Adwares e PUPs no PC

por pabloescobar Seg 05 maio 2014, 09:57

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:56:10, on 05/05/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\OEM\i-PowerXross 1.0\i-PowerXross.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\OEM\OSD 1.0\SunflowerOSD.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\PC\AppData\Roaming\BrowserCompanion\tbhcn.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\PC\Downloads\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.15.20.253:3128;https=10.15.20.253:3128;ftp=10.15.20.253:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Fotos Slides Movie] wscript.exe //B "C:\Users\PC\AppData\Local\Temp\Fotos Slides Movie.vbe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: tbhcn.lnk = C:\Users\PC\AppData\Roaming\BrowserCompanion\tbhcn.exe
O4 - Global Startup: i-PowerXross.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - Global Startup: OSD.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe

--
End of file - 9887 bytes

por **Power Max** Seg 05 maio 2014, 11:12

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por pabloescobar Seg 05 maio 2014, 11:21

# AdwCleaner v3.207 - Relatório criado 05/05/2014 às 11:16:32
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Starter (32 bits)
# Usuário : PC - PC-WIN
# Executando de : C:\Users\PC\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Deletada : C:\Program Files\BrowserCompanion
Pasta Deletada : C:\Program Files\Conduit
Pasta Deletada : C:\Program Files\DealPly
Pasta Deletada : C:\Users\PC\AppData\Local\Conduit
Pasta Deletada : C:\Users\PC\AppData\LocalLow\bbrs_002.tb
Pasta Deletada : C:\Users\PC\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\PC\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\PC\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\PC\AppData\Roaming\BrowserCompanion
Pasta Deletada : C:\Users\PC\AppData\Roaming\DealPly
Pasta Deletada : C:\Users\PC\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Pasta Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Pasta Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda
Arquivo Deletada : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Arquivo Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Arquivo Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
Arquivo Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Valor Deletedo : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Chave Deletedo : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Chave Deletedo : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Chave Deletedo : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Deletedo : HKCU\Software\BabylonToolbar
Chave Deletedo : HKCU\Software\bbrs_002.tb
Chave Deletedo : HKCU\Software\Blabbers
Chave Deletedo : HKCU\Software\Blabbers
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DealPly
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\BabylonToolbar
Chave Deletedo : HKLM\Software\BrowserCompanion
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DealPly
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16447

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v29.0 (pt-BR)

[ Arquivo : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js ]

-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : bodddioamolcibagionmmobehnbhiakf
Deletedo [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Deletedo [Extension] : gaiilaahiahdejapggenmdmafpmbipje
Deletedo [Extension] : mdebcffgnijbblbinknkbefciofebcda

*************************

AdwCleaner[R0].txt - [8338 octets] - [05/05/2014 11:14:01]
AdwCleaner[S0].txt - [7915 octets] - [05/05/2014 11:16:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7975 octets] ##########

por **Power Max** Seg 05 maio 2014, 11:22

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Adwares e PUPs no PC 772309

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

por pabloescobar Seg 05 maio 2014, 16:42

Caro Powe max, tentei 2x passar esse malwarebyte, quando chega em 2h de scan o pc reinicia do nada, ja perdi 4h tentando passar esse malwarebyte e nao consigo finalizar. O relatorio que tem e so de atualização dele sera que e possivel realizar outro procedimento?
Obrigado

por **Power Max** Seg 05 maio 2014, 16:43

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Adwares e PUPs no PC 772309

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

por pabloescobar Seg 05 maio 2014, 17:22

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by PC on 05/05/2014 at 16:45:43,55.
Microsoft Windows 7 Starter 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PC\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

05/05/2014 16:48:24 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js:

Added to C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Windows\system32\config\systemprofile\AppData\Roaming\DealPly deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\PC\AppData\Local\speeddial.crx deleted
C:\Users\PC\AppData\Local\CRE deleted
C:\Windows\OSD10.tmp deleted
C:\user.js deleted
C:\Windows\System32\PerfStringBackup.TMP deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29/04/2014 18:36]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
34663C9214E30B9B80F1D35A074B8DFC - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5
7DD81A64EB213BF1FB8656345C6A6F1D - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5
D86F9B69869E9354C2031B564998DFB1 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5
57BCE27582F15E360F6003DC67B8C2CC - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5
5D12C858A31BBBE00B040CC7B72035B4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
9013599B12923A45C029C34E8D2211AC - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
65FB4909BD29CAAA81FDC69AD21BB905 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
01F0264937036BD962563F1ADF35CE72 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
BF2AD333C79072EEBE5AE0D72670E64E - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

Koji NISHIDA - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf
YouTube - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.bing.com/search?q={searchTerms}"
@="http://www.oquefazernainternet.com/q/%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.oquefazernainternet.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.bing.com/search?q={searchTerms}"
"SearchAssistant"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{F21D8264-78B7-461A-B3F5-6F5727836218} Bing Url="http://www.bing.com/search?FORM=MNMTDF&PC=MANM&q={searchTerms}&src=IE-SearchBox"

==== Reset Google Chrome ======================

C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3430390850-1644443459-295647366-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3430390850-1644443459-295647366-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-3430390850-1644443459-295647366-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-3430390850-1644443459-295647366-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\PC\Desktop\Auslogics Disk Defrag.lnk - C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
C:\Users\PC\Desktop\CCleaner - Atalho.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\PC\Desktop\devenv - Atalho.lnk - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\PC\Desktop\Secure Download Manager.lnk - C:\Users\PC\AppData\Roaming\Microsoft\Installer\{D618297E-D3F2-4E18-915C-02182A134394}\_1BD30779A1894CA5522674.exe
C:\Users\PC\Desktop\WindowsPhone - Atalho.lnk - C:\Program Files\Windows Phone\WindowsPhone.exe
C:\Users\PC\Desktop\Jr\Filmes\Crepusculo Parte 2\Documentos - Atalho.lnk - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Ares.lnk - C:\Program Files\Ares\Ares.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Webcam.lnk - C:\Windows\Installer\{FF6434EA-69FA-4CAA-97F3-5A9EDBD62103}\_AFC4D9FF0CB3A0B91C8D21.exe

==== shortcuts in Users Start Menu ======================

C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\FreeFixer.lnk - C:\Program Files\FreeFixer\freefixer.exe
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\Uninstall.lnk - C:\Program Files\FreeFixer\Uninstall.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro\Klavaro-1.9.7.lnk - C:\Program Files\Klavaro-1.9.7\bin\klavaro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro\Remove-1.9.7.lnk - C:\Program Files\Klavaro-1.9.7\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Desinstalar.lnk - C:\Program Files\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.8.141\McAfee.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe SecurityScanner.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Desinstalar o QuickTime.lnk - C:\Windows\System32\msiexec.exe /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Sobre o QuickTime.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 3.1 Beta 3.lnk - C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Visualg (Versão 2).lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Visual Studio 2010.lnk - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=10.15.20.253:3128;https=10.15.20.253:3128;ftp=10.15.20.253:3128"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\466ce803-6283-4aa2-857a-1cfe3934a42e deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\eba14c3a-709b-484f-b41e-5d9253679eb1 deleted successfully

==== Empty IE Cache ======================

C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\PC\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PC\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\qad0app8.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=25 folders=8 5247219 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\PC\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PC\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 05/05/2014 at 17:12:34,72 ======================

por **Power Max** Seg 05 maio 2014, 17:25

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Adwares e PUPs no PC 772309

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por pabloescobar Seg 05 maio 2014, 17:34

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by PC on 05/05/2014 at 17:26:59,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yuna software

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\qad0app8.default\minidumps [1 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\PC\appdata\local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Folder] C:\Users\PC\appdata\local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/05/2014 at 17:32:47,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Seg 05 maio 2014, 17:43

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

por pabloescobar Seg 05 maio 2014, 17:52

~ Relatório do ZHPDiag v2014.5.4.54 - Nicolas Coolman (04/05/2014)
~ Iniciado por PC (05/05/2014 17:48:33)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 29.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Starter, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
McAfee Security Scan Plus v3.8.141.11
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 100 GB (34%) free of 293 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PC-WIN
~ User Name: PC
~ All Users Names: PC, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\PC\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\PC\AppData\Roaming\
~ %Desktop% : C:\Users\PC\Desktop\
~ %Favorites% : C:\Users\PC\Favorites\
~ %LocalAppData% : C:\Users\PC\AppData\Local\
~ %StartMenu% : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 100 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
E: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 02:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.8E87270C4704CF2951E1E7820D6C8A2B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/06/2012 - 05:25:08.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.187002CE05693C306F43C873F821381F] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 02:44:01.) -- C:\Windows\system32\Drivers\ntfs.sys [1210240]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 01s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/1942
~ Mes musiques (My Musics) : 17/1932
~ Mes Videos (My Videos) : 1/617
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/3363
~ Mon Bureau (My Desktop) : 3/2022
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 13s

---\\ Processos lançados
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\GbpSv.exe [520520] [PID.788]
[MD5.A41F8321D64FD1CBC8DF7DC29F785A4B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe [229458] [PID.1092]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1496]
[MD5.01E81C84AD1D0ACC61CF3CFD06632210] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [116608] [PID.352]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.392]
[MD5.6416F9B6B220F0A890525C38235AFAD7] - (.LSI Corporation - LSI Soft Modem Call Progress Service.) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336] [PID.580]
[MD5.E956C0614367D4106A4411F151D494A5] - (.No owner - DCSHOST.) -- C:\ProgramData\DatacardService\HWDeviceService.exe [264704] [PID.1564]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.332]
[MD5.B05640AC812FCCB488328DF34E7F663A] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392] [PID.1768]
[MD5.8C59F909C5C2B136C5F38A9F48558663] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.1676]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.1700]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.1648]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016] [PID.2072]
[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040] [PID.2144]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.2348]
[MD5.FA10D5FBD2BF7B90CDC08CCBE3593881] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe [3211776] [PID.2380]
[MD5.E812316104EBCD9051FDEC9FC3F034EF] - (...) -- C:\Program Files\OEM\i-PowerXross 1.0\i-PowerXross.exe [512000] [PID.2448]
[MD5.43E2CFC37953501EA40D852AE585E7C0] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe [277920] [PID.2504]
[MD5.C9DF72070FA9628E5561D48FAACDC4D6] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.0\SunflowerOSD.exe [449024] [PID.2524]
[MD5.D91AFB6D2A0DA7539B74FB5838775D94] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [98632] [PID.2540]
[MD5.637A0F23F9012358E92E6F99835494D1] - (.Microsoft Corporation - SQL Server VSS Writer.) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [98840] [PID.2744]
[MD5.3FDBC28DEF3378089C5EE301637970BA] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.976]
[MD5.8858F7FE986DD156F88488EDA50CC446] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.2688]
[MD5.C54C8B8DAE3CC59CBAFF15FAC00084D7] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe [1864368] [PID.1944]
[MD5.700803AC9B451FB67DF35EF0E05382E7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7869952] [PID.2240]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.2308]
~ Processes Running: Scanned in 00mn 02s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 15 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
~ BHO: 14 Legitimates Filtered in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Program [PC]: Primeiros passos.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
~ Global Startup: 1 Legitimates Filtered in 00mn 02s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (.not file.)
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKCU\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3430390850-1644443459-295647366-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3430390850-1644443459-295647366-1000\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKUS\S-1-5-21-3430390850-1644443459-295647366-1000\..\Run: [HW_OPENEYE_OUC_] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKUS\S-1-5-21-3430390850-1644443459-295647366-1000\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
~ Application: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: HWDeviceService.exe (HWDeviceService.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService.exe
~ Services: 8 Legitimates Filtered in 00mn 08s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{C58CBFCB-E4AC-4880-B1BA-16CF75001D8A}] (...) -- F:\RealPlayer11GOLD.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430390850-1644443459-295647366-1000Core [894]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430390850-1644443459-295647366-1000UA [916]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1044]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1048]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.9 - (.Ares Development Group.) [HKLM] -- Ares
O42 - Logiciel: CCE+SABER - v1.0 - (.CCE+SABER.) [HKLM] -- {D445A7B9-69A8-4860-95B9-BB957281D9A0}_is1
O42 - Logiciel: Driver 1.0 - (.Shuttle.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: FreeFixer - (.Kephyr.) [HKLM] -- FreeFixer1.09
O42 - Logiciel: Klavaro-1.9.7 - (...) [HKLM] -- Klavaro_is1
O42 - Logiciel: OSD 1.0 - (.OEM.) [HKLM] -- {4C2AF428-6E7F-443E-B147-3A8327C2053F}
O42 - Logiciel: Plugin Letras.mus.br 1.20 - (.Letras.mus.br.) [HKLM] -- Plugin Letras.mus.br
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: i-PowerXross 1.0 - (.OEM.) [HKLM] -- {F1E25CFC-1243-4210-81B6-0C3D104D7083}
~ Logic: 20 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\SHUTTLE]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\CCB]
[HKLM\Software\Fotos Slides Movie]
[HKLM\Software\SoilIO]
~ Key Software: 228 Legitimates Filtered in 00mn 01s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/12/2012 - 22:49:37 - [] ----D C:\Program Files\Ares
O43 - CFD: 27/04/2013 - 14:49:19 - [] -SH-D C:\Program Files\eb5
O43 - CFD: 13/04/2014 - 12:08:46 - [] ----D C:\Program Files\FreeFixer
O43 - CFD: 23/04/2014 - 10:41:06 - [] ----D C:\Program Files\Klavaro-1.9.7
O43 - CFD: 25/07/2012 - 21:19:10 - [] ----D C:\Program Files\LGInternetKit
O43 - CFD: 29/03/2012 - 03:05:08 - [] ----D C:\Program Files\PluginLetras
O43 - CFD: 23/07/2010 - 13:56:15 - [] ----D C:\Program Files\Shuttle
O43 - CFD: 10/09/2011 - 21:21:12 - [] ----D C:\Program Files\Vivo
O43 - CFD: 10/09/2011 - 21:21:25 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 29/04/2014 - 18:31:50 - [] ----D C:\ProgramData\MiniApp
O43 - CFD: 13/04/2014 - 12:09:04 - [0] ----D C:\Users\PC\AppData\Roaming\FreeFixer
O43 - CFD: 28/04/2014 - 11:28:01 - [] ----D C:\Users\PC\AppData\Roaming\klavaro
O43 - CFD: 25/09/2011 - 10:46:00 - [] ----D C:\Users\PC\AppData\Roaming\VIVO INTERNET
O43 - CFD: 17/03/2013 - 17:37:58 - [] ----D C:\Users\PC\AppData\Roaming\[ManufacturerNonTM]
O43 - CFD: 07/12/2012 - 22:49:40 - [] ----D C:\Users\PC\AppData\Local\Ares
O43 - CFD: 13/04/2014 - 12:16:02 - [] ----D C:\Users\PC\AppData\Local\FreeFixer
O43 - CFD: 13/04/2014 - 12:08:47 - [] ----D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
~ Program Folder: 188 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A5C914C5CBCFF645434535234BFCEACA] - 01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O44 - LFC:[MD5.0F5E9488E39E62F692741330624D31BC] - 01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 05/05/2014 - 11:14:37 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 05/05/2014 - 16:45:28 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.991F351722ABAB0DFFAF44A2EBB053DC] - 05/05/2014 - 17:12:34 ---A- . (...) -- C:\zoek-results.log [19851]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
~ Files: 28 Legitimates Filtered in 00mn 19s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{2f72a504-e181-11e0-aa28-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{538ad263-e6f7-11e0-acfd-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{6b47fae8-dc07-11e0-ac62-80ee73115f13}\AutoRun\command. (...) -- H:\USBAutoRun.exe (.not file.)
O51 - MPSK:{6b47fb48-dc07-11e0-ac62-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{6b47fb5b-dc07-11e0-ac62-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{92f8fb09-86b7-11e2-8af0-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{e99bc6ca-85e7-11e2-acf3-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 1 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:29/08/2012 - 13:06:36 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:08/10/2010 - 16:55:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:24/01/2014 - 11:48:32 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:06/08/2010 - 07:42:34 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:04/12/2009 - 16:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:04/12/2009 - 16:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:04/12/2009 - 16:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:06/11/2009 - 23:50:00 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [420864]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 100 Legitimates Filtered in 00mn 03s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 29/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 24/01/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 103 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {F21D8264-78B7-461A-B3F5-6F5727836218} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.FEED27DEB00EE4340AD66FD870BC2D93] [SPRF][03/09/2011] (.MPC-HC Team - Media Player Classic - Home Cinema Setup.) -- C:\Users\PC\Desktop\MPC-HomeCinema.1.5.2.3456.x86.exe [5607808]
~ Files: 1 Legitimates Filtered in 00mn 00s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s

---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 2 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\577296.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 04s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_v2_RASAPI32 =>Adware.SearchYa
HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_v2_RASMANCS =>Adware.SearchYa
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 277 Legitimates Filtered in 00mn 00s

---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager
~ BCK: 6276 Legitimates Filtered in 00mn 16s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Auto 04/02/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/02/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 15/01/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 22/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 11/07/2012 116608 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 27/03/2009 14336 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe
SR - | Auto 29/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 16/11/2010 264704 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe
SR - | Auto 06/11/2009 229458 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s

---\\ Scâner Aditional (088)
Database Version : 13045 - (04/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\360Safe] =>Trojan.Lozavita
C:\Windows\Installer\577296.msi =>Toolbar.Bing^
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager^
~ Additionnel Scan: 360446 Items scanned in 01mn 26s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SearchYa
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Manager
~ MSI: 4 link(s) detected in 00mn 00s

~ 787 Legitimates filtered by white list
End of the scan (529 lines in 03mn 18s)(0)

por **Power Max** Seg 05 maio 2014, 18:57

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_______________________________________________________________________________________________________

Adwares e PUPs no PC 772309

Sugiro que desinstale o McAfee Security Scan Plus, que é desnecessário.
_______________________________________________________________________________________________________

Adwares e PUPs no PC 772309

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Adwares e PUPs no PC 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por pabloescobar Seg 05 maio 2014, 22:13

nao consigo baixar o c clear me manda link por favor do dl

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by PC at 05/05/2014 22:11:53
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit (Build 7600)

Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Fotos Slides Movie
ELIMINÉ CLSID MPSK: {2f72a504-e181-11e0-aa28-80ee73115f13}
ELIMINÉ CLSID MPSK: {538ad263-e6f7-11e0-acfd-80ee73115f13}
ELIMINÉ CLSID MPSK: {6b47fae8-dc07-11e0-ac62-80ee73115f13}
ELIMINÉ CLSID MPSK: {6b47fb48-dc07-11e0-ac62-80ee73115f13}
ELIMINÉ CLSID MPSK: {6b47fb5b-dc07-11e0-ac62-80ee73115f13}
ELIMINÉ CLSID MPSK: {92f8fb09-86b7-11e2-8af0-80ee73115f13}
ELIMINÉ CLSID MPSK: {e99bc6ca-85e7-11e2-acf3-80ee73115f13}
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ: SearchScopes :{F21D8264-78B7-461A-B3F5-6F5727836218}
ELIMINÉ: CLSID NameSpace: {35B6525E-071A-4EA9-B3BD-F6A742572F08}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_v2_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_v2_RASMANCS
ELIMINÉ: HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (296) (12.348.381 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {C58CBFCB-E4AC-4880-B1BA-16CF75001D8A}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
16 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema

End of clean in 00mn 53s

========== Caminho do ficheiro do relatório ==========
C:\Users\PC\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/05/2014 22:11:55 [2186]

por **Power Max** Seg 05 maio 2014, 22:13

Pode baixar o Ccleaner neste link:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

por **Power Max** Seg 05 maio 2014, 22:14

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por pabloescobar Seg 05 maio 2014, 22:27

~ Relatório do ZHPDiag v2014.5.4.54 - Nicolas Coolman (04/05/2014)
~ Iniciado por PC (05/05/2014 22:23:45)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 29.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Starter, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.13

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 102 GB (34%) free of 293 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PC-WIN
~ User Name: PC
~ All Users Names: PC, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\PC\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\PC\AppData\Roaming\
~ %Desktop% : C:\Users\PC\Desktop\
~ %Favorites% : C:\Users\PC\Favorites\
~ %LocalAppData% : C:\Users\PC\AppData\Local\
~ %StartMenu% : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 102 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
E: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 02:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.8E87270C4704CF2951E1E7820D6C8A2B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/06/2012 - 05:25:08.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.187002CE05693C306F43C873F821381F] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 02:44:01.) -- C:\Windows\system32\Drivers\ntfs.sys [1210240]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/1942
~ Mes musiques (My Musics) : 17/1932
~ Mes Videos (My Videos) : 1/617
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/3363
~ Mon Bureau (My Desktop) : 3/2024
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 14s

---\\ Processos lançados
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\GbpSv.exe [520520] [PID.788]
[MD5.A41F8321D64FD1CBC8DF7DC29F785A4B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe [229458] [PID.1092]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1496]
[MD5.01E81C84AD1D0ACC61CF3CFD06632210] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [116608] [PID.352]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.392]
[MD5.6416F9B6B220F0A890525C38235AFAD7] - (.LSI Corporation - LSI Soft Modem Call Progress Service.) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336] [PID.580]
[MD5.E956C0614367D4106A4411F151D494A5] - (.No owner - DCSHOST.) -- C:\ProgramData\DatacardService\HWDeviceService.exe [264704] [PID.1564]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.332]
[MD5.B05640AC812FCCB488328DF34E7F663A] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392] [PID.1768]
[MD5.8C59F909C5C2B136C5F38A9F48558663] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.1676]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.1700]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.1648]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016] [PID.2072]
[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040] [PID.2144]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.2348]
[MD5.FA10D5FBD2BF7B90CDC08CCBE3593881] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe [3211776] [PID.2380]
[MD5.E812316104EBCD9051FDEC9FC3F034EF] - (...) -- C:\Program Files\OEM\i-PowerXross 1.0\i-PowerXross.exe [512000] [PID.2448]
[MD5.C9DF72070FA9628E5561D48FAACDC4D6] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.0\SunflowerOSD.exe [449024] [PID.2524]
[MD5.D91AFB6D2A0DA7539B74FB5838775D94] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [98632] [PID.2540]
[MD5.637A0F23F9012358E92E6F99835494D1] - (.Microsoft Corporation - SQL Server VSS Writer.) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [98840] [PID.2744]
[MD5.30C3DEFEE78AEFB92ECE5536F017F8E8] - (.Iminent - Iminent Protection.) -- C:\Program Files\Common Files\Umbrella\Umbrella226.exe [3052352] [PID.6024] =>Adware.IMBooster
[MD5.3FDBC28DEF3378089C5EE301637970BA] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4732]
[MD5.8858F7FE986DD156F88488EDA50CC446] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.5000]
[MD5.C54C8B8DAE3CC59CBAFF15FAC00084D7] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe [1864368] [PID.3948]
[MD5.700803AC9B451FB67DF35EF0E05382E7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7869952] [PID.5836]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4388]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 11 Legitimates Filtered in 00mn 00s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\user.js
M3 - MFPP: Plugins - [PC] -- C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\searchplugins\iminent.xml =>Adware.IMBooster
M0 - MFSP: prefs.js [PC - qad0app8.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
M2 - MFEP: prefs.js [PC - qad0app8.default\ffxtlbr@iminent.com] [] Iminent Toolbar v1.6.0 (..) =>Adware.IMBooster
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 16 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} . (.Iminent - No Comment.) -- C:\Program Files\IminentToolbar\1.8.28.3\bh\iminent.dll =>Adware.IMBooster
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} . (.SIEN - Minibar.) -- C:\Program Files\Iminent\Minibar.InternetExplorer.BHOx86.dll =>PUP.Minibar
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Iminent Toolbar - [HKLM]{1FAFD711-ABF9-4F6A-8130-5166C7371427} . (.Iminent - No Comment.) -- C:\Program Files\IminentToolbar\1.8.28.3\iminentTlbr.dll =>Adware.IMBooster
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Program [PC]: Primeiros passos.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
~ Global Startup: 1 Legitimates Filtered in 00mn 02s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: HWDeviceService.exe (HWDeviceService.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: SProtection (SProtection) . (.Iminent - Iminent Protection.) - C:\Program Files\Common Files\Umbrella\Umbrella226.exe =>Adware.IMBooster
~ Services: 9 Legitimates Filtered in 00mn 08s

---\\ Tarefas planificadas automaticamente (039)
[MD5.EF46205D284DFFE5AC49866003E24123] [APT] [FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl] (.Sien SA.) -- C:\Users\PC\AppData\Roaming\igdhbblPCellaljokkpfhcjlagemhgjl\minibarchrome.exe [869184] =>PUP.Minibar
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430390850-1644443459-295647366-1000Core [894]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430390850-1644443459-295647366-1000UA [916]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1044]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1048]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 03s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.9 - (.Ares Development Group.) [HKLM] -- Ares
O42 - Logiciel: CCE+SABER - v1.0 - (.CCE+SABER.) [HKLM] -- {D445A7B9-69A8-4860-95B9-BB957281D9A0}_is1
O42 - Logiciel: Driver 1.0 - (.Shuttle.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: FreeFixer - (.Kephyr.) [HKLM] -- FreeFixer1.09
O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- IMBoosterARP =>Adware.IMBooster
O42 - Logiciel: Klavaro-1.9.7 - (...) [HKLM] -- Klavaro_is1
O42 - Logiciel: OSD 1.0 - (.OEM.) [HKLM] -- {4C2AF428-6E7F-443E-B147-3A8327C2053F}
O42 - Logiciel: Plugin Letras.mus.br 1.20 - (.Letras.mus.br.) [HKLM] -- Plugin Letras.mus.br
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: i-PowerXross 1.0 - (.OEM.) [HKLM] -- {F1E25CFC-1243-4210-81B6-0C3D104D7083}
~ Logic: 21 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\IminentToolbar] =>Adware.IMBooster
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\SHUTTLE]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\CCB]
[HKLM\Software\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\SoilIO]
[HKLM\Software\Umbrella]
~ Key Software: 230 Legitimates Filtered in 00mn 01s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/12/2012 - 22:49:37 - [] ----D C:\Program Files\Ares
O43 - CFD: 27/04/2013 - 14:49:19 - [] -SH-D C:\Program Files\eb5
O43 - CFD: 13/04/2014 - 12:08:46 - [] ----D C:\Program Files\FreeFixer
O43 - CFD: 05/05/2014 - 22:08:39 - [] ---AD C:\Program Files\Iminent =>Adware.IMBooster
O43 - CFD: 05/05/2014 - 22:08:46 - [] ----D C:\Program Files\IminentToolbar =>Adware.IMBooster
O43 - CFD: 23/04/2014 - 10:41:06 - [] ----D C:\Program Files\Klavaro-1.9.7
O43 - CFD: 25/07/2012 - 21:19:10 - [] ----D C:\Program Files\LGInternetKit
O43 - CFD: 29/03/2012 - 03:05:08 - [] ----D C:\Program Files\PluginLetras
O43 - CFD: 23/07/2010 - 13:56:15 - [] ----D C:\Program Files\Shuttle
O43 - CFD: 10/09/2011 - 21:21:12 - [] ----D C:\Program Files\Vivo
O43 - CFD: 10/09/2011 - 21:21:25 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 05/05/2014 - 22:08:28 - [] ----D C:\Program Files\Common Files\Umbrella
O43 - CFD: 29/04/2014 - 18:31:50 - [] ----D C:\ProgramData\MiniApp
O43 - CFD: 13/04/2014 - 12:09:04 - [0] ----D C:\Users\PC\AppData\Roaming\FreeFixer
O43 - CFD: 05/05/2014 - 22:23:44 - [] ----D C:\Users\PC\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
O43 - CFD: 05/05/2014 - 22:08:45 - [] ----D C:\Users\PC\AppData\Roaming\IminentToolbar =>Adware.IMBooster
O43 - CFD: 28/04/2014 - 11:28:01 - [] ----D C:\Users\PC\AppData\Roaming\klavaro
O43 - CFD: 25/09/2011 - 10:46:00 - [] ----D C:\Users\PC\AppData\Roaming\VIVO INTERNET
O43 - CFD: 17/03/2013 - 17:37:58 - [] ----D C:\Users\PC\AppData\Roaming\[ManufacturerNonTM]
O43 - CFD: 07/12/2012 - 22:49:40 - [] ----D C:\Users\PC\AppData\Local\Ares
O43 - CFD: 13/04/2014 - 12:16:02 - [] ----D C:\Users\PC\AppData\Local\FreeFixer
O43 - CFD: 13/04/2014 - 12:08:47 - [] ----D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
~ Program Folder: 191 Legitimates Filtered in 00mn 01s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A5C914C5CBCFF645434535234BFCEACA] - 01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O44 - LFC:[MD5.0F5E9488E39E62F692741330624D31BC] - 01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 04/05/2014 - 23:02:58 ---A- . (...) -- C:\AVScanner.ini [426]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 05/05/2014 - 11:14:37 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 05/05/2014 - 16:45:28 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.991F351722ABAB0DFFAF44A2EBB053DC] - 05/05/2014 - 17:12:34 ---A- . (...) -- C:\zoek-results.log [19851]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
~ Files: 25 Legitimates Filtered in 00mn 03s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
~ IFEO: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 1 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:29/08/2012 - 13:06:36 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:08/10/2010 - 16:55:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:24/01/2014 - 11:48:32 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:06/08/2010 - 07:42:34 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:04/12/2009 - 16:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:04/12/2009 - 16:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:04/12/2009 - 16:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:06/11/2009 - 23:50:00 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [420864]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 100 Legitimates Filtered in 00mn 02s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 29/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 24/01/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 103 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {460C3D19-B3D4-4964-A550-77D263B0CCCB} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (StartWeb) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.FEED27DEB00EE4340AD66FD870BC2D93] [SPRF][03/09/2011] (.MPC-HC Team - Media Player Classic - Home Cinema Setup.) -- C:\Users\PC\Desktop\MPC-HomeCinema.1.5.2.3456.x86.exe [5607808]
~ Files: 1 Legitimates Filtered in 00mn 00s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\577296.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 01s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Microsoft\Tracing\iminenttoolbar_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\iminenttoolbar_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 287 Legitimates Filtered in 00mn 00s

---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C}] (iminent Helper Object) =>Adware.IMBooster
[HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427}] (Iminent Toolbar) =>Adware.IMBooster
[HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] (IMinent WebBooster (BHO)) =>Adware.IMBooster
~ BCK: 6252 Legitimates Filtered in 00mn 09s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Auto 04/02/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/02/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 11/07/2012 116608 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 27/03/2009 14336 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe
SR - | Auto 29/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 16/11/2010 264704 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe
SR - | Auto 11/04/2014 3052352 | (SProtection) . (.Iminent.) - C:\Program Files\Common Files\Umbrella\Umbrella226.exe =>Adware.IMBooster
SR - | Auto 06/11/2009 229458 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s

---\\ Scâner Aditional (088)
Database Version : 13045 - (04/05/2014)
Clés trouvées (Keys found) : 44
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 8

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C}] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>PUP.Minibar^
[HKLM\SYSTEM\CurrentControlSet\Services\SProtection] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster^
[HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Classes\I] =>Adware.IncrediBar
[HKLM\Software\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl] =>Adware.IMBooster
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Classes\esrv.iminentESrvc] =>Adware.IMBooster
[HKLM\Software\Classes\esrv.iminentESrvc.1] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentappCore] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentappCore.1] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentdskBnd] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentdskBnd.1] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentHlpr] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentHlpr.1] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject.1] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender.1] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{1FAFD711-ABF9-4F6A-8130-5166C7371427} =>Adware.IMBooster^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\extensions\ffxtlbr@iminent.com =>Adware.IMBooster^
C:\Program Files\Iminent =>Adware.IMBooster^
C:\Program Files\IminentToolbar =>Adware.IMBooster^
C:\Users\PC\AppData\Roaming\IminentToolbar =>Adware.IMBooster^
C:\Program Files\Common Files\Umbrella =>Adware.IMBooster
C:\Program Files\Common Files\Umbrella\Umbrella226.exe =>Adware.IMBooster^
C:\Users\PC\AppData\Roaming\igdhbblPCellaljokkpfhcjlagemhgjl\minibarchrome.exe =>PUP.Minibar^
[HKCU\Software\IminentToolbar] =>Adware.IMBooster^
[HKLM\Software\IminentToolbar] =>Adware.IMBooster^
C:\Windows\Installer\577296.msi =>Toolbar.Bing^
[HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C}] (iminent Helper Object) =>Adware.IMBooster^
[HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427}] (Iminent Toolbar) =>Adware.IMBooster^
[HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] (IMinent WebBooster (BHO)) =>Adware.IMBooster^
~ Additionnel Scan: 360259 Items scanned in 00mn 41s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Minibar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Datamngr
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IncrediBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
~ MSI: 7 link(s) detected in 00mn 00s

~ 810 Legitimates filtered by white list
End of the scan (605 lines in 01mn 52s)(0)

por **Power Max** Seg 05 maio 2014, 22:30

Você andou baixando algum adware ou clicando em algum anúncio agora há pouco? porque há outros adwares que não estavam antes no PC.

por pabloescobar Seg 05 maio 2014, 22:31

Eu so cliquei nos que voce mandou no link do cclear so que não baixava o cclar por isso pedi o link pode ter sido isso.

por **Power Max** Seg 05 maio 2014, 22:32

é porque você tem que pegar o "jeito" de não clicar nos anúncios quando for baixar algum programa, você deve ter clicado nos anúncios.

Vamos ter que começar a limpeza tudo de novo.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por pabloescobar Seg 05 maio 2014, 22:34

Mas... esses adware entram no pc sem nem mesmo eu clicar em nada!
Está dificil! Não tem um anti adware não?

por **Power Max** Seg 05 maio 2014, 22:37

Depois no final vou te passar umas dicas que ajudam a bloquear eles. Use o adwcleaner por enquanto.

por pabloescobar Seg 05 maio 2014, 22:41

# AdwCleaner v3.207 - Relatório criado 05/05/2014 às 22:36:42
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Starter (32 bits)
# Usuário : PC - PC-WIN
# Executando de : C:\Users\PC\Downloads\AdwCleaner(1).exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Program Files\IminentToolbar
Pasta Deletada : C:\Users\PC\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
Pasta Deletada : C:\Users\PC\AppData\Roaming\IminentToolbar
Arquivo Deletada : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\invalidprefs.js
Arquivo Deletada : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\searchplugins\iminent.xml
Arquivo Deletada : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\user.js
Arquivo Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16447

-\\ Mozilla Firefox v29.0 (pt-BR)

[ Arquivo : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js ]

Linha deletada : user_pref("browser.startup.homepage", "hxxp://start.iminent.com/?appId=65408595-E681-41FD-8991-62B28C2D5E8C");
Linha deletada : user_pref("extensions.iminent.admin", false);
Linha deletada : user_pref("extensions.iminent.aflt", "orgnl");
Linha deletada : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Linha deletada : user_pref("extensions.iminent.autoRvrt", "false");
Linha deletada : user_pref("extensions.iminent.dfltLng", "");
Linha deletada : user_pref("extensions.iminent.excTlbr", false);
Linha deletada : user_pref("extensions.iminent.ffxUnstlRst", false);
Linha deletada : user_pref("extensions.iminent.id", "d07e79f9000000000000485d601d865a");
Linha deletada : user_pref("extensions.iminent.instlDay", "16196");
Linha deletada : user_pref("extensions.iminent.instlRef", "");
Linha deletada : user_pref("extensions.iminent.newTab", false);
Linha deletada : user_pref("extensions.iminent.prdct", "iminent");
Linha deletada : user_pref("extensions.iminent.prtnrId", "iminent");
Linha deletada : user_pref("extensions.iminent.rvrt", "false");
Linha deletada : user_pref("extensions.iminent.smplGrp", "none");
Linha deletada : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Linha deletada : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Linha deletada : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Linha deletada : user_pref("extensions.iminent.vrsnTs", "1.8.28.322:08:46");
Linha deletada : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Linha deletada : user_pref("iminent.adapters", "{\"[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Linha deletada : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]

-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8338 octets] - [05/05/2014 11:14:01]
AdwCleaner[R1].txt - [5129 octets] - [05/05/2014 22:34:51]
AdwCleaner[R2].txt - [5189 octets] - [05/05/2014 22:35:42]
AdwCleaner[S0].txt - [8055 octets] - [05/05/2014 11:16:32]
AdwCleaner[S1].txt - [5019 octets] - [05/05/2014 22:36:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5079 octets] ##########

por **Power Max** Seg 05 maio 2014, 22:43

Faça uma limpeza com o Zoek como mostra o tutorial abaixo e poste o relatório dele:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

por pabloescobar Seg 05 maio 2014, 23:12

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by PC on 05/05/2014 at 22:45:25,40.
Microsoft Windows 7 Starter 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PC\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-05-201234.log 19851 bytes

==== System Restore Info ======================

05/05/2014 22:46:34 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js:
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "StartWeb");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29/04/2014 18:36]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
34663C9214E30B9B80F1D35A074B8DFC - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5
7DD81A64EB213BF1FB8656345C6A6F1D - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5
D86F9B69869E9354C2031B564998DFB1 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5
57BCE27582F15E360F6003DC67B8C2CC - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5
5D12C858A31BBBE00B040CC7B72035B4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
9013599B12923A45C029C34E8D2211AC - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
65FB4909BD29CAAA81FDC69AD21BB905 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
01F0264937036BD962563F1ADF35CE72 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
BF2AD333C79072EEBE5AE0D72670E64E - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

Koji NISHIDA - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf
Docs - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
YouTube - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\PC\Desktop\Auslogics Disk Defrag.lnk - C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
C:\Users\PC\Desktop\CCleaner - Atalho.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\PC\Desktop\Continue Ccleaner.lnk - C:\Users\PC\Downloads\Ccleaner(1).exe
C:\Users\PC\Desktop\devenv - Atalho.lnk - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\PC\Desktop\Secure Download Manager.lnk - C:\Users\PC\AppData\Roaming\Microsoft\Installer\{D618297E-D3F2-4E18-915C-02182A134394}\_1BD30779A1894CA5522674.exe
C:\Users\PC\Desktop\WindowsPhone - Atalho.lnk - C:\Program Files\Windows Phone\WindowsPhone.exe
C:\Users\PC\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\PC\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\PC\Desktop\Jr\Filmes\Crepusculo Parte 2\Documentos - Atalho.lnk - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Ares.lnk - C:\Program Files\Ares\Ares.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Webcam.lnk - C:\Windows\Installer\{FF6434EA-69FA-4CAA-97F3-5A9EDBD62103}\_AFC4D9FF0CB3A0B91C8D21.exe

==== shortcuts in Users Start Menu ======================

C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\FreeFixer.lnk - C:\Program Files\FreeFixer\freefixer.exe
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\Uninstall.lnk - C:\Program Files\FreeFixer\Uninstall.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro\Klavaro-1.9.7.lnk - C:\Program Files\Klavaro-1.9.7\bin\klavaro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro\Remove-1.9.7.lnk - C:\Program Files\Klavaro-1.9.7\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Desinstalar o QuickTime.lnk - C:\Windows\System32\msiexec.exe /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Sobre o QuickTime.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 3.1 Beta 3.lnk - C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Visualg (Versão 2).lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Visual Studio 2010.lnk - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\qad0app8.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=25 folders=8 5247219 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\PC\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PC\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 05/05/2014 at 23:09:56,50 ======================

por **Power Max** Seg 05 maio 2014, 23:17

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por Conteúdo patrocinado

Adwares e PUPs no PC

Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Re: Adwares e PUPs no PC

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31