No owner - Thu Jun 14 19:32:20 2012.) -- C:\Program Files (x86)\TERA\Client\TL.exe
O87 - FAEL: "{3C6F53C5-3E3E-4B40-BCD5-4B0D14E28109}" | Out - None - P17 - TRUE | .(.No owner - Thu Jun 14 19:32:20 2012.) -- C:\Program Files (x86)\TERA\Client\TL.exe
O87 - FAEL: "TCP Query User{C84A4DBD-1209-45EE-B835-93CE9352D99F}C:\program files (x86)\zeoworks\slendytubbies\slendytubbies 64bit.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\zeoworks\slendytubbies\slendytubbies 64bit.exe (.not file.)
O87 - FAEL: "UDP Query User{D4B7ADBF-3DAA-4DD0-B62E-781E665CDED3}C:\program files (x86)\zeoworks\slendytubbies\slendytubbies 64bit.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\zeoworks\slendytubbies\slendytubbies 64bit.exe (.not file.)
O87 - FAEL: "TCP Query User{9F8B02E9-16C8-41AF-B13D-9E99723037D0}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe (.not file.)
O87 - FAEL: "UDP Query User{FAD216EA-9994-40B2-8E65-48F15350A5D8}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe (.not file.)
O87 - FAEL: "{9A6F7ABC-4287-4872-AD23-DDA7BCFF19DE}" |In - Private - P6 - TRUE | .(...) -- C:\Users\I7\AppData\Local\Temp\nssBF8A.tmp\QQPCDetector.exe (.not file.)
O87 - FAEL: "{6C252AC8-3FD9-4687-B032-16998FDD4AFE}" |In - Private - P17 - TRUE | .(...) -- C:\Users\I7\AppData\Local\Temp\nssBF8A.tmp\QQPCDetector.exe (.not file.)
O87 - FAEL: "{1633C81A-58DD-42F5-8B8A-493AC40EB246}" |In - Private - P6 - TRUE | .(...) -- C:\Users\I7\AppData\Local\Temp\QQGameDownloader\bns_1385704439\MiniQQDL.exe (.not file.) =>PUP.SoftwareEngine
O87 - FAEL: "{9BC3D376-A396-45D6-A933-CED0D6911922}" |In - Private - P17 - TRUE | .(...) -- C:\Users\I7\AppData\Local\Temp\QQGameDownloader\bns_1385704439\MiniQQDL.exe (.not file.) =>PUP.SoftwareEngine
O87 - FAEL: "{2D5D77DF-E1A7-402E-93B6-8C736D0474D9}" |In - Public - P6 - TRUE | .(...) -- c:\users\i7\appdata\local\temp\qqgamedownloader\bns_1385704439\teniodl.exe (.not file.) =>PUP.SoftwareEngine
O87 - FAEL: "{CEB352CE-FA32-4B35-8862-1FDFF0FF4499}" |In - Public - P17 - TRUE | .(...) -- c:\users\i7\appdata\local\temp\qqgamedownloader\bns_1385704439\teniodl.exe (.not file.) =>PUP.SoftwareEngine
O87 - FAEL: "{E93F70E3-E163-4356-95C9-94DF0252F55E}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Tencent\QQPCMgr\8.7.10504.206\plugins\QQPCB1AndroidJmp\QQPhoneManager.exe (.not file.) =>Adware.TencentAddressBar
O87 - FAEL: "{0653F59D-B7D6-474A-99B3-41A9997ED6C4}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Tencent\QQPCMgr\8.7.10504.206\plugins\QQPCB1AndroidJmp\QQPhoneManager.exe (.not file.) =>Adware.TencentAddressBar
O87 - FAEL: "{3ADF25B5-4098-4EDD-AEF7-198C16AB42F8}" |In - Public - P6 - TRUE | .(...) -- c:\users\i7\appdata\roaming\tencent\剑灵\7b6f2b84b6b8f696e8fa2bed12bf2c86\teniodl\teniodl.exe (.not file.) =>Adware.TencentAddressBar
O87 - FAEL: "{B4617182-4FF2-425E-9265-AD209192A14A}" |In - Public - P17 - TRUE | .(...) -- c:\users\i7\appdata\roaming\tencent\剑灵\7b6f2b84b6b8f696e8fa2bed12bf2c86\teniodl\teniodl.exe (.not file.) =>Adware.TencentAddressBar
O87 - FAEL: "TCP Query User{E5B96FFB-7824-4306-B3B7-28E3E09E2E89}C:\program files\ìúñ¶óîï·\½£áé_ìúñ¶\tcls\launcher.exe" | In - Private - P6 - TRUE | .(.腾讯计算机系统有限公司 - 腾讯游戏登录程序.) -- C:\program files\ìúñ¶óîï·\½£áé_ìúñ¶\tcls\launcher.exe
O87 - FAEL: "UDP Query User{BFCD3111-7C28-4727-8DF3-212004A10B8F}C:\program files\ìúñ¶óîï·\½£áé_ìúñ¶\tcls\launcher.exe" | In - Private - P17 - TRUE | .(.腾讯计算机系统有限公司 - 腾讯游戏登录程序.) -- C:\program files\ìúñ¶óîï·\½£áé_ìúñ¶\tcls\launcher.exe
O87 - FAEL: "{6B1C66DA-22D8-4C66-9D0F-15FCE43F1B4F}" | In - Private - P6 - TRUE | .(.腾讯计算机系统有限公司 - 腾讯游戏Cross.) -- C:\Program Files\ÌÚÑ¶ÓÎÏ·\½£Áé_ÌÚÑ¶\bin\Cross\CrossProxy.exe
O87 - FAEL: "{99328B56-20C0-4418-B76B-3FA684C4FA15}" | In - Private - P17 - TRUE | .(.腾讯计算机系统有限公司 - 腾讯游戏Cross.) -- C:\Program Files\ÌÚÑ¶ÓÎÏ·\½£Áé_ÌÚÑ¶\bin\Cross\CrossProxy.exe
O87 - FAEL: "{E85C11B1-111B-420D-BE75-17AC482F32EA}" | In - Private - P6 - TRUE | .(.Tencent - QT语音.) -- C:\Program Files\ÌÚÑ¶ÓÎÏ·\½£Áé_ÌÚÑ¶\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe =>Adware.TencentAddressBar
O87 - FAEL: "{343DBF46-9946-4861-966A-55CE95DB7850}" | In - Private - P17 - TRUE | .(.Tencent - QT语音.) -- C:\Program Files\ÌÚÑ¶ÓÎÏ·\½£Áé_ÌÚÑ¶\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe =>Adware.TencentAddressBar
O87 - FAEL: "TCP Query User{7E0A5BA9-258D-4C1F-8125-6A6CFF942E23}C:\program files (x86)\orbitdownloader\orbitnet.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\orbitdownloader\orbitnet.exe (.not file.)
O87 - FAEL: "UDP Query User{C47196BB-A9D9-454A-8B0A-C3EE25544020}C:\program files (x86)\orbitdownloader\orbitnet.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\orbitdownloader\orbitnet.exe (.not file.)
O87 - FAEL: "{3CC042D0-9C9F-4D35-BE6E-4F2756A0A4E5}" | In - Public - P6 - TRUE | .(.ppy - osu!.) -- C:\Program Files (x86)\osu!\osu!.exe
O87 - FAEL: "{96724697-5576-46D6-881A-FFB513296794}" | In - Public - P17 - TRUE | .(.ppy - osu!.) -- C:\Program Files (x86)\osu!\osu!.exe
O87 - FAEL: "{B871A307-DC65-497E-9233-D8B71F309BB4}" | In - Domain - P6 - FALSE | .(.ppy - osu!.) -- C:\Program Files (x86)\osu!\osu!.exe
O87 - FAEL: "{AE19EAFF-3D75-4EF4-9311-5B278924232E}" | In - Domain - P17 - FALSE | .(.ppy - osu!.) -- C:\Program Files (x86)\osu!\osu!.exe
~ Firewall: 414 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A3AEEC9A9B6984F2E22B90FDC9A23AB8] [WIS][04/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\1fde516f.msi [24993792]
~ WIS: 129 Legitimates Filtered in 00mn 09s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 20/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 15/11/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 10/07/1658 0 | (EasyAntiCheat) . (...) - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
SS - | Auto 17/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/02/2013 820184 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 02/12/2013 2151232 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 11/11/2013 18360 | (OverwolfUpdaterService) . (.Overwolf Ltd.) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 17/02/2014 569024 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 06/12/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 19/10/2011 395136 | (cFosSpeedS) . (.cFos Software GmbH.) - C:\Program Files\ASRock\XFast LAN\spd.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 13/02/2013 731648 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 12/03/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 12/03/2013 366552 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 23/10/2013 23808 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 24/04/2013 483864 | (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 18/09/2013 106472 | (RzKLService) . (.Razer Inc..) - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
SR - | Auto 05/07/2012 3048136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Demand 30/05/2012 149544 | (TurboBoost) . (.Intel(R) Corporation.) - C:\PROGRAM FILES\INTEL\TURBOBOOST\TURBOBOOST.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 11s

---\\ Scâner Aditional (088)
Database Version : 13031 - (17/02/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\½£Áé_ÌÚÑ¶] =>Adware.TencentAddressBar^
~ Additionnel Scan: 363923 Items scanned in 00mn 09s

---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.TencentAddressBar
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SoftwareEngine
~ MSI: 2 link(s) detected in 00mn 09s

~ 1505 Legitimates filtered by white list
End of the scan (523 lines in 00mn 33s)(0)

por **Power Max** Sáb 22 Fev 2014, 20:25

Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore)
_____________________________________________________________________________________________________________

wrapper z5x.net 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por **Power Max** Dom 09 Mar 2014, 18:12

TÓPICO ARQUIVADO

Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

wrapper z5x.net

wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Re: wrapper z5x.net

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31