Ir para o conteúdo

Publicidade

 Estatísticas do Fórum

  • 0 Usuários ativos

    0 membro(s), 0 visitante(s) e 0 membros anônimo(s)

Foto:

[Resolvido]  Lentidão

  • Por favor, faça o login para responder
17 respostas neste tópico

#1 RafaeL Icassati 2

RafaeL Icassati 2
  • Membros
  • 41 posts

Postado 08 setembro 2013 - 22:21

Bom dia, por favor analisem o meu log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:16:58, on 08/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Users\My\Desktop\ \Nero\WinAVI 9.0 Portable\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.c...campaign=portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.c...campaign=portal
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: BHO - {47B614AF-B4CC-485B-B331-BE26F02ED4CC} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: PSafe ClikSeguro - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: (no name) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - (no file)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GBPLUGIN\gbiehuni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\My\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://*.cga.com.cn
O15 - Trusted Zone: http://*.ogdev.net
O15 - Trusted Zone: http://*.sdo.com
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14265 bytes
 


  • 0

#2 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.057 posts

Postado 09 setembro 2013 - 00:14

Bom Dia! Rafael Icassati2

 

|- Baixe: < ZHPDiag2.exe >  < NicolasCoolman.jpg > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Execute o ícone do pergaminho. ( ZHPDiag )

abynh7jv.jpg

|- Clique: "CONFIGURE"

ZHPDiag_Options2_zps5a090bf7.jpg

|- Clique: "Options" >> "All" >> OK

ZHPDiag_FullAnalysis_zps60157826.jpg

|- Clique: "CONFIGURE" >> "Full Analysis"
|- Aguarde a conclusão!
|- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada.
|- Volte a janela principal da ferramenta.

adcYraWj.jpg

|- Clique "SEARCH" e aguarde a conclusão!
|- Ou clique "Options" >> "None".

ZHPDiag_AdditionalScan_zps21f11520.jpg

|- Marque,apenas,a opção "Additional Scan (O88)".

~ Unselected Option:
 
O1,039,O40,O41,O42,O43,O44,O45,O46,O47,
O48,O49,O50,O51,O52,O53,O54,O55,O56,O57,
O58,O59,O60,O61,O62,O63,O64,O65,O66,O67,
O68,O69,O80,O81,O82,O83,O84,O85,O86,O87,
O89,O90,O91,O92

####

|- Desta forma,estas opções serão desabilitadas!

zhpdia11.png

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < Cjoint_Logo.jpg >

|- Maiores informações: < |Link| >

A+


  • 0

#3 RafaeL Icassati 2

RafaeL Icassati 2
  • Membros
  • 41 posts

Postado 09 setembro 2013 - 08:35

Bom dia DigRam!

scan:

http://pjjoint.malek...9_k7i11d11k14o8
  • 0

#4 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.057 posts

Postado 09 setembro 2013 - 09:39

Bom Dia! RafaeL Icassati2

|- Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg

advz4z8Y.jpg

|- Ps: Dê início à ferramenta,clicando em "Scan".
|- Clique "Clean",caso fique disponível,para cada guia acessada em "Results".

|- Clique nas setinhas laterais,para ter acesso às guias "Firefox" ou "Chrome". < adegUsFH.jpg >
|- Ao concluir,clique "Report".

< C:\AdwCleaner\AdwCleaner[S0].txt > ou < C:\AdwCleaner\AdwCleaner[S1].txt > ;S2, S3;...

|- Poste todos os relatórios que estarão em C:\AdwCleaner <<

-/-

|- Execute este script na ferramenta ZHPFix.

 

Script Zhpfix
[MD5.00000000000000000000000000000000] [APT] [Parker] (...) -- C:\Users\My\AppData\Roaming\msddn.vbs" (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [Tasker] (...) -- C:\Users\My\sec.vbe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [Wisker] (...) -- C:\Users\My\nebp.vbe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{CA4AF682-49C2-49F6-8BD2-7C47C346E96A}] (...) -- C:\Users\My\Downloads\ScratchInstaller1.4.exe (.not file.)   [0]
[MD5.83FC93271A2B1974ED28E659BB835D4C] [SPRF][03/09/2013] (...) -- C:\Users\My\AppData\Local\Temp\down.4248.assistant_v3.exe   [606208]
[MD5.A94AAEDFB0EBD410D67AFCE3C50E9441] [SPRF][05/09/2013] (...) -- C:\Users\My\AppData\Local\Temp\fbinstupd.exe   [236576]
[MD5.317AA08806AD8BA65C277ED84E084E70] [SPRF][05/09/2013] (...) -- C:\Users\My\AppData\Local\Temp\lkaseoihcaig.exe   [124880]
[MD5.2C7B219CD45E962C49B1834083C75183] [SPRF][05/10/2012] (...) -- C:\Users\My\AppData\Local\Temp\sqlite3.dll   [600868]
G1 - GCS: Preference [User Data\Default] http://mystart.incredibar.com  =>Adware.IncrediBar
M2 - MFEP: prefs.js [My - 1q6lsz8d.default\a2fskh@eauipfqfw.edu] [] savvenshhaRE  v5.10 (..)  =>Adware.SaveShare
M2 - MFEP: prefs.js [My - 1q6lsz8d.default\ooa_ooioa@cubwugm.net] [] ssafE isiavue v1.5 (..)  =>Adware.SafeSave
M2 - MFEP: prefs.js [My - 1q6lsz8d.default\vqr4.oy@xskxfzeau-oyi.co.uk] [] saofee ssaive v1.5 (..)  =>Adware.SafeSave
[MD5.F498F9A6044DE57744BD465662E6AD77] [APT] [BHO updater] (...) -- C:\Program Files (x86)\Internet Explorer\Updater.exe   [117760]
O42 - Logiciel: Browser Helper Object - (.APC Soft.) [HKLM][64Bits] -- Browser Helper Object1.4    
O42 - Logiciel: OptimizerPro - (.BetterSoft.) [HKLM][64Bits] -- OptimizerPro  =>PUP.OptimizerPro   
O43 - CFD: 03/09/2013 - 22:12:26 - [2,944] ----D C:\ProgramData\InstallMate
O43 - CFD: 23/08/2013 - 10:38:51 - [0] ----D C:\ProgramData\StarApp
O43 - CFD: 04/09/2013 - 07:52:25 - [0] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 18/01/2013 - 19:37:35 - [2,258] ----D C:\Program Files (x86)\Browser Helper Object    
O43 - CFD: 24/08/2013 - 09:19:27 - [0] ----D C:\ProgramData\Babylon  =>Toolbar.Babylon
O43 - CFD: 04/09/2013 - 07:52:29 - [0,002] ----D C:\ProgramData\Baidu Security
O43 - CFD: 03/09/2013 - 22:12:23 - [0,025] ----D C:\ProgramData\saofee ssaive  =>Adware.SafeSave
O43 - CFD: 07/09/2013 - 10:25:09 - [0,013] ----D C:\ProgramData\savvenshhaRE  =>Adware.SaveShare
O43 - CFD: 03/09/2013 - 22:12:23 - [0,025] ----D C:\ProgramData\ssafE isiavue  =>Adware.SafeSave
O43 - CFD: 04/09/2013 - 07:52:33 - [2,042] ----D C:\Users\My\AppData\Roaming\Baidu Security
O43 - CFD: 24/08/2013 - 09:23:25 - [0] ----D C:\Users\My\AppData\Local\Lollipop  =>Adware.Lollipop
O44 - LFC:[MD5.118960D109F52515A0D9369139203D6D] - 04/09/2013 - 07:52:30 RSHAD . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys   [76096]
O45 - LFCP:[MD5.CE9318456B50068E8D453D986A5EDEBD] - 09/09/2013 - 07:34:19 ---A- - C:\Windows\Prefetch\HPSF_TASKS.EXE-9FFDF802.pf
O64 - Services: CurCS - 08/08/2013 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx)  .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BPROTECTEX
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.admin", false);  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.aflt", "babsst");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.autoRvrt", "false");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.bbDpng", "24");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.cntry", "BR");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.dfltLng", "pt");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.excTlbr", false);  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.hdrMd5", "C1E0EA28026B7B86D822036AC137EB09");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.hpFFXOld", "http://www.google.com.br/");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.id", "284790bb000000000000705ab68ec19e");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.instlDay", "15941");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.instlRef", "sst");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.kwURLOld", "http://www.bing.com/...7DF&PC=UP97&q=");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.lastB", "http://www.google.com.br/");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.24.69:19:50");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.newTab", false);  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"72\",\"lastVrsn\":\"72\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\[...]  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.prtkDS", 0);  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.prtkHmpg", 0);  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.rvrt", "false");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.sg", "azb");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.smplGrp", "none");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.tlbrId", "base");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylo...00000705ab68ec1[...]  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.6");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.69:19:50");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.6");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar_i.babExt", "");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=123494&tsp=4984");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss");  =>Toolbar.Babylon
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");  =>PUP.SweetIM
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");  =>PUP.SweetIM
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");  =>PUP.SweetIM
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("sweetim.toolbar.previous.keyword.URL", "");  =>PUP.SweetIM
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");  =>PUP.SweetIM
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");  =>PUP.SweetIM
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");  =>PUP.SweetIM
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("sweetim.toolbar.searchguard.enable", "false");  =>PUP.SweetIM  
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("aol_toolbar.default.homepage.check", false);
O69 - SBI: prefs.js [My - 1q6lsz8d.default] user_pref("aol_toolbar.default.search.check", false);
O87 - FAEL: "{8339143A-5A69-4CE9-91E9-BDB503E7917F}" |In - Private - P6 - TRUE | .(...) -- C:\Levelup Games\Grand Chase\main.exe (.not file.)
O87 - FAEL: "{3514E523-0FCD-48A1-9D9B-058645C5B473}" |In - Private - P17 - TRUE | .(...) -- C:\Levelup Games\Grand Chase\main.exe (.not file.)
O87 - FAEL: "TCP Query User{ACC0102E-91F1-4923-BB23-667A30CB8CFB}C:\users\my\appdata\local\apps\2.0\gw8xpkye.8kv\17qe1x7v.3pm\leve..tion_d2c9776e4c5c026e_0000.0009_56dd4697dc5712d0\levelup.downloaderclient.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\my\appdata\local\apps\2.0\gw8xpkye.8kv\17qe1x7v.3pm\leve..tion_d2c9776e4c5c026e_0000.0009_56dd4697dc5712d0\levelup.downloaderclient.exe (.not file.)
O87 - FAEL: "UDP Query User{5754F352-477D-49AB-9BA6-D3B35D73FB54}C:\users\my\appdata\local\apps\2.0\gw8xpkye.8kv\17qe1x7v.3pm\leve..tion_d2c9776e4c5c026e_0000.0009_56dd4697dc5712d0\levelup.downloaderclient.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\my\appdata\local\apps\2.0\gw8xpkye.8kv\17qe1x7v.3pm\leve..tion_d2c9776e4c5c026e_0000.0009_56dd4697dc5712d0\levelup.downloaderclient.exe (.not file.)
O87 - FAEL: "{B1EE6552-340E-4921-A9DE-CC0D08781097}" |In - Private - P6 - FALSE | .(...) -- C:\Users\My\AppData\Local\Temp\nsqB38.tmp\incredimail_Setup.exe (.not file.)
O87 - FAEL: "{CFD2A47D-15EF-474D-8C66-94BE7DC8751A}" |In - Private - P17 - FALSE | .(...) -- C:\Users\My\AppData\Local\Temp\nsqB38.tmp\incredimail_Setup.exe (.not file.)
O87 - FAEL: "{EA411FFE-CD7E-4374-866C-5C8524DC80CD}" |In - Private - P6 - TRUE | .(...) -- C:\Ongame\MercuryRed\MercuryClient.exe (.not file.)
O87 - FAEL: "{DAA081EB-6C6E-4237-B9A0-78689658F9DD}" |In - Private - P17 - TRUE | .(...) -- C:\Ongame\MercuryRed\MercuryClient.exe (.not file.)
O87 - FAEL: "TCP Query User{DF441EEE-2510-4EC7-8D32-B024DD260CEB}C:\users\my\desktop\microsoft.visio.2010.std.pro.premium.with.sp1-zwtiso\crack\keygen.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\my\desktop\microsoft.visio.2010.std.pro.premium.with.sp1-zwtiso\crack\keygen.exe (.not file.)    
O87 - FAEL: "UDP Query User{523A45C3-FEAB-4401-A83D-A28A6E425D83}C:\users\my\desktop\microsoft.visio.2010.std.pro.premium.with.sp1-zwtiso\crack\keygen.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\my\desktop\microsoft.visio.2010.std.pro.premium.with.sp1-zwtiso\crack\keygen.exe (.not file.)    

[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified    
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS]   =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]   =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\IncrediMail]
[HKCU\Software\Yahoo]   =>Toolbar.Yahoo^
[HKCU\Software\BabSolution]  =>Hijacker.BabSolution
[HKCU\Software\BabylonToolbar]  =>Toolbar.Babylon
[HKCU\Software\Baidu Security]
[HKCU\Software\Iminent]  =>Adware.IMBooster
[HKCU\Software\lollipop]  =>Adware.Lollipop
[HKLM\Software\Wow6432Node\360Safe]    
[HKLM\Software\Wow6432Node\Iminent]  =>Adware.IMBooster
[HKLM\Software\Wow6432Node\SP Global]  =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector]  =>PUP.Mocaflix
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro]   =>PUP.OptimizerPro^
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}]   =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]   =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]   =>Adware.CDNHelper
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}]   =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}]   =>PUP.RewardsArcade
[HKCU\Software\BabylonToolbar]   =>Toolbar.Babylon
[HKCU\Software\lollipop]   =>Adware.Lollipop
[HKCU\Software\Iminent]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent]   =>Adware.IMBooster
[HKLM\Software\Wow6432Node\SP Global]   =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector]   =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP]   =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc]   =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}]   =>Adware.Agent
[HKCU\Software\Classes\MF]   =>PUP.MediaFinder
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc]   =>Hijacker.22find
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47B614AF-B4CC-485B-B331-BE26F02ED4CC}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47B614AF-B4CC-485B-B331-BE26F02ED4CC}]   =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Browser Helper Object1.4]   =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}]   =>Adware.MagniPic
[HKLM\Software\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}]   =>Adware.MagniPic
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc]   =>PUP.eSafeSecurity
[HKLM\Software\Wow6432Node\360Safe]   =>Trojan.Lozavita
[HKCU\Software\BabSolution]   =>Hijacker.BabSolution^
C:\ProgramData\InstallMate   =>Toolbar.Tarma
C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp   =>Toolbar.Wajam
C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\a2fskh@eauipfqfw.edu   =>Adware.SaveShare^
C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\ooa_ooioa@cubwugm.net   =>Adware.SafeSave^
C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\vqr4.oy@xskxfzeau-oyi.co.uk   =>Adware.SafeSave^
C:\ProgramData\Babylon   =>Toolbar.Babylon^
C:\ProgramData\Baidu Security
C:\Program Files (x86)\Baidu Security
C:\ProgramData\saofee ssaive   =>Adware.SafeSave^
C:\ProgramData\savvenshhaRE   =>Adware.SaveShare^
C:\ProgramData\ssafE isiavue   =>Adware.SafeSave^
C:\Users\My\AppData\Local\Lollipop   =>Adware.Lollipop^
C:\Program Files (x86)\Browser Helper Object   =>Toolbar.Babylon
C:\Program Files (x86)\Internet Explorer\cr_addon.crx   =>Toolbar.Babylon

emptytemp
emptyflash
emptyclsid
firewallraz


|- Poste o relatório!

At+


Editado por DigRam, 09 setembro 2013 - 18:39 .
Incluir linha de comando!

  • 0

#5 RafaeL Icassati 2

RafaeL Icassati 2
  • Membros
  • 41 posts

Postado 09 setembro 2013 - 22:46

Boa noite DigRam!

 

# AdwCleaner v3.003 - Relatório criado 09/09/2013 no 22:21:45
# Atualizado 07/09/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : My - MY-PC
# Executando de : C:\Users\My\Desktop\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletado : dealplylive
[#] Serviço Deletado : dealplylivem
Serviço Deletado : WsysSvc

***** [ Arquivos / Pastas ] *****

Pasta Deletado : C:\SearchProtect
Pasta Deletado : C:\ProgramData\Babylon
Pasta Deletado : C:\ProgramData\BetterSoft
Pasta Deletado : C:\ProgramData\DealPlyLive
Pasta Deletado : C:\ProgramData\eSafe
Pasta Deletado : C:\ProgramData\StarApp
Pasta Deletado : C:\ProgramData\saofee ssaive
Pasta Deletado : C:\ProgramData\savvenshhaRE
Pasta Deletado : C:\ProgramData\ssafE isiavue
Pasta Deletado : C:\Program Files (x86)\DealPly
Pasta Deletado : C:\Program Files (x86)\DealPlyLive
Pasta Deletado : C:\Users\My\AppData\Local\DealPlyLive
Pasta Deletado : C:\Users\My\AppData\Local\lollipop
Pasta Deletado : C:\Users\My\AppData\Local\SwvUpdater
Pasta Deletado : C:\Users\My\AppData\Local\Temp\eIntaller
Pasta Deletado : C:\Users\My\AppData\Roaming\DealPly
Pasta Deletado : C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Deletado : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\Extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}
Pasta Deletado : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\Extensions\vqr4.oy@xskxfzeau-oyi.co.uk
Pasta Deletado : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\Extensions\ooa_ooioa@cubwugm.net
Pasta Deletado : C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Pasta Deletado : C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\goehdmpelkbhjmilajgkjbdmbdohfcdm
Pasta Deletado : C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlpbfbnpdgkajiaoajobpahnabdgomfb
Arquivo Deletado : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\\invalidprefs.js
Arquivo Deletado : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml
Arquivo Deletado : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\user.js
Arquivo Deletado : C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletado : C:\Windows\Tasks\AmiUpdXp.job
Arquivo Deletado : C:\Windows\System32\Tasks\AmiUpdXp
Arquivo Deletado : C:\Windows\Tasks\Dealply.job
Arquivo Deletado : C:\Windows\System32\Tasks\Dealply
Arquivo Deletado : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
Arquivo Deletado : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
Arquivo Deletado : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
Arquivo Deletado : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
Arquivo Deletado : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Atalhos ] *****

Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Atalho Desinfectada : C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\firefox - Atalho.lnk
Atalho Desinfectada : C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk

***** [ Registro ] *****

Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deleteda : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Chave Deleteda : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Chave Deleteda : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Chave Deleteda : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Chave Deleteda : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deleteda : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_cheat-engine_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_cheat-engine_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_everest_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_everest_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_free-wma-to-mp3-converter_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_free-wma-to-mp3-converter_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_freez-flv-to-mp3-converter_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_freez-flv-to-mp3-converter_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deleteda : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Chave Deleteda : HKCU\Software\BabSolution
Chave Deleteda : HKCU\Software\BabylonToolbar
Chave Deleteda : HKCU\Software\DealPly
Chave Deleteda : HKCU\Software\dealplylive
Chave Deleteda : HKCU\Software\Iminent
Chave Deleteda : HKCU\Software\lollipop
Chave Deleteda : HKLM\Software\DealPly
Chave Deleteda : HKLM\Software\dealplylive
Chave Deleteda : HKLM\Software\eSafeSecControl
Chave Deleteda : HKLM\Software\Iminent
Chave Deleteda : HKLM\Software\qvo6Software
Chave Deleteda : HKLM\Software\SP Global
Chave Deleteda : HKLM\Software\SProtector
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSysControl
Chave Deleteda : [x64] HKLM\SOFTWARE\DeviceVM
Chave Deleteda : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Chave Deleteda : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16660

Configurações Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (pt-BR)

[ Arquivo : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\prefs.js ]

Linha deletada : user_pref("aol_toolbar.default.homepage.check", false);
Linha deletada : user_pref("aol_toolbar.default.search.check", false);
Linha deletada : user_pref("browser.newtab.url", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=hp&from=amt&uid=WDCXWD5000BEKT-60KA9T0_WD-WXA1E51AVM26AVM26&ts=1378775170");
Linha deletada : user_pref("browser.search.defaultenginename", "qvo6");
Linha deletada : user_pref("browser.search.order.1", "qvo6");
Linha deletada : user_pref("browser.search.selectedEngine", "qvo6");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=hp&from=amt&uid=WDCXWD5000BEKT-60KA9T0_WD-WXA1E51AVM26AVM26&ts=1378775170");
Linha deletada : user_pref("extensions.5217429472f7b.scode", "new function(){var a=this;a.domain_storage=\"hxxp://xls.searchfun.in\";a.prefix=\"if72ru4ruh7fewui\";a.conf={\"1\":{\"0\":1,\"1\":86400,\"2\":0,\"3\":0,\"4[...]
Linha deletada : user_pref("extensions.5218127c3c84d.scode", "new function(){var a=this;a.domain_storage=\"hxxp://xls.searchfun.in\";a.prefix=\"if72ru4ruh7fewui\";a.conf={\"1\":{\"0\":1,\"1\":86400,\"2\":0,\"3\":0,\"4[...]
Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);
Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Linha deletada : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.bbDpng", "24");
Linha deletada : user_pref("extensions.BabylonToolbar.cntry", "BR");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "pt");
Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.BabylonToolbar.hdrMd5", "C1E0EA28026B7B86D822036AC137EB09");
Linha deletada : user_pref("extensions.BabylonToolbar.hpFFXOld", "hxxp://www.google.com.br/");
Linha deletada : user_pref("extensions.BabylonToolbar.id", "284790bb000000000000705ab68ec19e");
Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15941");
Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar.kwURLOld", "hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.lastB", "hxxp://www.google.com.br/");
Linha deletada : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.24.69:19:50");
Linha deletada : user_pref("extensions.BabylonToolbar.newTab", false);
Linha deletada : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"72\",\"lastVrsn\":\"72\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar.rvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.sg", "azb");
Linha deletada : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=284790bb000000000000705ab68ec19e&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.6");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.69:19:50");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.6");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=123494&tsp=4984");
Linha deletada : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Linha deletada : user_pref("extensions.OfZvuMbX.scode", "if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=74[...]
Linha deletada : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Linha deletada : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Linha deletada : user_pref("sweetim.toolbar.searchguard.enable", "false");

-\\ Google Chrome v

[ Arquivo : C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleteda : icon_url
Deleteda : search_url
Deleteda : keyword
Deleteda : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [25698 octets] - [09/09/2013 22:11:24]
AdwCleaner[S0].txt - [22747 octets] - [09/09/2013 22:21:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22808 octets] ##########
 

 

 

 

 

 

 

 

 

 

 

 

 

Rapport de ZHPFix 2013.9.7.2 par Nicolas Coolman, Update du 07/09/2013
Fichier d'export Registre :
Run by My at 09/09/2013 22:42:54
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\browser helper object\uninstall.exe

========== Processo memória ==========
ELIMINÉ Memory Process: C:\Users\My\AppData\Local\Temp\down.4248.assistant_v3.exe
ELIMINÉ Memory Process: C:\Users\My\AppData\Local\Temp\fbinstupd.exe
ELIMINÉ Memory Process: C:\Users\My\AppData\Local\Temp\lkaseoihcaig.exe
ELIMINÉ Memory Process: C:\Program Files (x86)\Internet Explorer\Updater.exe

========== Modulos memória ==========
ELIMINÉ Memory Module: C:\Users\My\AppData\Local\Temp\sqlite3.dll

========== Chaves do Registo ==========
ELIMINÉ [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Browser Helper Object1.4]
ERRO: Service Legacy: LEGACY_BPROTECTEX
ELIMINÉ*: HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32
ELIMINÉ*: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ*: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ: HKLM\Software\Wow6432Node\IncrediMail
ELIMINÉ: HKCU\Software\Yahoo
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ*: HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
ELIMINÉ*: HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
ELIMINÉ*: HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
ELIMINÉ*: HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
ELIMINÉ*: HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
ELIMINÉ*: HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
ELIMINÉ*: HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
ELIMINÉ*: HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
ELIMINÉ*: HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
ELIMINÉ*: HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
ELIMINÉ*: HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
ELIMINÉ*: HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
ELIMINÉ*: HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
ELIMINÉ*: HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
ELIMINÉ*: HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
ELIMINÉ*: HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
ELIMINÉ*: HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
ELIMINÉ*: HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
ELIMINÉ*: HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
ELIMINÉ*: HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
ELIMINÉ*: HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
ELIMINÉ*: HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
ELIMINÉ*: HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
ELIMINÉ*: HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
ELIMINÉ*: HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
ELIMINÉ*: HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
ELIMINÉ*: HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
ELIMINÉ*: HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
ELIMINÉ*: HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
ELIMINÉ*: HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
ELIMINÉ*: HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
ELIMINÉ*: HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
ELIMINÉ*: HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
ELIMINÉ*: HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
ELIMINÉ*: HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
ELIMINÉ*: HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
ELIMINÉ*: HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
ELIMINÉ*: HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
ELIMINÉ*: HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
ELIMINÉ*: HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
ELIMINÉ*: HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
ELIMINÉ*: HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
ELIMINÉ*: HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
ELIMINÉ: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc
ELIMINÉ: HKCU\Software\Classes\MF
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47B614AF-B4CC-485B-B331-BE26F02ED4CC}
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47B614AF-B4CC-485B-B331-BE26F02ED4CC}
ELIMINÉ*: HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
ELIMINÉ: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc

========== Valores do Registo ==========
ELIMINÉ {8339143A-5A69-4CE9-91E9-BDB503E7917F}
ELIMINÉ {3514E523-0FCD-48A1-9D9B-058645C5B473}
ELIMINÉ TCP Query User{ACC0102E-91F1-4923-BB23-667A30CB8CFB}C:\users\my\appdata\local\apps\2.0\gw8xpkye.8kv\17qe1x7v.3pm\leve..tion_d2c9776e4c5c026e_0000.0009_56dd4697dc5712d0\levelup.downloaderclient.exe
ELIMINÉ UDP Query User{5754F352-477D-49AB-9BA6-D3B35D73FB54}C:\users\my\appdata\local\apps\2.0\gw8xpkye.8kv\17qe1x7v.3pm\leve..tion_d2c9776e4c5c026e_0000.0009_56dd4697dc5712d0\levelup.downloaderclient.exe
ELIMINÉ {B1EE6552-340E-4921-A9DE-CC0D08781097}
ELIMINÉ {CFD2A47D-15EF-474D-8C66-94BE7DC8751A}
ELIMINÉ {EA411FFE-CD7E-4374-866C-5C8524DC80CD}
ELIMINÉ {DAA081EB-6C6E-4237-B9A0-78689658F9DD}
ELIMINÉ TCP Query User{DF441EEE-2510-4EC7-8D32-B024DD260CEB}C:\users\my\desktop\microsoft.visio.2010.std.pro.premium.with.sp1-zwtiso\crack\keygen.exe
ELIMINÉ UDP Query User{523A45C3-FEAB-4401-A83D-A28A6E425D83}C:\users\my\desktop\microsoft.visio.2010.std.pro.premium.with.sp1-zwtiso\crack\keygen.exe
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ FirewallRaz (Public) : {3B06FF2E-E1FC-47D2-8901-0C8B845CEF3B}
ELIMINÉ FirewallRaz (Public) : {49709CC9-DAD3-48FF-A94A-B65ED5AE5B59}
ELIMINÉ FirewallRaz (Domain) : NetPres-In-TCP-NoScope
ELIMINÉ FirewallRaz (Domain) : NetPres-Out-TCP-NoScope
ELIMINÉ FirewallRaz (None) : NetPres-WSD-In-UDP
ELIMINÉ FirewallRaz (None) : NetPres-WSD-Out-UDP
ELIMINÉ FirewallRaz (Public) : NetPres-In-TCP
ELIMINÉ FirewallRaz (Public) : NetPres-Out-TCP
ELIMINÉ FirewallRaz (None) : {C8ED808F-114D-4567-8CFF-839BB5CF7B6A}
ELIMINÉ FirewallRaz (None) : {4A0F7C31-F5F3-4265-9960-E50E11201B14}
ELIMINÉ FirewallRaz (None) : {28AA40B8-11EE-42D7-9928-9FCD0219BB69}
ELIMINÉ FirewallRaz (None) : {E2BCADA7-F9FA-4F97-84B3-B4F8385918CB}
ELIMINÉ FirewallRaz (None) : {18F035AC-D155-4FCC-8C0F-E05AFC319C57}
ELIMINÉ FirewallRaz (None) : {A2B8EEE5-835D-4089-A9F1-397B879E5CA5}
ELIMINÉ FirewallRaz (None) : {F9874522-58C3-469F-B9DC-E3F936E6223F}
ELIMINÉ FirewallRaz (None) : {7D4C1BF1-157C-4CFB-AD7B-04CACC13FB8B}
ELIMINÉ FirewallRaz (Private) : {B2E53216-EFFD-414F-B268-DCB21899E42A}
ELIMINÉ FirewallRaz (Private) : {21EF19DC-602A-4C88-8C25-33FD5A0578A3}
ELIMINÉ FirewallRaz (Private) : {F923EF78-8AB0-45FB-9B01-BB7BEF2509B8}
ELIMINÉ FirewallRaz (Private) : {C5336482-60C6-4091-BC2F-0D59F2B4A6DD}
ELIMINÉ FirewallRaz (Private) : {01FF13CE-0240-48EB-9B13-B0EA6CDEB1B2}
ELIMINÉ FirewallRaz (Private) : {C0B48D6A-529E-4410-828B-F4AE48233B0D}
ELIMINÉ FirewallRaz (Private) : {C0902F6A-6EF9-4578-AA1F-A5A21EB55AB9}
ELIMINÉ FirewallRaz (Private) : {A4BED9BB-A1A9-490E-AA58-96453076BBE4}
ELIMINÉ FirewallRaz (Private) : {6548D86A-E13E-4B7D-96C2-3EC00A854420}
ELIMINÉ FirewallRaz (Private) : {E635D2F1-9A0B-46C1-9E5B-0FF21B7A5ECD}
ELIMINÉ FirewallRaz (Private) : {82AE1416-BD88-481C-B31D-91D9AA0DD37B}
ELIMINÉ FirewallRaz (Private) : {49FD261B-9438-4F8E-9806-352F68BA06F6}
ELIMINÉ FirewallRaz (Private) : {256C1B56-2E9C-4BA6-8F04-8B03F5AE79DA}
ELIMINÉ FirewallRaz (Private) : {AC489CD3-0866-4D1F-81AC-269857BFA1F4}
ELIMINÉ FirewallRaz (Private) : {1300FEE8-448D-49B5-A893-C497C32F16B5}
ELIMINÉ FirewallRaz (Private) : {FFBAFE41-8745-4D15-92DB-E95CEC1EC46E}
ELIMINÉ FirewallRaz (Private) : {91555FC8-0095-4160-8854-2B4F44FAD27A}
ELIMINÉ FirewallRaz (Private) : {2D9EA947-43F7-412C-ADB0-5C1B411416FE}
ELIMINÉ FirewallRaz (Private) : {1024E515-F4BF-434F-B68C-70C3EA95D988}
ELIMINÉ FirewallRaz (Public) : {19F2D4AA-A69B-49F5-A043-0ADD45F28F8E}
ELIMINÉ FirewallRaz (Private) : {9A1654E3-083E-4DA5-9FBB-A5F0E7BF9F7C}
ELIMINÉ FirewallRaz (Private) : {6B9CD2E1-EEA4-4702-B6A9-F40233302555}
ELIMINÉ FirewallRaz (Private) : {14B8BCFC-C60D-4A07-801A-A8C217E6836D}
ELIMINÉ FirewallRaz (Private) : {7EF56B30-A767-4743-96CE-9876D556145D}
ELIMINÉ FirewallRaz (Private) : {F87BFE7B-16E0-4821-AA87-7A644B331292}
ELIMINÉ FirewallRaz (Private) : {8FC51580-DA7C-4824-8BA0-EA28261A468E}
ELIMINÉ FirewallRaz (Private) : {CBF6F262-04E7-427C-A4FF-88BB07E0582F}
ELIMINÉ FirewallRaz (Private) : {FE2C434A-2DBB-48AF-B890-BECBE71A922C}
ELIMINÉ FirewallRaz (Private) : {C5ECD555-4D33-401B-9A7B-D14001D75505}
ELIMINÉ FirewallRaz (Private) : {F7126051-2AF5-49B6-95E5-5D4BDAB26466}
ELIMINÉ FirewallRaz (Private) : {22B5C077-73AB-4DB2-86D7-A5CFFC5E2CC2}
ELIMINÉ FirewallRaz (Private) : {93B3AD0C-FB29-4964-A666-968A3A03B41B}
ELIMINÉ FirewallRaz (Private) : {1FF4BB4F-CC92-46F0-A47A-6951620A2E6C}
ELIMINÉ FirewallRaz (Private) : {C730B92C-EA2A-4461-8648-D37A4959CE60}
ELIMINÉ FirewallRaz (Private) : {5FDE7A16-6E88-4480-8E78-E6B5F7910F86}
ELIMINÉ FirewallRaz (Private) : {6EFB9894-BD34-4899-BA8B-0022960528CF}
ELIMINÉ FirewallRaz (Public) : {3E7AEF5F-33DE-4BA2-9EEB-F178CA7B4A52}
ELIMINÉ FirewallRaz (Private) : {48CFADE9-6025-44CB-BD08-EB05E8BF50BA}
ELIMINÉ FirewallRaz (Private) : {4685D470-F2EA-4EC1-9A5B-64A07E37F69B}
ELIMINÉ FirewallRaz (Private) : {7F8DD097-8E62-45E0-BD76-7CB0E1421BE5}
ELIMINÉ FirewallRaz (Private) : {F120D2BD-B7A6-4AF0-9706-431901C6D540}
ELIMINÉ FirewallRaz (Private) : {E236EDC6-01DD-42FA-815A-D1D74F489B36}
ELIMINÉ FirewallRaz (Private) : {3E5062CC-0CF1-41D4-A2B0-FF4C5485038E}
ELIMINÉ FirewallRaz (Private) : {36022797-0429-4AF9-B42D-1BF02FE1111F}
ELIMINÉ FirewallRaz (Private) : {EDBDB3FC-3B61-4DFC-9934-D65D45BE2A5C}
ELIMINÉ FirewallRaz (Private) : {F7492A9D-AECA-449D-828D-42BC84CFC1E6}
ELIMINÉ FirewallRaz (Private) : {16157B71-EBFD-413E-A924-C57501EEAA8C}
ELIMINÉ FirewallRaz (Private) : {437CB083-6F91-4844-869D-DFD09D62E8BC}
ELIMINÉ FirewallRaz (Private) : {DDECB37B-C9C2-4B8C-8CD4-1FC2840ACD2B}
ELIMINÉ FirewallRaz (Private) : {9BB18390-2B66-48B0-9BFB-068B26A5F337}
ELIMINÉ FirewallRaz (Private) : {DDC9CA20-B68B-4D52-940F-674DC581D473}
ELIMINÉ FirewallRaz (Private) : {416C9A6A-E928-4951-8463-2B2398C2E752}
ELIMINÉ FirewallRaz (Private) : {CF7B568B-56A9-4CA4-B45C-092A04A500AC}
ELIMINÉ FirewallRaz (Private) : {61096D3B-7EBE-4313-8FAA-AD8EE4A3BE2D}
ELIMINÉ FirewallRaz (Private) : {4362E18A-5416-4CA3-8D36-18CF7CE7EF8A}
ELIMINÉ FirewallRaz (Private) : {F1B94AE2-F6B0-4058-98D0-5B3517785E28}
ELIMINÉ FirewallRaz (Private) : {6F27A099-A6E2-49D0-8198-05EFAED23967}
ELIMINÉ FirewallRaz (Private) : {B9A73523-FC7E-42F2-B821-6E0248FE5812}
ELIMINÉ FirewallRaz (Private) : {34D065F3-058A-4456-99D4-3B2B49E44F32}
ELIMINÉ FirewallRaz (Private) : {ED5E5F4D-2964-4B65-980F-286DE148979A}
ELIMINÉ FirewallRaz (Private) : {0C9B45D6-8C99-4969-B2A6-43632223D8FE}
ELIMINÉ FirewallRaz (Private) : {69309560-0723-428E-8B24-6B34AF6F471C}
ELIMINÉ FirewallRaz (Private) : {0EFB5EB4-1C69-4D3A-8ADA-927F4EE36630}
ELIMINÉ FirewallRaz (Private) : {23D2A334-6E1A-44D4-8BB9-2746A7849510}
ELIMINÉ FirewallRaz (Private) : {6831A390-6BC4-4FF9-B06D-0C2B436341AA}
ELIMINÉ FirewallRaz (Private) : {CB616C16-760B-424B-9849-F4DE441F1672}
ELIMINÉ FirewallRaz (Private) : {A3201686-6C13-4C36-BC83-C85913CFD02E}
ELIMINÉ FirewallRaz (Private) : {EDA4D7B9-C1E1-49F9-B49A-0D0EB2637D7C}
ELIMINÉ FirewallRaz (Private) : {6A4492E9-24EA-4FCF-B62A-27896151B0E6}
ELIMINÉ FirewallRaz (Public) : {254D80A4-A844-4505-BF5D-AC51D6EEE6F3}
ELIMINÉ FirewallRaz (Public) : {74B60D15-B021-4870-8EB9-D204DF9921F6}
ELIMINÉ FirewallRaz (Private) : {ADF7E3D5-90B7-402E-82DD-1640E2C182C7}
ELIMINÉ FirewallRaz (Private) : {A94E6C6E-1AFD-4223-8547-3C0B29F8613F}
ELIMINÉ FirewallRaz (Private) : {364EB753-82CC-4151-AE65-C9D89E2E3560}
ELIMINÉ FirewallRaz (Private) : {23A29297-5AAB-4D39-B314-6BE72E027D98}
ELIMINÉ FirewallRaz (Private) : {9C63A46E-C241-4EB4-8181-1389C2878C20}
ELIMINÉ FirewallRaz (Private) : {B17492F5-0F90-49CE-8A53-F0581E5CF78B}
ELIMINÉ FirewallRaz (Private) : {71837E27-3CCC-423D-8632-75E12BCA5FD4}
ELIMINÉ FirewallRaz (Private) : {98D05C6C-D34E-4CAC-BD0C-429218C15A19}
ELIMINÉ FirewallRaz (Private) : {5DF7E2C8-373A-4E92-9176-535B8C332FF1}
ELIMINÉ FirewallRaz (Private) : {EB7AA14F-3E94-407F-8210-22412B2FA55C}
ELIMINÉ FirewallRaz (Private) : {C948BCAA-AF15-4583-9715-FEE5995AF709}
ELIMINÉ FirewallRaz (Private) : {F81F1F76-85B7-4E95-A32C-2D7607A7D42B}
ELIMINÉ FirewallRaz (Private) : {18E92FC3-FB2E-480F-B638-D26E954DEF4A}
ELIMINÉ FirewallRaz (Private) : {917EAF68-28A0-4C59-A5EE-5B7ED7BB31EA}
ELIMINÉ FirewallRaz (Private) : {F6B0D18D-CFE8-43F1-97AE-20D563CC5B78}
ELIMINÉ FirewallRaz (Private) : {C04EA5C1-E51D-44EF-B6D8-5986F969BC9B}
ELIMINÉ FirewallRaz (Private) : {DE325087-411F-4C49-92A2-DE23C360BB4C}
ELIMINÉ FirewallRaz (Private) : {4336158F-4862-45A6-A7B9-4B81C8E13C75}
ELIMINÉ FirewallRaz (Private) : {FF178DF7-E548-45BC-AC01-E2C2D3F9833C}
ELIMINÉ FirewallRaz (Private) : {5AFEA9A7-5EE1-4C4B-BA6E-5D7B463DEEE0}
ELIMINÉ FirewallRaz (Private) : {68319970-0F6D-48B2-BC3E-0424D3CDA00C}
ELIMINÉ FirewallRaz (Private) : {AC402314-0BBA-4CF8-B46E-B44A079E42BB}
ELIMINÉ FirewallRaz (Private) : {88F5DE28-4EE3-4CFE-8091-99C5FA98A91B}
ELIMINÉ FirewallRaz (Private) : {E9FE5234-9F2B-4978-9369-BE3B6F89DF00}
ELIMINÉ FirewallRaz (Private) : {EB3BA4E2-43FA-4242-8713-044F478165D8}
ELIMINÉ FirewallRaz (Private) : {9276CE77-38A2-4265-8B44-27BC928F98FD}
ELIMINÉ FirewallRaz (Private) : {78192540-F418-427F-9ADD-00A1355C350F}
ELIMINÉ FirewallRaz (Private) : {B190BE92-4801-4EC9-B3ED-4D61388932A0}
ELIMINÉ FirewallRaz (Private) : {9C3EA7AC-86B9-42B9-81C5-ABEFD53A48E7}
ELIMINÉ FirewallRaz (Private) : {7C4D3657-44F4-464F-82A3-5AD1CABD0555}
ELIMINÉ FirewallRaz (Private) : {F851E4E3-32E9-4966-A102-0A2129D215D1}
ELIMINÉ FirewallRaz (Private) : {06A7D4B0-7288-4803-BF94-8F9748CB1A90}
ELIMINÉ FirewallRaz (Private) : {FC88A3F8-4E97-4CFF-B44B-64E4F16BDDB6}
ELIMINÉ FirewallRaz (Private) : {DEAB5244-D7B4-42AF-A3EC-23B185034BFA}
ELIMINÉ FirewallRaz (Private) : {EA55A836-CA96-403D-8187-EEBF818AE706}
ELIMINÉ FirewallRaz (Private) : {4E2EEA24-4E24-4FF1-9F3B-81F3091CC713}
ELIMINÉ FirewallRaz (Private) : {4BF6292E-8F90-4C48-AA74-1856A59ED664}
ELIMINÉ FirewallRaz (Private) : {EE82C50E-5B3B-43BD-80D6-9EF49E3FD26B}
ELIMINÉ FirewallRaz (Private) : {F8E52709-7E43-4203-A61E-733384714C72}
ELIMINÉ FirewallRaz (Private) : {E7E67987-5644-49E3-9245-D2BC06087AD8}
ELIMINÉ FirewallRaz (Private) : {A3B23599-750A-459E-A3A2-BE9292AAA7A0}
ELIMINÉ FirewallRaz (Private) : {11C6C1EC-B092-4E38-ADA4-2BAE9F883BA4}
ELIMINÉ FirewallRaz (Private) : {FF629CB8-D48B-4296-A22E-4989A030F76F}
ELIMINÉ FirewallRaz (Private) : {35DECB37-D3FF-40EC-8069-5EDB4005F1A5}
ELIMINÉ FirewallRaz (Private) : {4E0A6303-7C99-43C0-A63C-FA7BA626414F}
ELIMINÉ FirewallRaz (Private) : {D613076C-2E8F-4D59-9719-271B28AC87D0}
ELIMINÉ FirewallRaz (Private) : {8191A2CB-C51B-48F1-8C01-D81C00C52D11}
ELIMINÉ FirewallRaz (Private) : {A68D5020-9346-4983-A3E1-B09ECDD15B39}
ELIMINÉ FirewallRaz (Private) : {9E56B704-685B-4C4D-96D2-DD30829E7D40}
ELIMINÉ FirewallRaz (Private) : {C0D2F289-70E6-4EAD-84C9-B111B9C58B6A}
ELIMINÉ FirewallRaz (Private) : {E6FCFFA3-F54D-43E2-972C-698D65B2D03D}
ELIMINÉ FirewallRaz (Private) : {880D227C-4091-4FFB-90C0-F989A7BC5E1E}
ELIMINÉ FirewallRaz (Private) : {6E18476D-9251-4ACA-9FD6-066BA71CF6D2}
ELIMINÉ FirewallRaz (Private) : {CB366178-229A-4332-BDBB-2A3C7B32C85B}
ELIMINÉ FirewallRaz (Private) : {1E65E83F-94BB-4C2C-85F3-A6CAD1AB5627}
ELIMINÉ FirewallRaz (Private) : {0A6E6903-D5F5-4564-94FE-3B958EDB9D6E}
ELIMINÉ FirewallRaz (Private) : {78EFD7CB-DBCE-4FC3-AC3A-5205E8EE070A}
ELIMINÉ FirewallRaz (Private) : {2384CBE6-BEF2-4733-BAC4-7487643E54DA}
ELIMINÉ FirewallRaz (Private) : {95A489A1-8878-48BB-9A31-12568261B443}
ELIMINÉ FirewallRaz (Private) : {DF93B571-004F-4EDE-B84B-D0FA01280D20}
ELIMINÉ FirewallRaz (Private) : {339D9481-7C19-4F8D-A504-2EBEA10888AD}
ELIMINÉ FirewallRaz (Private) : {682A40E6-A3CB-47C3-9561-E030D6D7C777}
ELIMINÉ FirewallRaz (Private) : {7E1D58D7-4C4A-4BA9-8CBD-3F4A0963E5E9}
ELIMINÉ FirewallRaz (Private) : {507C42EF-F0A3-4346-A935-4F5C080B6FCF}
ELIMINÉ FirewallRaz (Private) : {8FBEB8FA-F7B8-4B9A-A3FA-9726876FB8AF}
ELIMINÉ FirewallRaz (Private) : {B3FF2C99-E592-48B9-81F2-A17547757EDD}
ELIMINÉ FirewallRaz (Private) : {8A1142F5-C872-48FF-844C-E83DB7987A18}
ELIMINÉ FirewallRaz (Private) : {B856514B-C407-46BB-855B-069D78A72797}
ELIMINÉ FirewallRaz (Private) : {D56E042C-5ED2-41EB-985F-73FD30A2B97B}
ELIMINÉ FirewallRaz (Private) : {06A52727-81A2-43F0-8FDF-0D8AAFA1DF4A}
ELIMINÉ FirewallRaz (Private) : {395756F2-D051-4D25-B105-978A22989B72}
ELIMINÉ FirewallRaz (Private) : {4A609F40-F615-4C08-8BC1-3BE67EF02380}
ELIMINÉ FirewallRaz (Public) : {D505AF27-D5D1-4936-B16A-F820C91A5046}
ELIMINÉ FirewallRaz (Private) : {9552ADC3-7D3F-40D7-98B8-79974F7C092F}
ELIMINÉ FirewallRaz (Private) : {A2B71711-7E6D-4354-879B-7D34F0F82931}
ELIMINÉ FirewallRaz (Private) : {CDEE384A-3AA1-45C0-BA3B-AF3426C261BA}
ELIMINÉ FirewallRaz (Private) : {08733F9C-CBDD-45BA-A212-CFD2C52AFD23}
ELIMINÉ FirewallRaz (Private) : {BF3E4819-9DB8-4650-84B7-CF936DE7AF35}
ELIMINÉ FirewallRaz (Private) : {6A28BBE6-A563-45EC-A64E-A37480E9AEC9}
ELIMINÉ FirewallRaz (Private) : {F9EA13A9-F562-4DA5-83A9-1CE54F1D938A}
ELIMINÉ FirewallRaz (Private) : {D5FC09E3-9C3D-4F81-9D67-D90455B9C257}
ELIMINÉ FirewallRaz (Private) : {231C13BD-F854-428B-BC2C-61C4D8D657FA}
ELIMINÉ FirewallRaz (Private) : {3FE04583-EF67-4F71-9596-4E7DC4A5255F}
ELIMINÉ FirewallRaz (Private) : {56EA57D2-9DE0-4436-886A-4837CFE0A8AB}
ELIMINÉ FirewallRaz (Private) : {6CD5B89C-FC53-4953-A30D-D150FC854C5A}
ELIMINÉ FirewallRaz (Private) : {8537E206-21C8-4165-B25A-D4A60F94E0D3}
ELIMINÉ FirewallRaz (Private) : {0B9E3C65-1968-482F-99B1-F00C8BD02744}
ELIMINÉ FirewallRaz (Private) : {3B2A9C0B-2916-4E60-9F81-9952F466D317}
ELIMINÉ FirewallRaz (Private) : {5B567DF7-DA6E-4AFC-A720-AEAA1DB52600}
ELIMINÉ FirewallRaz (Private) : {CA808D6E-3089-41DF-956A-56172F5BFC53}
ELIMINÉ FirewallRaz (Private) : {D51EF6A5-5ECE-4FB9-B195-B7B511EE2610}
ELIMINÉ FirewallRaz (Private) : {47321AF6-00EE-4168-A130-53640F88C011}
ELIMINÉ FirewallRaz (Private) : {4D907172-FE50-405B-9B0A-83F6BCFF1AA3}
ELIMINÉ FirewallRaz (Private) : {79DC8A98-B765-4B43-A04C-D2409E7F6CC0}
ELIMINÉ FirewallRaz (Private) : {97714969-41BA-412E-AF69-6D6678A98D4E}
ELIMINÉ FirewallRaz (Private) : {46F19E37-98B3-491D-8BE6-D1399767CC87}
ELIMINÉ FirewallRaz (Private) : {D07001F1-A624-47D9-81D2-47FF7025472D}
ELIMINÉ FirewallRaz (Private) : {78523329-06DC-47DF-9C9D-E4B049F7D10C}
ELIMINÉ FirewallRaz (Private) : {9BFECBDF-14C0-49B4-9B55-554C1A701BC0}
ELIMINÉ FirewallRaz (Private) : {074CACF0-24DF-4F20-A350-EA72E6AAF5D2}
ELIMINÉ FirewallRaz (Private) : {F358F227-4502-4A13-91C6-E707C978A14B}
ELIMINÉ FirewallRaz (Private) : {5927BB04-A42D-44CC-83AD-B025B6A7F8E6}
ELIMINÉ FirewallRaz (Private) : {3C51FD42-608A-4872-98D2-D3FDA976DAB9}
ELIMINÉ FirewallRaz (Private) : {91B64984-54DA-4827-8045-8584C3ADE6BC}
ELIMINÉ FirewallRaz (Private) : {56CFBE4C-94AB-42C7-8906-461737C2E1D9}
ELIMINÉ FirewallRaz (Private) : {058DC0E4-35AD-4230-B48F-BDFC7D81AA3E}
ELIMINÉ FirewallRaz (Private) : {DEC9E409-5083-46B2-B8A5-94EDE145333B}
ELIMINÉ FirewallRaz (Private) : {3DD283D1-8757-4BCF-93BE-6199C37A6D4D}
ELIMINÉ FirewallRaz (Private) : {6FC2F98D-B521-4E3B-A292-3767B7B35674}
ELIMINÉ FirewallRaz (Private) : {2A95F493-63D1-4488-9776-D44BA73626E2}
ELIMINÉ FirewallRaz (Private) : {62393ADA-0307-4289-93FD-5666D93B76F3}
ELIMINÉ FirewallRaz (Private) : {321F0090-637E-4811-9835-71544ED23307}
ELIMINÉ FirewallRaz (Private) : {18716CA8-5252-4B01-9298-BCDF0781C645}
ELIMINÉ FirewallRaz (Private) : {91A004BE-0301-4D32-A6B0-0F311088F51B}
ELIMINÉ FirewallRaz (Private) : {5755D6B5-5CE6-4457-84ED-0282597CD7E5}
ELIMINÉ FirewallRaz (Private) : {A8095966-A0D7-4351-9ECB-96CC0F3A6FDE}
ELIMINÉ FirewallRaz (Public) : {9CADB8B6-1CCD-4DED-9B9A-33ECCBE7F7BD}
ELIMINÉ FirewallRaz (Private) : {2B285688-CB72-4F49-8B50-156909DA19F2}
ELIMINÉ FirewallRaz (Private) : {B33D995F-F7AC-42D2-B295-84ED129587BB}
ELIMINÉ FirewallRaz (Private) : {B1473787-9868-444C-BCF7-16FE5AC9D0FB}
ELIMINÉ FirewallRaz (Private) : {E6192489-4C78-46E5-8A0D-A8475B877D5E}
ELIMINÉ FirewallRaz (Private) : {17C9AFD1-6FEF-4E8A-B7C4-850DF3A7DD45}
ELIMINÉ FirewallRaz (Private) : {29A6D119-26FF-4FBA-A297-4F947AD58BFB}
ELIMINÉ FirewallRaz (Private) : {97ED8732-53E8-46F0-8D4A-C8B32A9323AE}
ELIMINÉ FirewallRaz (Private) : {D5879E0A-E6DD-4CB1-AB1B-21DDDFBDBFB3}
ELIMINÉ FirewallRaz (Private) : {43EA9097-0CA2-4389-B820-1A30AE50AA5B}
ELIMINÉ FirewallRaz (Private) : {5D8F2494-7114-456B-90F4-9CE7162A3F5C}
ELIMINÉ FirewallRaz (Private) : {5BF63C63-8924-4C5A-8640-CB3D8B88B6C8}
ELIMINÉ FirewallRaz (Private) : {48BF1C3D-7A50-4616-846E-DB177043EB8E}
ELIMINÉ FirewallRaz (Private) : {4A7ADA7C-389A-4F4F-8C6B-BF44947F9395}
ELIMINÉ FirewallRaz (Private) : {ECDDDF64-49B4-43D5-B34D-5D992EA663C8}
ELIMINÉ FirewallRaz (Private) : {5290C633-4120-4D52-8F3D-6230F0DDCAF7}
ELIMINÉ FirewallRaz (Private) : {4CF775A9-3460-48F6-9D59-48174D4BB8C4}
ELIMINÉ FirewallRaz (Private) : {7451D395-E14B-4008-9538-714A59459A35}
ELIMINÉ FirewallRaz (Private) : {3A651E19-66CF-4FE1-8CD5-5644E240B4B0}
ELIMINÉ FirewallRaz (Private) : {9DF21A74-E6CB-4CB9-8C40-D247E79C3D67}
ELIMINÉ FirewallRaz (Private) : {E65B019D-1087-454A-8D56-3AF969E4568F}
ELIMINÉ FirewallRaz (Private) : {5A732D4F-D678-4D04-8C4B-4E9853C2A028}
ELIMINÉ FirewallRaz (Private) : {4605B1F6-D54C-4F5C-8293-1508036E1A83}
ELIMINÉ FirewallRaz (Private) : {A72BF6B2-761B-4C72-8275-0BF6D1DB5E0F}
ELIMINÉ FirewallRaz (Private) : {0438906E-A036-43BE-B148-AD02F08F13B7}
ELIMINÉ FirewallRaz (Private) : {EA616F96-2299-49E4-9A99-D5B913525254}
ELIMINÉ FirewallRaz (Private) : {7D6D0469-622F-4CE3-8C26-7D3503A7B906}
ELIMINÉ FirewallRaz (Private) : {151088FF-F7FD-43D4-85DE-B72F37A84D8E}
ELIMINÉ FirewallRaz (Private) : {E17B1232-AAC0-4F3A-9469-B4582164BC1E}
ELIMINÉ FirewallRaz (Private) : {4585933D-9696-42FF-9F37-97418165563E}
ELIMINÉ FirewallRaz (Private) : {DB45D1A0-F5EF-49B4-AF86-BE101ACF695F}
ELIMINÉ FirewallRaz (Private) : {56FB521C-1B3D-45D1-8204-E1668A9B84A7}
ELIMINÉ FirewallRaz (None) : {F0B0CE2D-19E7-436A-8C12-9B74C0AFA5C5}
ELIMINÉ FirewallRaz (None) : {839D5CE0-F396-4E40-BDAE-B46713EE4926}
ELIMINÉ FirewallRaz (None) : {4DE9FB3E-B3F1-47EB-B210-8D9DB3EABDA7}
ELIMINÉ FirewallRaz (Private) : TCP Query User{FE542EFD-D9FA-4DD8-9F79-779C4BDE3927}C:\users\my\downloads\utorrent.exe
ELIMINÉ FirewallRaz (Private) : UDP Query User{4F4A9B1E-E8FF-4ECC-A90D-290FCFD3A7F9}C:\users\my\downloads\utorrent.exe
ELIMINÉ FirewallRaz (Private) : {4F02D593-A776-4AE2-A4D0-B1D558560EC3}
ELIMINÉ FirewallRaz (Private) : {C63B4956-3DAF-4B01-967E-51272BC870FD}
ELIMINÉ FirewallRaz (Public) : {ED53E188-2FED-4EA0-BD4E-4EB06D38FBE5}
ELIMINÉ FirewallRaz (Private) : {ACD1395A-A34A-4A42-8265-98722EB03835}
ELIMINÉ FirewallRaz (Public) : {39EBF665-2A1A-444B-99D2-55991E028901}
ELIMINÉ FirewallRaz (Public) : {357A7734-7230-4D03-8B6C-E9F703266DEE}
ELIMINÉ FirewallRaz (Public) : {6DF5943D-BA36-4580-AAE2-97C4CFCECDF5}
ELIMINÉ FirewallRaz (Private) : {05745CED-2F0D-4A79-B8F1-F994FAD65F1F}
ELIMINÉ FirewallRaz (Private) : {C98EE788-6D91-4EEC-A3BA-8B135FE4084F}
ELIMINÉ FirewallRaz (Private) : {BB898476-D0BB-4AED-94AD-183428B7CEE3}
ELIMINÉ FirewallRaz (Private) : {C518BE36-A5D9-4E5E-9C19-FFB08CBE61D8}
ELIMINÉ FirewallRaz (Private) : {F36BAC54-5456-4538-B9DB-B9284972F7CB}
ELIMINÉ FirewallRaz (Private) : {AE9ED4A6-4743-4642-B13B-C2BCC9E4CF12}
ELIMINÉ FirewallRaz (Private) : {5B217862-81B6-462B-A68F-A9550F473E4E}
ELIMINÉ FirewallRaz (Private) : {2C98C38B-9C09-4A0E-910F-053CDACE36FD}
ELIMINÉ FirewallRaz (Private) : {DED1B48D-6C5B-4E90-8EE8-8D2EC4D58F9C}
ELIMINÉ FirewallRaz (Private) : {8BB20F5A-BE82-491B-9C13-A8CC72953BDA}
ELIMINÉ FirewallRaz (Private) : {F992E32D-4474-4EFB-A6A1-633BA14536E0}
ELIMINÉ FirewallRaz (Private) : {D6BB2EE4-2E38-4EE9-9B78-6CFADBC892F5}
ELIMINÉ FirewallRaz (Private) : {56DA4FA2-697A-4B35-AF93-89EA1E992D94}
ELIMINÉ FirewallRaz (Private) : {CB5D10D7-3EBF-4946-B944-13DA8CC4307D}
ELIMINÉ FirewallRaz (Private) : {6193A22D-FD8C-42EF-9F9A-290413E2B6BD}
ELIMINÉ FirewallRaz (Private) : {C5A11C60-3E24-49AE-8F23-5012FA40C34F}
ELIMINÉ FirewallRaz (Private) : {D62E3710-D5BD-412E-A685-032D7A0800F7}
ELIMINÉ FirewallRaz (Private) : {ED64B82D-07B6-478C-839F-2ADCDC2C7517}
ELIMINÉ FirewallRaz (Private) : {87FDA416-60BB-4907-9EEC-A28B92A5F727}
ELIMINÉ FirewallRaz (Private) : {327BF59D-A6AC-43F7-A487-C789E43CF624}
ELIMINÉ FirewallRaz (Public) : {12C102BE-151A-42ED-8FD1-995A591F83CD}
ELIMINÉ FirewallRaz (Private) : {9DE17FC0-D6D2-4C3C-AACD-FD1AE138D033}
ELIMINÉ FirewallRaz (Private) : {93FB7337-C908-40FC-909B-38409EEFFC6D}
ELIMINÉ FirewallRaz (Private) : {B2C22318-A75D-4DD8-BBCE-D61ADC3806D6}
ELIMINÉ FirewallRaz (Private) : {7E263D3A-1249-4F34-87DA-59E662061F14}
ELIMINÉ FirewallRaz (Public) : {0AAADE79-34C8-45ED-BC31-149FCC86DA88}
ELIMINÉ FirewallRaz (Public) : {41F56935-5CEC-49EF-AA32-60625000691B}

========== Elementos dos dados do Registo ==========
ELIMINÉ Explorer Association Data Application: http://www.filefacts...rect.php?ext=%s

========== Preferências do navegador ==========
AGORA Chrome File: C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Preferences
AUSENTE Chrome Site: http://mystart.incredibar.com
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.admin", false);
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.aflt", "babsst");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.autoRvrt", "false");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.bbDpng", "24");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.cntry", "BR");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.dfltLng", "pt");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.excTlbr", false);
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.hdrMd5", "C1E0EA28026B7B86D822036AC137EB09");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.hpFFXOld", "http://www.google.com.br/");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.id", "284790bb000000000000705ab68ec19e");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.instlDay", "15941");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.instlRef", "sst");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.kwURLOld", "http://www.bing.com/....7DF&PC=UP97&q=");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.lastB", "http://www.google.com.br/");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.24.69:19:50");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.newTab", false);
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"72\",\"lastVrsn\":\"72\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\[...]
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.prtkDS", 0);
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.rvrt", "false");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.sg", "azb");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.smplGrp", "none");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.tlbrId", "base");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylo...705ab68ec1[...]
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.6");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.69:19:50");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.6");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar_i.babExt", "");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar_i.babTrack", "affID=123494&tsp=4984");
AUSENTE Mozilla Pref: user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
AUSENTE Mozilla Pref: user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
AUSENTE Mozilla Pref: user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
AUSENTE Mozilla Pref: user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
AUSENTE Mozilla Pref: user_pref("sweetim.toolbar.previous.keyword.URL", "");
AUSENTE Mozilla Pref: user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
AUSENTE Mozilla Pref: user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
AUSENTE Mozilla Pref: user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
AUSENTE Mozilla Pref: user_pref("sweetim.toolbar.searchguard.enable", "false");
AUSENTE Mozilla Pref: user_pref("aol_toolbar.default.homepage.check", false);
AUSENTE Mozilla Pref: user_pref("aol_toolbar.default.search.check", false);

========== Pastas ==========
ELIMINÉ: C:\Users\My\AppData\Local\{194AAE55-F989-48AB-9D7A-2A1F6A742BFD}
ELIMINÉ: C:\Users\My\AppData\Local\{1E4B2EC7-CF2D-48FE-BD5F-EDF5A4012733}
ELIMINÉ: C:\Users\My\AppData\Local\{30E77B6A-C917-446F-8CBF-596BBB19DFBC}
ELIMINÉ: C:\Users\My\AppData\Local\{50494F92-C788-44E6-BDB1-76FFEFE27F9B}
ELIMINÉ: C:\Users\My\AppData\Local\{58947618-EAA3-4D61-9973-FDCD1B39B226}
ELIMINÉ: C:\Users\My\AppData\Local\{6CE53753-37E3-4ECE-8D61-CA3841A94DB0}
ELIMINÉ: C:\Users\My\AppData\Local\{CC521DBE-4809-4C96-A0F8-ACC4EF077B63}
ELIMINÉ: C:\Users\My\AppData\Local\{E95C434A-C8A4-401A-B81E-246DD92C5151}
ELIMINÉ: C:\Users\My\AppData\Local\{EF5935AF-45B9-4AA4-85B8-A1A2B0C1257D}

========== Ficheiros ==========
ELIMINÉ File: c:\users\my\appdata\local\temp\down.4248.assistant_v3.exe
ELIMINÉ File: c:\users\my\appdata\local\temp\fbinstupd.exe
ELIMINÉ *: c:\users\my\appdata\local\temp\lkaseoihcaig.exe
ELIMINÉ File: c:\users\my\appdata\local\temp\sqlite3.dll
ELIMINÉ ***: c:\program files (x86)\internet explorer\updater.exe
ELIMINA REINICIAR c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ File: c:\windows\prefetch\hpsf_tasks.exe-9ffdf802.pf
ELIMINÉ File: C:\Program Files (x86)\Internet Explorer\cr_addon.crx
ELIMINÉ Temporários windows
ELIMINÉ Flash Cookies

========== Tarefa planificada ==========
ELIMINÉ Task: Parker
ELIMINÉ Task: Tasker
ELIMINÉ Task: Wisker
ELIMINÉ Task: {CA4AF682-49C2-49F6-8BD2-7C47C346E96A}
ELIMINÉ Task: BHO updater


========== Recapitulativo ==========
4 : Processo memória
1 : Modulos memória
60 : Chaves do Registo
286 : Valores do Registo
1 : Elementos dos dados do Registo
9 : Pastas
10 : Ficheiros
1 : Softwares
46 : Preferências do navegador
5 : Tarefa planificada


End of clean in 00mn 44s

========== Caminho do ficheiro do relatório ==========
C:\ZHP\ZHPFix[R1].txt - 27/05/2012 21:34:40 [58208]
C:\ZHP\ZHPFix[R2].txt - 09/09/2013 22:43:06 [32640]
 

vlw


  • 0

#6 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.057 posts

Postado 09 setembro 2013 - 23:16

Boa Noite! RafaeL Icassati2

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < 51a612a8b27e2-Zoek.png zoek.exe >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;
ffdefaults;
autoclean;
emptyalltemp;


|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".
 

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

Zoek_Reboot_zpscf60b3cf.jpg

|- Aceite e/ou confirme o reboot!
 

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

At+

 


  • 0

#7 RafaeL Icassati 2

RafaeL Icassati 2
  • Membros
  • 41 posts

Postado 10 setembro 2013 - 07:56

Boa noite DigRam!


Zoek.exe Version 4.0.0.4 Updated 07-September-2013
Tool run by My on 10/09/2013 at  7:44:05,01.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\My\Desktop\zoek.exe [Script inserted]

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.qvo6.com/...6&ts=1378809743");
user_pref("browser.newtab.url", "http://www.qvo6.com/...6&ts=1378809743");
user_pref("browser.search.defaultenginename", "qvo6");
user_pref("browser.search.selectedEngine", "qvo6");
user_pref("browser.search.order.1", "qvo6");
user_pref("keyword.URL", "");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.co...oogle Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.co...oogle Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default

---- Lines qvo6 removed from prefs.js ----


---- Lines qvo6 modified from prefs.js ----


---- Lines qvo6 removed from user.js ----


---- Lines qvo6.com removed from prefs.js ----


---- Lines qvo6.com modified from prefs.js ----


---- Lines qvo6.com removed from user.js ----


---- Lines babylon removed from prefs.js ----


---- Lines babylon modified from prefs.js ----


---- Lines babylon removed from user.js ----


---- Lines iminent removed from prefs.js ----

user_pref("iminent.displayFavLinks", "1");
user_pref("iminent.enabledAds", "false");
user_pref("iminent.LayoutId", "1");
user_pref("iminent.registerToolbarEvent100", "1378206466733");
user_pref("iminent.registerToolbarEvent101", "1377740592682");
user_pref("iminent.registerToolbarEvent102", "1378208122780");
user_pref("iminent.registerToolbarEvent105", "1377517124552");
user_pref("iminent.registerToolbarEvent109", "1378254605256");
user_pref("iminent.registerToolbarEvent110", "1378171257592");
user_pref("iminent.registerToolbarEvent111", "1378254605261");
user_pref("iminent.registerToolbarEvent112", "1378254606192");
user_pref("iminent.registerToolbarEvent122", "1378254605267");
user_pref("iminent.registerToolbarEvent140", "1378170525011");
user_pref("iminent.ShowThankyouPixel", "0");
user_pref("iminent.version", "7.35.1.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.33.3.1\",\"InstallEventCTime\":1377349195759,\"InstallEvent\":\"True\",\"UpdateEventCTime\":1378255206184}");

---- Lines iminent modified from prefs.js ----


---- Lines iminent removed from user.js ----


---- Lines ilivid removed from prefs.js ----


---- Lines ilivid modified from prefs.js ----


---- Lines ilivid removed from user.js ----


---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 3);

---- Lines browser.startup.page modified from prefs.js ----


---- Lines browser.startup.page removed from user.js ----


---- FireFox user.js and prefs.js backups ----

user_092013_0749_.backup
prefs_072013_0848_.backup
prefs_072013_2006_.backup
prefs_092013_0749_.backup

==== Deleting Files \ Folders ======================

"C:\Users\My\AppData\Roaming\Vso" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default
- Undetermined - %ProfilePath%\extensions\data
- Modulo de Seguranca - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
- Guardiao Itau Unibanco - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
- Facebook Video Pack - %ProfilePath%\extensions\brasilescapefive@facebook.com.xpi
- FireFTP - %ProfilePath%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==== Firefox Plugins ======================

Profilepath: C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default
D7324EB1EDCB8990F8522DE0311359E9    - C:\Windows\SysWOW64\npDeployJava1.dll -    Java Deployment Toolkit 7.0.250.17
0C8597DBC74AAF5179471BA013E3C6B4    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll -    Shockwave Flash
C899B98999270821EDFFA56044DE2377    - C:\Users\My\AppData\Roaming\raidcall\plugins\nprcplugin.dll -    Raidcall plugin
DAD55CEF682EAE6FA7B4C9487563A496    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll -    Shockwave for Director / Shockwave for Director
F7E675EBDE6DA3A1665F2DCFA683322F    - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll -    Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF    - C:\Windows\SysWOW64\npmproxy.dll -    Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ifohbjbgfchkkfhphahclmkpgejiplfo - \User Data\Default\Extensions\newtab.crx[09/09/2013 22:05]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02/10/2012 11:14]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nikpibnbobmbdbheedjfogjlikpgpnhp - No path found[]

savvenshhaRE - My - Default\Extensions\docopeapmjnpbhncckopcahblepeiifh
DealPly Shopping - My - Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi
Browser Helper Object - My - Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc
Skype Click to Call - My - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Advanced SystemCare Surfing Protection - My - Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd

==== Chrome Fix ======================

\User Data\Default\Extensions\newtab.crx deleted successfully
C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi deleted successfully
C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejnmnhkgiphcaeefbaooconkceehicfi_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft....k/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft....k/?LinkId=69157"
"Start Page"="http://go.microsoft....k/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft....k/?LinkId=69157"
"Start Page"="http://go.microsoft....k/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...Box&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.co...age={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9cf699ca-2174-4ed8-bec1-ba82095edce0} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1825749246-3439649273-815915689-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{9cf699ca-2174-4ed8-bec1-ba82095edce0} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\My\Desktop\Dreamweaver - Atalho.lnk - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe
C:\Users\My\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
C:\Users\My\Desktop\JCreator Pro.lnk - C:\Program Files (x86)\Xinox Software\JCreatorV5\JCreator.exe
C:\Users\My\Desktop\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\My\Desktop\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Users\My\Desktop\Andre\musica\Imagens - Atalho.lnk - C:\Users\My\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
C:\Users\My\Desktop\cida\IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
C:\Users\My\Desktop\ \Perfect World.lnk -  
C:\Users\My\Desktop\ \Nero\Advanced SystemCare 6.lnk -  
C:\Users\My\Desktop\ \Nero\Boilsoft Video Splitter.lnk -  
C:\Users\My\Desktop\ \Nero\Central de Soluções HP.lnk -  
C:\Users\My\Desktop\ \Nero\HP Photosmart Essential 3.5.lnk -  
C:\Users\My\Desktop\ \Nero\Loja de Suprimentos HP.lnk -  
C:\Users\My\Desktop\ \Nero\Nero BackItUp 10.lnk -  
C:\Users\My\Desktop\ \Nero\Nero Burning ROM 10.lnk -  
C:\Users\My\Desktop\ \Nero\Nero MediaHub 10.lnk -  
C:\Users\My\Desktop\ \Nero\Nero StartSmart 10.lnk -  
C:\Users\My\Desktop\ \Nero\Nero Vision 10.lnk -  
C:\Users\My\Desktop\ \Nero\NitroPC.lnk -  
C:\Users\My\Desktop\ \Nero\Nokia Suite.lnk -  
C:\Users\My\Desktop\ \Nero\Total Video Converter.lnk -  
C:\Users\My\Desktop\ \Nero\Total Video Player.lnk -  
C:\Users\My\Desktop\ \Nero\Uninstaller.lnk -  
C:\Users\My\Desktop\ \Nero\µTorrent.lnk -  

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Application Manager.lnk - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe --appletID=CCM_UI --appletVersion=1.0 --workflow=CCM_workflow_launch
C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Receitanet 1.03 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\Public\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Users Start Menu ======================

C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/...6&ts=1378807998
C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/...6&ts=1378807998
C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart Webcam.lnk - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\HPMediaSmartWebcam.exe /MS

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.qvo6.com/...6&ts=1378807998
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JCreator Pro\JCreator 5.00 Pro.lnk - C:\Program Files (x86)\Xinox Software\JCreatorV5\JCreator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Blend 4.lnk - C:\Program Files (x86)\Microsoft Expression\Blend 4\Blend.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Design 4.lnk - C:\Program Files (x86)\Microsoft Expression\Design 4\Design.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Encoder 4 Screen Capture.lnk - C:\Program Files (x86)\Microsoft Expression\Encoder 4\EEScreen.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Encoder 4 SDK.lnk - C:\Program Files (x86)\Microsoft Expression\Encoder 4\SDK
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Encoder 4.lnk - C:\Program Files (x86)\Microsoft Expression\Encoder 4\Encoder.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Web 4 SuperPreview.lnk - C:\Program Files (x86)\Microsoft Expression\Web 4\SuperPreview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Web 4.lnk - C:\Program Files (x86)\Microsoft Expression\Web 4\ExpressionWeb.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Blend 3 SDK\Expression Blend 3 SDK Documentation.lnk - C:\Program Files (x86)\Microsoft SDKs\Expression\Blend 3\Help\en\BlendSDK.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Blend SDK\Expression Blend SDK Documentation.lnk - C:\Program Files (x86)\Microsoft SDKs\Expression\Blend\Silverlight\v4.0\Help\en\Silverlight40BlendSDK.chm

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/...6&ts=1378807998
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -  
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/...6&ts=1378807998
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Live Messenger.lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\firefox - Atalho.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.qvo6.com/...6&ts=1378807998
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== shortcuts After Repair ======================

C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\firefox - Atalho.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: PSafe ClikSeguro - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: (no name) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - (no file)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GBPLUGIN\gbiehuni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\My\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://*.cga.com.cn
O15 - Trusted Zone: http://*.ogdev.net
O15 - Trusted Zone: http://*.sdo.com
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Users\My\AppData\Local\DProtect\eBP.dll,C:\Users\My\AppData\Local\DProtect\eBPSD.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DPService - Woodtale Technology Inc - C:\Users\My\AppData\Local\DProtect\DProtectSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\My\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\My\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\My\AppData\Local\Mozilla\Firefox\Profiles\1q6lsz8d.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\My\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\My\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\My\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\users\My\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HADW46P6\tag.userreport.com"  not found

==== EOF on 10/09/2013 at  7:53:45,65 ======================

 

vlw


  • 0

#8 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.057 posts

Postado 10 setembro 2013 - 10:27

Bom Dia! RafaeL Icassati2

|- Praticamente,seus logs estão limpos!
|- Abra a pasta ZHPDiag que foi estabelecida e execute arquivo "unins000.exe".
|- Mas... uma verificação com a OTS ou OTL seria,caso queira,como diagnóstico. No caso,estou-lhe pedindo a OTS,que deve vir após a ferramenta DelFix.
|- Não desejando esse scan,aborte e siga com a DelFix,para encerrarmos o Tópico.

|- Tudo Ok?


-/-

|- Baixe: |DelFix| ( ... de Xplode )

DelFix_SetaVerde.jpg

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

aciCkcnc.jpg

|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".

|- Baixe: < 331oifp.png > ( ... by Old Timer )

|- Salve-o no desktop ou C:\.
|- Duplo-clique em OTS.exe.
|- Ps: Para Windows Vista ou 7,dê clique direito e execute OTS.exe como administrador.

adpvC8bl.jpg

|- Na opção "Additional Scans",clique em "Extras".
|- Marque as caixinhas:

[] Reg - NetSvcs
[] File - Lop Check

64bitscan.png

|- Para SO 64 bits,marque a caixinha!

|- Em "Basic Scans",marque as caixinhas:

[] Use Company Name Whitelist
[] Skip Microsoft Files

|- Verifique: 250ii3s.png & n19ytt.png
 

%systemdrive%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%programfiles%\*.*
%localappdata%\*.exe
%localappdata%\*.txt
%localappdata%\*.ini
%localappdata%\*.dll
%localappdata%\*.dat
%userprofile%\*.exe
%userprofile%\*.txt
%userprofile%\*.ini
%userprofile%\*.dll
%userprofile%\*.dat /30
%appdata%\*.*
%systemroot%\system32\tasks\*.*
%windir%\tasks\*.*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT


OTS_CustomScans.jpg

|- Copie e cole estas informações que estão no Code,para o campo "Custom Scans".
|- À seguir,clique em 2lasxtt.png

|- Ao concluir,abrir-se-á o Bloco de Notas,com o relatório. ( OTS.txt )
|- Poste-o em sua resposta!
|- Acesse para isso! ( cjoint.com ou myfile.tk )

Abs!

 


  • 0

#9 RafaeL Icassati 2

RafaeL Icassati 2
  • Membros
  • 41 posts

Postado 10 setembro 2013 - 20:37

Boa noite DigRam!

 

# DelFix v10.4 - Logfile created 10/09/2013 at 19:54:19
# Updated 19/07/2013 by Xplode
# Username : My - MY-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\ZHP
Deleted : C:\Program Files (x86)\ZHPDiag
Deleted : C:\Program Files (x86)\Hijackthis
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\ComboFix.txt
Deleted : C:\PhysicalDisk0_MBR.bin
Deleted : C:\TDSSKiller.2.8.16.0_20.07.2013_22.28.54_log.txt
Deleted : C:\ZHPDiag2.exe
Deleted : C:\zoek-results.log
Deleted : C:\Users\My\Desktop\OTS.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #375 [Windows Update | 09/03/2013 05:58:43]
Deleted : RP #376 [Removed Bonjour | 09/03/2013 10:58:45]
Deleted : RP #377 [Installed Java 7 Update 25 | 09/04/2013 10:43:34]
Deleted : RP #378 [Windows Update | 09/06/2013 18:25:29]
Deleted : RP #379 [Removed Google Drive | 09/08/2013 01:45:12]
Deleted : RP #380 [Removed Validity Sensors DDK | 09/08/2013 01:49:14]
Deleted : RP #381 [Removed Facebook Video Calling 1.2.0.287 | 09/10/2013 01:52:05]
Deleted : RP #382 [Configurado MediaSmart DVD | 09/10/2013 02:04:11]
Deleted : RP #383 [Windows Update | 09/10/2013 10:17:38]

New restore point created !

########## - EOF - ##########
 

http://cjoint.com/?CIlbJ2Oe7Bb

 

vlw!


  • 0

#10 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.057 posts

Postado 11 setembro 2013 - 10:21

Bom Dia! RafaeL Icassati2
 
|- Abra a ferramenta OTS.
 
[Unregister Dlls]
[Registry - Safe List] 
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.qvo6.com/...6&ts=1378775119
YN -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://search.qvo6.c...6&ts=1378775120
YN -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://search.qvo6.c...6&ts=1378775120
< FireFox Settings [Prefs.js] > -> C:\Users\My\AppData\Roaming\Mozilla\FireFox\Profiles\1q6lsz8d.default\prefs.js
YN -> "qvo6" -> browser.search.order.3
YN -> "qvo6" -> browser.search.useDBForOrder
[Registry - Additional Scans - Safe List] 
YN ->  [2012/08/16 04:51:40 | 006,670,496 | ---- | M] (Microsoft Corporation) "{722DC91D-A2EF-488A-9A5F-B27D7BDFD991}" [HKLM] -> Reg Error: Key error. [PSafe]
YN ->  [2012/08/16 04:51:40 | 006,670,496 | ---- | M] (Microsoft Corporation) "{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}" [HKLM] -> Reg Error: Key error. [PSafeOL]
YN -> "{35B6525E-071A-4EA9-B3BD-F6A742572F08}" [HKLM] -> Reg Error: Key error. [PSafe LockBox]
YN ->  [2011/07/04 05:38:44 | 000,443,728 | ---- | M] (Microsoft Corporation) "{722DC91D-A2EF-488A-9A5F-B27D7BDFD991}" [HKLM] -> Reg Error: Key error. [PSafe]
YN ->  [PSafeOL] -> File not found 
YN -> 31/08/2013 16:15:49 Computer Name = My-PC | Source = Iminent | ID = 0 -> Description = Application [ Error ] 
YN -> 31/08/2013 21:05:03 Computer Name = My-PC | Source = Iminent | ID = 0 -> Description = Application [ Error ] 
YY ->  [2013/09/10 07:52:38 | 000,000,000 | ---D | C] AdwCleaner -> C:\AdwCleaner
YY ->  [2013/09/09 22:11:04 | 000,000,000 | ---D | C] DProtect -> C:\Users\My\AppData\Local\DProtect
YY ->  [2013/09/09 22:05:20 | 000,000,000 | ---D | C] BprotectEx.sys -> C:\Windows\SysNative\drivers\BprotectEx.sys
YY ->  [2013/09/04 07:52:30 | 000,076,096 | ---- | C] (Baidu, Inc.) Baidu Security -> C:\Users\Public\Documents\Baidu Security
YY ->  [2009/07/13 22:38:58 | 000,383,562 | RHS- | M] () DelFix.txt -> C:\DelFix.txt
[Alternate Data Streams] 
NY -> @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1 
 
[empty temp folders]
[EmptyFlash] 
[reboot]
 
|- Cole estas informações logo àcima,no campo: "Paste Fix Here"
 
OTS_RunFix.jpg
 
|- Clique em Run Fix --> Aguarde!
|- Terminando,poste o relatório: C:\_OTS\MovedFiles\OTS.txt
 
A+ 

Editado por DigRam, 11 setembro 2013 - 13:23 .

  • 0

#11 RafaeL Icassati 2

RafaeL Icassati 2
  • Membros
  • 41 posts

Postado 11 setembro 2013 - 23:32

Boa noite DigRam!

o computador tá 95% melhor, só o maldito qvo6 que não sai de forma alguma.

obrigado pela ajuda!

 

All Processes Killed
[Registry - Safe List]
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\\CustomizeSearch deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\\SearchAssistant deleted successfully.
[Registry - Additional Scans - Safe List]
Registry key \ not found.
Registry key \ not found.
Registry key \ not found.
Registry key \ not found.
Registry key \ not found.
Registry key \ not found.
Registry key \ not found.
Registry key \ not found.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\Extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome\content folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\Extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}\chrome folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\Extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979} folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\Extensions folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Mozilla\Firefox folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Mozilla folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming\Microsoft folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData\Roaming folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My\AppData folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users\My folder moved successfully.
C:\AdwCleaner\Quarantine\C\Users folder moved successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs folder moved successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu folder moved successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows folder moved successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft folder moved successfully.
C:\AdwCleaner\Quarantine\C\ProgramData folder moved successfully.
C:\AdwCleaner\Quarantine\C folder moved successfully.
C:\AdwCleaner\Quarantine folder moved successfully.
C:\AdwCleaner\Backup\C\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\piponpp5.default-1378857008859 folder moved successfully.
C:\AdwCleaner\Backup\C\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles folder moved successfully.
C:\AdwCleaner\Backup\C\Users\My\AppData\Roaming\Mozilla\Firefox folder moved successfully.
C:\AdwCleaner\Backup\C\Users\My\AppData\Roaming\Mozilla folder moved successfully.
C:\AdwCleaner\Backup\C\Users\My\AppData\Roaming folder moved successfully.
C:\AdwCleaner\Backup\C\Users\My\AppData folder moved successfully.
C:\AdwCleaner\Backup\C\Users\My folder moved successfully.
C:\AdwCleaner\Backup\C\Users folder moved successfully.
C:\AdwCleaner\Backup\C folder moved successfully.
C:\AdwCleaner\Backup folder moved successfully.
C:\AdwCleaner folder moved successfully.
Registry key \ not found.
C:\Users\My\AppData\Local\DProtect\log folder moved successfully.
Folder move failed. C:\Users\My\AppData\Local\DProtect scheduled to be moved on reboot.
Registry key \ not found.
C:\Windows\SysNative\drivers\BprotectEx.sys moved successfully.
Registry key \ not found.
C:\Users\Public\Documents\Baidu Security\PC Faster folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Bav\Dump\3.7.1.39149 folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Bav\Dump folder moved successfully.
C:\Users\Public\Documents\Baidu Security\Bav folder moved successfully.
C:\Users\Public\Documents\Baidu Security folder moved successfully.
Registry key \ not found.
C:\DelFix.txt moved successfully.
[Alternate Data Streams]
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
File  not found!
[empty temp folders]
 
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: My
->Temp folder emptied: 2400655 bytes
->Temporary Internet Files folder emptied: 4046669 bytes
->Java cache emptied: 160 bytes
->FireFox cache emptied: 82528923 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57528 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65500 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
RecycleBin emptied: 732955245 bytes
 
Total Files Cleaned = 784,00 mb
 
< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 09112013_225321

Files\Folders moved on Reboot...
C:\Users\My\AppData\Local\DProtect\log folder moved successfully.
Folder move failed. C:\Users\My\AppData\Local\DProtect scheduled to be moved on reboot.
C:\Users\My\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\My\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...

 

t+
 

 

edit:

 

Oi DigRam, postando de novo pra dizer que eu consegui tirar o qvo6, que estava afetando o meu browser, tanto o mozilla, quanto o IE.

 

 

eu só precisei excluir o mecanismo de Busca do qvo6 do mozilla, depois saiu com o adwcleaner, log:

 

# AdwCleaner v3.003 - Relatório criado 11/09/2013 no 23:22:50
# Atualizado 07/09/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : My - MY-PC
# Executando de : C:\Users\My\Desktop\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletado : WsysSvc

***** [ Arquivos / Pastas ] *****

Pasta Deletado : C:\ProgramData\eSafe

***** [ Atalhos ] *****

Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Atalho Desinfectada : C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registro ] *****

Chave Deleteda : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Chave Deleteda : HKLM\Software\eSafeSecControl
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSysControl

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (pt-BR)

[ Arquivo : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\piponpp5.default-1378857008859\prefs.js ]

Linha deletada : user_pref("browser.newtab.url", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&utm_campaign=eXQ&utm_content=hp&from=amt&uid=WDCXWD5000BEKT-60KA9T0_WD-WXA1E51AVM26AVM26&ts=1378951030");
Linha deletada : user_pref("browser.search.defaultenginename", "qvo6");
Linha deletada : user_pref("browser.search.order.1", "qvo6");
Linha deletada : user_pref("browser.search.selectedEngine", "qvo6");

*************************

AdwCleaner[R2].txt - [3260 octets] - [11/09/2013 23:22:17]
AdwCleaner[S2].txt - [2109 octets] - [11/09/2013 23:22:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2169 octets] ##########

 

 

 

 

novo log:

 

 

 

# AdwCleaner v3.003 - Relatório criado 11/09/2013 no 23:26:41
# Atualizado 07/09/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : My - MY-PC
# Executando de : C:\Users\My\Desktop\adwcleaner.exe
# Opção : Examinar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (pt-BR)

[ Arquivo : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\piponpp5.default-1378857008859\prefs.js ]


*************************

AdwCleaner[R2].txt - [3260 octets] - [11/09/2013 23:22:17]
AdwCleaner[R3].txt - [715 octets] - [11/09/2013 23:26:41]
AdwCleaner[S2].txt - [2249 octets] - [11/09/2013 23:22:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [834 octets] ##########


 


Editado por RafaeL Icassati 2, 11 setembro 2013 - 23:33 .

  • 0

#12 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.057 posts

Postado 12 setembro 2013 - 00:01

Boa Noite! RafaeL Icassati2

|- Abra a OTS e clique CleanUp.
|- Confirme o reboot!

-/-

|- Caso deseje otimizar o PC,temos o JetClean + JetBoost.

|- Baixe: < JetClean 1.5.0 > ( ... by BlueSprig.com )

< Maiores informações! > << Leia aqui!

|- Salve-o em Arquivos de programas. ( jetclean-setup.exe )

adzVh9sP.jpg

|- Instale o software e na guia "1-Click",escolha a opção "Registry Clean".
|- Vá em "Scan Now" e escolha: Shut down PC after Repair

adkBv5Jp.jpg

|- Ou escolhendo a opção "Scan & Repair",sem o reboot do PC.

< JetBoost >

adcx3QVr.jpg

|- À seguir,tente melhorar a performance com o JetBoost.
|- Informe!


A+


Editado por DigRam, 12 setembro 2013 - 00:09 .
Corrigir opção ao JetClean.

  • 0

#13 RafaeL Icassati 2

RafaeL Icassati 2
  • Membros
  • 41 posts

Postado 12 setembro 2013 - 08:50

Bom dia, DigRam! o computador está bem melhor!

Muito obrigado, pela  ajuda!

 

nenhum dos programas gereram Log's, então só vou postar um ultimo log do Hijackthis e se

estiver limpo pode dar um "closed", obrigado novamente!

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:44:50, on 12/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Users\My\Desktop\ \Nero\WinAVI 9.0 Portable\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/...6&ts=1378857322
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/...6&ts=1378857322
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: PSafe ClikSeguro - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: (no name) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - (no file)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GBPLUGIN\gbiehuni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [NitroPC] "C:\Program Files (x86)\NitroPC\NitroPC.exe" -minimized
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://*.cga.com.cn
O15 - Trusted Zone: http://*.ogdev.net
O15 - Trusted Zone: http://*.sdo.com
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12700 bytes
 

T+


  • 0

#14 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.057 posts

Postado 12 setembro 2013 - 10:14

Bom Dia! RafaeL Icassati2

|- O "qvo6.com",ainda,retorna na configuração do navegador IE10.

-/-

|- Abra o HijackThis.
|- Clique: "Do a system scan only"

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/...6&ts=1378857322

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/...6&ts=1378857322


O2 - BHO: PSafe ClikSeguro - {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} - (no file)

 

O2 - BHO: (no name) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - (no file)

|- Marque,àcima,estas entradas que estão em vermelho!
|- Após marca-las,clique "Fix Cheked". << Marque as que encontrar!
|- Se você abre seu navegador clicando em atalhos,procure deletá-los e estabelecer novos atalhos.

-/-

|- Clique com o botão direito do mouse no atalho do IE,caso o abra utilizando esse ícone.
|- Selecione: "Propriedades"
|- Na aba "Atalho", na lacuna ao lado de Destino,coloque com aspas:

"C:\Program Files\Internet Explorer\iexplore.exe"

|- Clique "Aplicar" -> OK.

"C:\Program Files\Internet Explorer\iexplore.exe""xxxxx...xx"

|- Ou remova as informações "xxxxx...xx",após ...\iexplore.exe"

acoBcfrx.jpg

|- Ps: Procure deixar,conforme a screenshot.
|- Poste,à seguir,novo relatório do HijackThis.

At+


Editado por DigRam, 12 setembro 2013 - 10:16 .

  • 0

#15 RafaeL Icassati 2

RafaeL Icassati 2
  • Membros
  • 41 posts

Postado 12 setembro 2013 - 23:01

Boa noid, DigRam!

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:00:30, on 12/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Users\My\Desktop\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GBPLUGIN\gbiehuni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [NitroPC] "C:\Program Files (x86)\NitroPC\NitroPC.exe" -minimized
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://*.cga.com.cn
O15 - Trusted Zone: http://*.ogdev.net
O15 - Trusted Zone: http://*.sdo.com
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12448 bytes

 t+


  • 0

#16 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.057 posts

Postado 12 setembro 2013 - 23:07

Boa Noite! RafaeL Icassati2

 

|- O relatório do HijackThis veio limpo!

|- O malware,ainda,o incomoda?

 

A+


  • 0

#17 RafaeL Icassati 2

RafaeL Icassati 2
  • Membros
  • 41 posts

Postado 13 setembro 2013 - 07:49

Bom dia, DigRam!

não apareceu mais, mas eu também não uso o IE, mas abri para verificar e não apareceu nada, está limpo!

Obrigado novamente pela ajuda!


  • 0

#18 DigRam

DigRam

    Equipe iMasters

  • Moderadores
  • 6.057 posts

Postado 13 setembro 2013 - 08:01

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
  • 0




Publicidade

/ins>