Remoção de vírus

[Rafael Turbo]

Olá g4t0_d3_b0t4s.

* Há vários programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_____________________________________________________________________________________________

* Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
[MD5.C84DA49D10EA85B8A625BFDEC9F3A2F6] - (.QNT - Net Service Handler for LocalSystem.) -- C:\Users\Andrey\AppData\Roaming\NetService\netservice.exe [211824] [PID.2808]
R3 - URLSearchHook: (no name) [64Bits] - {e0301295-ab3e-4af3-979f-3d453c5f9f48} . (.Microsoft Corporation - Navegador da Internet.) (No version) -- (.not file.)
O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) -- (.not file.)
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
O4 - HKCU\..\Run: [AdobeBridge] Chave orfã
O4 - HKUS\S-1-5-21-2950536724-862874754-520209536-1000\..\Run: [AdobeBridge] Chave orfã
O23 - Service: Net.Tcp Service Handler (NetTcpHandler) . (.QNT - Net Service Handler for LocalSystem.) - C:\Users\Andrey\AppData\Roaming\NetService\netservice.exe
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
O42 - Logiciel: PC MEGA RAPIDO PRO 2.1 - (.PC MEGA RÁPIDO LTDA.) [HKLM][64Bits] -- {ECA15EC0-CF96-4D19-85D5-1CCD1623FFF1}_is1
[HKCU\Software\Baidu Security]
[HKCU\Software\Baixaki]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\NetTcpHandler]
[HKLM\Software\Wow6432Node\NtSvcHandler]
[HKLM\Software\Wow6432Node\baidu]
O43 - CFD: 19/03/2014 - 01:57:02 - [] ----D C:\Program Files (x86)\PC MEGA RAPIDO PRO 2.1
O43 - CFD: 11/12/2011 - 00:01:15 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC MEGA RAPIDO PRO
O43 - CFD: 29/05/2015 - 21:43:46 - [] ----D C:\Users\Andrey\AppData\Roaming\NetService
O43 - CFD: 30/05/2015 - 01:58:38 - [] ----D C:\Users\Andrey\AppData\Roaming\RunDir
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricemeter_RASAPI32 =>PUP.PriceMeter
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricemeter_RASMANCS =>PUP.PriceMeter
SR - | Auto 20/03/2015 211824 | (NetTcpHandler) . (.QNT.) - C:\Users\Andrey\AppData\Roaming\NetService\netservice.exe
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
ShortcutFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

* Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

 

[Nachmanowicz]

Ajuuuuuuuuuuuuuuuuuuda plz

 

[Rafael Turbo]

Ajuuuuuuuuuuuuuuuuuuda plz

Olá. Já respondi sua mensagem na página anterior deste tópico logo depois de sua primeira mensagem te indicando o primeiro passo na solução de seu problema.

Siga, por gentileza, a dica que te passei e poste aqui o relatório pedido.

 

[g4t0_d3_b0t4s]

Já diminuí o número de inicializações através do CCleaner. Segue o log do ZHPFix:

Spoiler

Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by Andrey at 02/06/2015 23:09:19
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (02mn 25s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\pc mega rapido pro 2.1\unins000.exe

========== Estado dos serviços ==========
BPROTECT Parado

========== Chaves do Registo ==========
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
ELIMINÉ: Service: NetTcpHandler
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baixaki
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\NetTcpHandler
ELIMINÉ: HKLM\Software\Wow6432Node\NtSvcHandler
ELIMINÉ: HKLM\Software\Wow6432Node\baidu
ELIMINÉ: SearchScopes :{012E1000-F331-11DB-8314-0800200C9A66}
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

========== Valores do Registo ==========
ELIMINÉ: URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48}
ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
ELIMINÉ: Toolbar: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
ELIMINÉ RunValue: AdobeBridge

========== Pastas ==========
ELIMINÉ: C:\Users\Andrey\AppData\Local\{185457C2-8059-47F6-9DD4-7D21646BACDE}
ELIMINÉ: C:\Users\Andrey\AppData\Local\{5466DC98-23CE-4601-8979-AE7432F2EDA9}
ELIMINÉ: C:\Users\Andrey\AppData\Local\{8D422045-3A88-4F0D-8F1E-1CA122ED9E29}
ELIMINÉ: C:\Users\Andrey\AppData\Local\{9972CBF8-14F9-467E-A4A3-903970C33760}
ELIMINÉ: C:\Users\Andrey\AppData\Local\{D438C513-EEBE-48D9-AB00-DA3E21D745E7}
ELIMINÉ: C:\Users\Andrey\AppData\Local\{F6607B8C-561D-4334-80CD-9AF0469547FD}

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (36) (249.893.008 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
13 : Chaves do Registo
4 : Valores do Registo
6 : Pastas
3 : Ficheiros
1 : Softwares
1 : Estado dos serviços
1 : Restauração Sistema


End of clean in 03mn 22s

========== Caminho do ficheiro do relatório ==========
C:\Users\Andrey\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/06/2015 23:11:44 [2420]

 

[Rafael Turbo]

Olá gato de botas.

Abra novamente o ( ZHPDiag )

|- Clique "COMPLETA" e aguarde a conclusão:

|- Ao concluir, poste o relatório ZHPDiag.txt

 

[g4t0_d3_b0t4s]

Log mais recente do ZHPDiag:

http://www.cjoint.com/c/EFddWKmkjFJ

 

[Rafael Turbo]

Olá g4t0_d3_b0t4s. Ainda tem 18 itens iniciando junto com o Windows, o que é um número alto e causa lentidão no seu PC. Veja que no relatório do ZHPDiag consta que a memória RAM do seu PC está quase toda ocupada (só sobrou 5% livre), e grande parte disto é por causa do excesso de programas que iniciam automaticamente.
___________________________________________________________________________________________________

* Acesse o link abaixo e selecione todo o texto que contém lá (começando em script zhpfix e indo até emptyclsid):

http://www.cjoint.com/c/EFdm536fhwE
_____________________________________________________________________________________________________________

* Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois destes procedimentos e se os problemas foram resolvidos.

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

 

[g4t0_d3_b0t4s]

Vou tentar desativar mais alguns programas. Aqui está o log do Fix:

Spoiler

Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by Andrey at 03/06/2015 12:57:58
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricemeter_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricemeter_RASMANCS
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ: C:\Windows\Installer\14eea.msi
ELIMINÉ Temporários windows (67) (100.993.663 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
4 : Chaves do Registo
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema


End of clean in 01mn 03s

========== Caminho do ficheiro do relatório ==========
C:\Users\Andrey\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/06/2015 23:11:44 [2501]
C:\Users\Andrey\AppData\Roaming\ZHP\ZHPFix[R2].txt - 03/06/2015 12:58:00 [1440]

 

[Rafael Turbo]

Olá g4t0_d3_b0t4s.

Como está o PC depois destes procedimentos? Os problemas foram resolvidos?

 

[Magnus Fuchs]

surgiu hoje aqui no browser um tal de adrots.ru. essa tranquera esta fazend aparecer um monte de propaganda em russo e vola e meia abre uma aba que o bitdefender diz que não é seguro, ja reodei o bit defener, mas essa tranquera continua. O que me fez pedir ajuda aqui a galera sabia

 

[Rafael Turbo]

Olá Magnus Fuchs.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
http://www.bleepingcomputer.com/download/adwcleaner/

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Obs: Quando você postar o relatório do Adwcleaner, coloque ele entre tags

Spoiler

para que ele fique oculto e não ocupe espaço no Fórum, ok?

 

[Magnus Fuchs]

Fala Rafael, segue ai o relatotio

Spoiler

# AdwCleaner v4.206 - Relatório criado 04/06/2015 às 11:42:19# Atualizado 01/06/2015 por Xplode
# Base de dados : 2015-06-01.1 [Servidor]
# Sistema operacional : Windows 8.1 Pro (x64)
# Usuário : Magnus - FUCHS
# Executando de : C:\Users\Magnus\Desktop\AdwCleaner.exe
# Opção : Limpar


***** [ Serviços ] *****




***** [ Arquivos / Pastas ] *****


Pasta Excluído : C:\ProgramData\Tbccint
Pasta Excluído : C:\Program Files (x86)\Tbccint
Pasta Excluído : C:\Users\Magnus\AppData\Local\Tbccint
Pasta Excluído : C:\Users\Magnus\AppData\LocalLow\PriceGong
Pasta Excluído : C:\Users\Magnus\AppData\LocalLow\Tbccint
Pasta Excluído : C:\Users\Magnus\AppData\LocalLow\BS_Player_ControlBar_B
Pasta Excluído : C:\Users\Magnus\AppData\Roaming\UpdaterEX
Pasta Excluído : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Arquivo Excluído : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfkfdlcdbajamklbneflfbcmfgddmpae_0.localstorage
Arquivo Excluído : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfkfdlcdbajamklbneflfbcmfgddmpae_0.localstorage-journal
Arquivo Excluído : C:\END
Arquivo Excluído : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Arquivo Excluído : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
Arquivo Excluído : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
Arquivo Excluído : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal


***** [ Tarefas agendadas ] *****


Tarefa Apagado : UpdaterEX


***** [ Atalhos ] *****




***** [ Registro ] *****


Chave Apagado : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Chave Apagado : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Chave Apagado : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3329621
Chave Apagado : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Valor Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Valor Apagado : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Valor Apagado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Chave Apagado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Chave Apagado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chave Apagado : HKCU\Software\Conduit
Chave Apagado : HKCU\Software\InstallCore
Chave Apagado : HKCU\Software\SecuredDownload
Chave Apagado : HKCU\Software\UpdaterEX
Chave Apagado : HKCU\Software\AppDataLow\Toolbar
Chave Apagado : HKCU\Software\AppDataLow\Software\PriceGong
Chave Apagado : HKCU\Software\AppDataLow\Software\Tbccint
Chave Apagado : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
Chave Apagado : HKCU\Software\AppDataLow\Software\BS_Player_ControlBar_B
Chave Apagado : HKLM\SOFTWARE\Conduit
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Dados Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local


***** [ Navegadores ] *****


-\\ Internet Explorer v11.0.9600.17416




-\\ Google Chrome v43.0.2357.81


[C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Homepage] :
[C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Startup_URLs] : B0F9E5561ED61F5D63DF4AE1D504CB3E1F74E255D361C86DA7C27690A8C0AE87"},"software_reporter":{"prompt_reason":"812F799E4BFA23B1AC7E058D79E1ED909689D06CF39B405A4E6B7B40FA58EE40","prompt_seed":"18A13A7280924B9A4064A2ECEFA5598B9AC6BFA33E4ED3A243CD17DD99731D46","prompt_version":"FDD88B92972959AA96A8870B5A495664ADB2C8251FD7F1737E02114FEBCCD799"},"sync":{"remaining_rollback_tries":"6C6E5AE03B756054A735CEF2343A03270C28C80A311CD979A6DE027E0E5C37BC"}},"super_mac":"72EE8B28D22A1E4DAEBDD2F41A2B814F3D9239F58AC3D85400FA2AFBF6585AA7"},"session":{"restore_on_startup":1,"startup_urls":["hxxp://www.sweet-page.com/?type=hppp&ts=1398223705&from=cor&uid=WDCXWD10EARS-00Y5B1_WD-WMAV5272115721157


*************************


AdwCleaner[R0].txt - [11238 bytes] - [04/06/2015 10:53:23]
AdwCleaner[S0].txt - [5952 bytes] - [04/06/2015 11:42:19]


########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6011 bytes] ##########

 

[Rafael Turbo]

Magnus Fuchs:

Baixe o programa Junkware Removal Tool no link abaixo:
http://thisisudax.org/downloads/JRT.exe

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

 

[Magnus Fuchs]

Segue ai

Spoiler

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.8 (06.03.2015:1)
OS: Windows 8.1 Pro x64
Ran by Magnus on 04/06/2015 at 12:52:53,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








~~~ Services






~~~ Tasks






~~~ Registry Values


Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9B4CA29CF04201D53A74EA719C66BC5D
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL






~~~ Registry Keys






~~~ Files


Successfully deleted: [File] C:\Windows\system32\drivers\bdsandbox.sys
Successfully deleted: [File] C:\ProgramData\1418431706.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1418432304.bdinstall.bin
Successfully deleted: [File] C:\Users\Magnus\appdata\local\google\chrome\user data\default\local storage\http_static.audienceinsights.net_0.localstorage
Successfully deleted: [File] C:\Users\Magnus\appdata\local\google\chrome\user data\default\local storage\http_static.audienceinsights.net_0.localstorage-journal
Successfully deleted: [File] C:\Users\Magnus\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage
Successfully deleted: [File] C:\Users\Magnus\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage-journal






~~~ Folders


Successfully deleted: [Folder] C:\ProgramData\baidu security
Successfully deleted: [Folder] C:\ProgramData\baidu
Successfully deleted: [Folder] C:\Users\Magnus\AppData\Roaming\baidu






~~~ Chrome




[C:\Users\Magnus\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset


[C:\Users\Magnus\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:


[C:\Users\Magnus\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset


[C:\Users\Magnus\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]










~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/06/2015 at 12:56:23,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[g4t0_d3_b0t4s]

Parece que os problemas se resolveram sim.
Mas, então, onde você observou no relatório do ZHPDiag quantos programas inicializam junto ao meu windows?
Além disso, nos outros programas que usei, JRT, ZHP, Zoek, Malwarebytes, etc, como você observava que ainda haviam erros?
Vou querer dar uma olhada no meu outro PC e no do meu irmão, por isso, queria saber como analisar melhor o resultado de tais programas.

 

[Rafael Turbo]

Olá Magnus Fuchs.

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
http://www.hijackthis.nl/smeenk/

Salve-o no Desktop (Área de Trabalho).

Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
______________________________________________________________

Olá g4t0_d3_b0t4s. Para você aprender a analisar os relatórios e ver os procedimentos a serem feitos seria preciso fazer um curso em remoção de malwares, ou então ter boa experiência nesta área. No caso dos problemas do PC de seu irmão e do seu, sugiro que poste aqui o caso para que possamos desinfectá-los (um de cada vez, ou seja: a gente desinfecta completamente um PC e depois inicia a desinfecção do outro).

Fico feliz que o problema tenha sido resolvido.

* Só para finalizar siga estes tutoriais abaixo, por gentileza:

Excluindo erros e otimizando seu PC com o CCleaner

Elimine arquivos inúteis de seu PC com o PureRa
_______________________________________________________________________________________________________________________

* Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial.
_______________________________________________________________________________________________________________________

Foi um prazer ajudar. Conte sempre conosco!

 

[g4t0_d3_b0t4s]

Entendi. Qual o pré-requisito para praticar um curso desses?
O CCleaner já tenho, sempre o utilizo. Vou fazer a limpeza com os outros programas conforme sua orientação.

Blz, no que precisar aviso aqui.

 

[Rafael Turbo]

Tem alguns fóruns brasileiros como o Linha Defensiva e o Clube do Hardware que oferecem estes cursos, além de alguns fóruns internacionais. O problema é que são concorridos, tem poucas vagas e a pessoa precisa já ter um certo conhecimento na área para ser aceito.

Sempre que precisar estamos por aqui. Um abraço!

 

[g4t0_d3_b0t4s]

Só mais uma coisa, o DelFix, pelo o que li, também deleta o Avast!. Há como impedir a exclusão deste anti-vírus?

 

[Rafael Turbo]

Pode usar o DelFix tranquilamente, ele não remove o Avast e nem outros antivirus. Só remove as ferramentas de remoção de malwares temporárias utilizadas na limpeza do PC.

 

[Magnus Fuchs]

Segue o relatorio

Spoiler

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Magnus on 04/06/2015 at 19:21:35,22.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Magnus\Desktop\zoek.exe [Scan all users] [Script inserted]


==== System Restore Info ======================


04/06/2015 19:26:12 Zoek.exe System Restore Point Created Successfully.


==== Reset Hosts File ======================


# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost


==== Empty Folders Check ======================


C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\Users\Magnus\AppData\Roaming\QuickScan deleted successfully
C:\Users\Magnus\AppData\Local\CombatArms deleted successfully
C:\Users\Magnus\AppData\Local\GGEmpire deleted successfully
C:\Users\Magnus\AppData\Local\Warface deleted successfully


==== Deleting CLSID Registry Keys ======================


HKEY_USERS\S-1-5-21-622900198-2192867158-1654042445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8000D998-7AF8-4EAF-9E8A-04D8DAFA71E9} deleted successfully
HKEY_USERS\S-1-5-21-622900198-2192867158-1654042445-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81DB4346-126B-4878-970E-7B5A1679BB96} deleted successfully


==== Deleting CLSID Registry Values ======================




==== Deleting Services ======================




==== Deleting Files \ Folders ======================


C:\Users\Magnus\.android deleted
C:\PROGRA~2\SorteiaEvolution deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\install.exe deleted
C:\Users\Magnus\AppData\Roaming\WB.CFG deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Magnus\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Magnus\AppData\Local\dsisetup1269993282.exe deleted
C:\Users\Magnus\AppData\Local\dsisetup1861583592.exe deleted


==== Firefox Extensions Registry ======================


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"bdwteff@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff" [27/10/2014 13:32]


==== Chromium Look ======================


Google Chrome Version: 43.0.2357.81


HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fabcmochhfpldjekobfaaggijgohadih - No path found[]


Bitdefender Wallet - Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih
Bookmark Manager - Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda


==== Chromium Startpages ======================


C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Preferences
rsion":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Primeiro usuário","notification_allowed_sites":["https://mail.google.com/"],"per_host_zoom_levels":{}},"protection":{"macs":{}},"safebrowsing":{"enabled":true},"savefile":{"default_directory":"G:\\Torrents\\Pegging Cartoon","type":1},"search":{"suggest_enabled":true},"selectfile":{"last_directory":"H:\\Pen Drive Botões\\Para Impressão"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13058155561313995"},"sync":{"acknowledged_types":["Bookmarks","Preferences","Passwords","Autofill Profiles","Autofill","Themes","Typed URLs","Extensions","Encryption keys","Search Engines","Sessions","Apps","App Notifications"],"app_notifications":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"extensions":true,"has_auth_error":false,"keep_everything_synced":false,"max_invalidation_versions":{"10":"1398222668481000","11":"1408045406472000","12":"1412192731188000","13":"1408028256855000","2":"1401141758950000","3":"1401142670763000","4":"1412182882515000","6":"1412190699092000","9":"1408028256855000"},"passwords":true,"preferences":true,"search_engines":true,"session_sync_guid":"session_syncidaWBNOcLKDR7oGuD6E6bg==","sessions":true,"suppress_start":false,"themes":true,"typed_urls":false,"using_oauth":false},"sync_promo":{"user_skipped":true},"translate_accepted_count":{"ar":0,"de":0,"en":0,"fr":0,"id":0,"ja":0,"ru":3},"translate_blocked_languages":["en"],"translate_denied_count":{"ar":1,"de":3,"en":3,"fr":7,"id":2,"ja":1,"ru":0},"translate_language_blacklist":["en"],"translate_last_denied_time":1415224388592.531,"translate_site_blacklist":[],"translate_too_often_denied":true,"translate_whitelists":{"ru":"pt"},"zerosuggest":{"cachedresults":""}}




==== Chromium Fix ======================


C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.uol.com.br_0.localstorage deleted successfully
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.uol.com.br_0.localstorage-journal deleted successfully
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pt.savefrom.net_0.localstorage deleted successfully
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pt.savefrom.net_0.localstorage-journal deleted successfully
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whysearch.com_0.localstorage deleted successfully
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whysearch.com_0.localstorage-journal deleted successfully


==== Set IE to Default ======================


Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"


New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"


==== All HKCU SearchScopes ======================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"


==== Reset Google Chrome ======================


C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Preferences.copy was reset successfully
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.copy was reset successfully
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Web Data.copy was reset successfully


==== shortcuts on Users Desktops ======================


C:\Users\Magnus\Desktop\Dropbox.lnk - C:\Users\Magnus\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Magnus\Desktop\JDownloader 2.lnk - C:\Users\Magnus\AppData\Local\JDownloader 2.0\JDownloader2.exe
C:\Users\Magnus\Desktop\Popcorn Time.lnk - C:\Users\Magnus\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Magnus\Desktop\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe


==== shortcuts on All Users Desktop ======================


C:\Users\Public\Desktop\ Google Earth Pro.lnk - C:\Program Files (x86)\Google\Google Earth Pro\googleearth.exe
C:\Users\Public\Desktop\Diablo III.lnk - H:\Diablo III\Diablo III Launcher.exe
C:\Users\Public\Desktop\GOG Galaxy.lnk - C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
C:\Users\Public\Desktop\Start BlueStacks.lnk - C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe


==== shortcuts in Users Start Menu ======================


C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Magnus\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Magnus\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Uninstaller.lnk - C:\Users\Magnus\AppData\Local\JDownloader 2.0\Uninstall JDownloader.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Update & Rescue.lnk - C:\Users\Magnus\AppData\Local\JDownloader 2.0\JDownloader2Update.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2.lnk - C:\Users\Magnus\AppData\Local\JDownloader 2.0\JDownloader2.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2015\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2015.lnk -
C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2015\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2015.lnk -
C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2015\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2015\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2015.lnk -
C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Magnus\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe


==== shortcuts in All Users Start Menu ======================


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks\Start BlueStacks.lnk - C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genymotion\Genymotion Shell.lnk - C:\Program Files\Genymobile\Genymotion\genyshell.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genymotion\Genymotion.lnk - C:\Program Files\Genymobile\Genymotion\genymotion.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genymotion\Uninstall Genymotion.lnk - C:\Program Files (x86)\Genymobile\Genymotion\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\GOG Galaxy\GOG Galaxy.lnk - C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Skype for Business 2015.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\dbcicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\sscicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Ajuda do Receitanet 1.07 .lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Desinstalar o Receitanet 1.07.lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Desinstalador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Receitanet 1.07 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SorteiaEvolution\SorteiaEvolution.LNK - C:\Program Files (x86)\SorteiaEvolution\sorteiaEvolution.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]\The Witcher® 3 - Wild Hunt.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]\Uninstall The Witcher® 3 - Wild Hunt.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wimpy Player\Wimpy Player.lnk - C:\Program Files (x86)\Wimpy Player\Wimpy FLV Player.exe


==== shortcuts in Quick Launch ======================


C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CDisplayEx.lnk - C:\Program Files\CDisplayEx\CDisplayEx.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CombatArms.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=http://www.levelupgames.com.br/gerenciadorCampanhas/index.php/combat-arms/jogue-de-graca/cadastro-c.html/?utm_campaign=Combat_Arms_IRSC&utm_source=IRSC&utm_medium=instalador&utm_content=aquisicao --app-window-size=1920,1080
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Dolby Axon.lnk - C:\Program Files (x86)\DolbyAxon\Axon.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Warface.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=http://www.levelupgames.com.br/gerenciadorCampanhas/index.php//warface/jogue-de-graca/cadastro-a.html/?utm_campaign=Warface_IRSC&utm_source=IRSC&utm_medium=instalador&utm_content=aquisicao --app-window-size=1920,1080
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Battle.net Setup.lnk - E:\User Net\Battle.net\Battle.net Launcher.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Bitdefender Total Security 2015.lnk - C:\Program Files (x86)\Bitdefender\Bitdefender 2015\bdagent.exe /seccenter
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Dolby Axon.lnk - C:\Program Files (x86)\DolbyAxon\Axon.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Dragon Age Inquisition.lnk - C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GOG Galaxy.lnk - C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Popcorn Time.lnk - C:\Users\Magnus\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Magnus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -


==== Reset IE Proxy ======================


Value(s) before fix:
"ProxyEnable"=dword:00000000


Value(s) after fix:
"ProxyEnable"=dword:00000000


==== Deleting Registry Keys ======================


HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully


==== Empty IE Cache ======================


C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Magnus\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Magnus\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Magnus\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Magnus\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully


==== Empty FireFox Cache ======================


No FireFox Profiles found


==== Empty Chrome Cache ======================


C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully


==== Empty All Flash Cache ======================


Flash Cache Emptied Successfully


==== Empty All Java Cache ======================


Java Cache cleared successfully


==== C:\zoek_backup content ======================


C:\zoek_backup (files=259 folders=61 107600620 bytes)


==== Empty Temp Folders ======================


C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Magnus\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot


==== After Reboot ======================


==== Empty Temp Folders ======================


C:\Windows\Temp successfully emptied
C:\Users\Magnus\AppData\Local\Temp successfully emptied


==== Empty Recycle Bin ======================


C:\$RECYCLE.BIN successfully emptied


==== EOF on 04/06/2015 at 19:38:14,18 ======================

 

[Rafael Turbo]

Olá Magnus Fuchs.

Faça o download do Malwarebytes em um destes links abaixo:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
http://downloads.malwarebytes.org/mbam-download.php

Obs: Depois de acessar um destes links acima, clique no botão DOWNLOAD, como mostra a imagem abaixo:

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

 

[Magnus Fuchs]

Segue o relatorio

Spoiler

Malwarebytes Anti-Malware
www.malwarebytes.org


Data da Verificação: 05/06/2015
Hora da Verificação: 21:05:19
Arquivo de Log: log1.txt
Administrador: Sim


Versão: 2.01.6.1022
Base de Dados de Malware: v2015.06.05.06
Base de Dados de Rootkit: v2015.06.02.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado


SO: Windows 8.1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Magnus


Tipo da Verificação: Verificação Personalizada
Resultado: Terminado
Objetos Verificados: 792088
Tempo Decorrido: 4 hr, 16 min, 10 seg


Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado


Processos: 0
(Nenhum item malicioso detectado)


Módulos: 0
(Nenhum item malicioso detectado)


Chaves de Registro: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-622900198-2192867158-1654042445-1001_Classes\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}, Quarentena, [2feb40779dedad89c2905b0b0ff4d12f],


Valores de Registro: 1
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarentena, [be5c3e791a702e0812aa9d4ba95a768a]


Dados de Registro: 0
(Nenhum item malicioso detectado)


Pastas: 0
(Nenhum item malicioso detectado)


Arquivos: 23
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe.vir, Quarentena, [0d0df3c4474384b2f0fabd17a75a40c0],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\ProgramData\Tbccint\IE\CT3329621\UninstallerUI.exe.vir, Quarentena, [7aa0b3049ceeaa8c0edc518320e1c838],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\ProgramData\Tbccint\Multi\CT3329621\UninstallerUI.exe.vir, Quarentena, [39e1823521699e988b5f1bb99d640cf4],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Magnus\AppData\Local\Tbccint\Community Alerts\Alert.dll.vir, Quarentena, [32e84077008a52e4bd2d29ab9170a957],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Magnus\AppData\Local\Tbccint\CT3329621\BS_Player_ControlBar_BAutoUpdateHelper.exe.vir, Quarentena, [71a9b9fee2a8a690bb79a0a2c739e41c],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Magnus\AppData\Local\Tbccint\CT3329621\BS_Player_ControlBar_BToolbarHelper.exe.vir, Quarentena, [65b5f4c3b7d353e359db1929df210df3],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Magnus\AppData\LocalLow\BS_Player_ControlBar_B\hk64tbBS_P.dll.vir, Quarentena, [e733595e1e6c12247c6e3c98e31e0ef2],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Magnus\AppData\LocalLow\BS_Player_ControlBar_B\hktbBS_P.dll.vir, Quarentena, [cf4b11a67e0ca5916a8071631de4916f],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Magnus\AppData\LocalLow\BS_Player_ControlBar_B\ldrtbBS_P.dll.vir, Quarentena, [908a3186078342f47971389c22df7e82],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Magnus\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll.vir, Quarentena, [b466b2055634d561915911c3c14048b8],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Magnus\AppData\LocalLow\BS_Player_ControlBar_B\sc64tbBS_P.dll.vir, Quarentena, [28f2496e76148babd8125282c041e11f],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Magnus\AppData\LocalLow\BS_Player_ControlBar_B\sctbBS_P.dll.vir, Quarentena, [2ceec3f4206a48ee4c9ef1e341c0a55b],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Magnus\AppData\LocalLow\BS_Player_ControlBar_B\tbBS_1.dll.vir, Quarentena, [75a57a3d97f30432707af2e208f99b65],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Magnus\AppData\LocalLow\BS_Player_ControlBar_B\tbBS_P.dll.vir, Quarentena, [809abdfa95f515218b5f08ccaa57eb15],
PUP.Optional.DealPly, C:\AdwCleaner\Quarantine\C\Users\Magnus\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe.vir, Quarentena, [12088334f5958caa9a8be76956ace020],
PUP.Optional.DsiLoad, C:\zoek_backup\C_Users_Magnus_AppData_Local_dsisetup1861583592.exe.vir, Quarentena, [34e613a4dab03402263197c929d9d729],
PUP.Optional.DsiLoad, C:\zoek_backup\C_Users_Magnus_AppData_Local_dsisetup1269993282.exe.vir, Quarentena, [ac6e5463a3e7ac8a2f2890d016ec56aa],
PUP.Optional.ClientConnect, H:\Drivers\bsplayer267-1076.exe, Quarentena, [3edc7e39c6c42610a3476f6511f0b64a],
PUP.Optional.Advertiso, H:\Drivers\chrome_setup.exe, Quarentena, [33e7d4e3147630062c8cdc347492ff01],
PUP.Optional.InstallCore, H:\Drivers\UltimateCodec.exe, Quarentena, [a8720fa88a009b9bc9b63bb820e54eb2],
PUP.Optional.InstallCore.A, H:\Instaladores\rmvb-player-102-32-bits.exe, Quarentena, [7e9ceacd0b7f20169cf5c928ac59cf31],
PUP.Optional.Softonic, H:\Pen Drive Botões\escudos em png\Santa Catarina\SoftonicDownloader_para_format-factory.exe, Quarentena, [56c4f8bf2b5f1125bebd3b008f72f40c],
PUP.Optional.Softonic, H:\Pen Drive Botões\Mais escudos e Cartelas Botões\SoftonicDownloader_para_bs-player.exe, Quarentena, [809a2a8db5d580b69dde2c0feb169868],


Setores Físicos: 0
(Nenhum item malicioso detectado)




(end)

 

[Rafael Turbo]

Olá Magnus Fuchs.

Faça o download do < ZHPCleaner > <

> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:

Para executá-lo corretamente siga as dicas desta postagem:

Tutorial completo do ZHPCleaner

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.

 

[Magnus Fuchs]

Relatorio do ZHP

Spoiler

~ ZHPCleaner v2015.6.7.270 by Nicolas Coolman (2015\06\7)
~ Run by Magnus (Administrator) (07/06/2015 11:12:38)
~ Site : http://nicolascoolman.com/fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Magnus\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Magnus\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 8.1, 64-bit (Build 9600)




---\\ Serviços (0)




---\\ Navegadores de Internet (0)
~ Nenhum ítem malicioso foi encontrado.




---\\ Arquivo hosts (2)
SUBSTITUIDO:
Número de redirecionamentos encontrados 1/20




---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso foi encontrado.




---\\ Explorer ( Arquivos, Pastas) (82)
MOVIDO pasta: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
MOVIDO arquivo: C:\Program Files\KMSpico (PUA.KMSpico)
MOVIDO arquivo: C:\Windows\Installer\MSI108A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1260.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI159E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI15DB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1D9D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1E28.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1FB1.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2119.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI214.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2243.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI239C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI26E4.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2761.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2841.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2C0B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI37AE.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI3810.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI3988.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI3B19.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI3C0A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI3C52.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI3C96.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI3D4C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI3E3D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI3E5.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI403B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI40A0.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI427D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI42A4.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI430B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4507.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI466F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4780.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4901.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4AAE.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4BE.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4CB0.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI503D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI531C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI54F2.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI558A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI57CD.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI725D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI740F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI7711.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI777B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI7C6D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI7D0D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI82F9.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI86E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9083.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI91DC.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9981.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9BDE.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA00A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA015.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA8C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA913.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIC42.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID7BD.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDA8D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDC15.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDDCB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDFB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE5DB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIECC1.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIEED6.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF099.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF0BB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF252.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF3F9.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF50.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF5B0.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF7D3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF9E8.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFA2.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFB50.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFCC8.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFE1C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFFA8.tmp- (Empty)




---\\ Registro ( Chaves, Valores, Dados ) (7)
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe (Not File)] (PUA.KMSpico)
SUPRIMIDO chave: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe (Not File)] (PUA.KMSpico)
SUPRIMIDO chave*: HKCU\Software\AppDataLow\Software\Smartbar [] (PUP.QuickShare)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926} [AppleSoftwareUpdateAdmin 1.0 Type Library] (PUP.PUP.UpdateAdmin)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 [KMSpico v9.1.3] (PUA.KMSpico)
SUPRIMIDO chave: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926} [AppleSoftwareUpdateAdmin 1.0 Type Library] (PUP.PUP.UpdateAdmin)
SUPRIMIDO valor: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9B4CA29CF04201D53A74EA719C66BC5D ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window] (PUP.CrossBrowse)




---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Mozilla Firefox)
~ Este navegador está faltando ! (Opera Software)




---\\ Estatísticas
~ Items scan : 705
~ Items encontrado : 1
~ items cancelados : 0
~ Items réparo : 90




End of clean at 11:12:53
===================
ZHPCleaner-[R]-07062015-11_12_53.txt
ZHPCleaner--07062015-11_08_52.txt