Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Rafael Icassati

[Arquivado] extensão YtubeAdsRemover

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Rafael Icassati    0

Rafael Icassati
Postado

Boa tarde! Meu Chrome e Explorer estão apresentando essa extensão (YtubeAdsRemover), é uma extensão que não é possível excluir e ele não aparece no c\ProgramData

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:42:09, on 22/03/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16843)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Users\bru_b_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\BRU_B_~1\AppData\Local\Temp\Rar$EXa0.733\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1209\1.0.1209\TmopIEPlg32.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll
O2 - BHO: YTTubEAdsRaemoover - {CD9DA8AB-2726-DBFC-FAA4-AA19CF2435A2} - C:\ProgramData\YTTubEAdsRaemoover\iV4W.dll (file missing)
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [skyDrive] "C:\Users\bru_b_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [c49] C:\Users\bru_b_000\AppData\Roaming\d2\c49.js
O4 - HKCU\..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
O4 - HKCU\..\Run: [uTorrent] "C:\Users\bru_b_000\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
O4 - HKCU\..\RunOnce: [uninstall C:\Users\bru_b_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bru_b_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1209\1.0.1209\TmopIEPlg32.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\gsb779~1.ena
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11056 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! Rafael Icassati

 

|- Baixe: < zoek > ( ... by Smeenk )
|- Ou aqui! < 51a612a8b27e2-Zoek.pngzoek.exe >
|- Salve-o e descompacte-o para o desktop!
|- Estarão disponíveis: zoek.com, zoek.scr, zoek.pif e zoek.exe
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.
hijackthis;
iedefaults;
chromelook;
shortcutfix;
autoclean;
emptyalltemp;
|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.

Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

 

|- Surgirão estas informações,pedindo-lhe que aguarde o surgimento do relatório.
|- Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
Zoek_Reboot_zpscf60b3cf.jpg
|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.

Restart computer, and try again.

 

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<
Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Rafael Icassati    0

Rafael Icassati
Postado
Boa noite DigRam!


Zoek.exe v5.0.0.0 Updated 07-March-2014

Tool run by bruna_000 on 30/03/2014 at 19:58:43,80.

Microsoft Windows 8 Single Language 6.2.9200 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\bruna_000\Desktop\zoek.exe [scan all users] [script inserted]


==== System Restore Info ======================


30/03/2014 19:59:39 Zoek.exe System Restore Point Created Succesfully.


==== Deleting CLSID Registry Keys ======================



==== Deleting CLSID Registry Values ======================



==== Deleting Services ======================


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\1a34a8e0 deleted successfully


==== Deleting Files \ Folders ======================


C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{CD9DA8AB-2726-DBFC-FAA4-AA19CF2435A2} deleted

C:\Users\bru_b_000\AppData\Local\Packages\windows_ie_ac_001\AC\{B2EE5271-AF92-779E-BC9A-50CD73715C95} deleted

C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{CD9DA8AB-2726-DBFC-FAA4-AA19CF2435A2} deleted

C:\PROGRA~3\ed420a45f9dc47fa deleted

C:\Users\bruna_000\daemonprocess.txt deleted

C:\Users\bru_b_000\daemonprocess.txt deleted

C:\Users\bru_b_000\.android deleted

C:\Users\bruna_000\AppData\Roaming\Baidu deleted

C:\PROGRA~3\SetStretch.VBS deleted

C:\PROGRA~3\FileSplitUpLoad.dll deleted

C:\PROGRA~3\InstallMate deleted

C:\Users\bru_b_000\AppData\Local\cache deleted

C:\Windows\tasks\GS.Enabler-S-1824435291.job deleted

C:\windows\SysNative\tasks\GS.Enabler-S-1824435291 deleted

"C:\PROGRA~3\agmpglakcajkndbjcmbdjjjcbklmppdn\agmpglakcajkndbjcmbdjjjcbklmppdn.crx" deleted

"C:\PROGRA~3\agmpglakcajkndbjcmbdjjjcbklmppdn\update.xml" deleted

"C:\PROGRA~3\agmpglakcajkndbjcmbdjjjcbklmppdn" deleted


==== Firefox Extensions Registry ======================


[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"tmbepff-7.5@trendmicro.com"="C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\firefoxextension" [22/09/2013 09:51]

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}"="C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension" [22/09/2013 09:52]


==== Chrome Look ======================


HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bmiabdepfhhiieiipmeecdmeljggmfee - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\chrome_tmbep.crx[11/03/2013 23:50]

jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found[]


YoutubeAdblocker - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

YoutubeAdblocker - Administrador\AppData\Local\Torch\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - Administrador\AppData\Local\Torch\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - Administrador\AppData\Local\Torch\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - Administrador\AppData\Local\Torch\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

Google Docs - Bruna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Bruna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Bruna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

TrendMicro BEP Extension - Bruna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee

Google Search - Bruna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Chrome In-App Payments service - Bruna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Bruna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

YTTubEAdsRaemoover - bruna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmpglakcajkndbjcmbdjjjcbklmppdn

Google Docs - bruna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - bruna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - bruna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - bruna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Wallet - bruna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - bruna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

YoutubeAdblocker - bru_b_000\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - bru_b_000\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - bru_b_000\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - bru_b_000\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

YTTubEAdsRaemoover - bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmpglakcajkndbjcmbdjjjcbklmppdn

Google Drive - bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

TrendMicro BEP Extension - bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee

Google Search - bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

AdBlock - bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Google Wallet - bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

YTTBOaokMarrk - bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

Gmail - bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

YoutubeAdblocker - bru_b_000\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - bru_b_000\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - bru_b_000\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - bru_b_000\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

YoutubeAdblocker - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

YoutubeAdblocker - Convidado\AppData\Local\Torch\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - Convidado\AppData\Local\Torch\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - Convidado\AppData\Local\Torch\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - Convidado\AppData\Local\Torch\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

YoutubeAdblocker - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh

Clock - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg

YTTBOaokMarrk - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh

groeatosaver - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo

Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

TrendMicro BEP Extension - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee

Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia


==== Chrome Fix ======================


C:\Users\bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully

C:\Users\bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully

C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\bru_b_000\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\bru_b_000\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cjghaombgflelcjbjmlpanmigkiagkeh deleted successfully

C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\bru_b_000\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\bru_b_000\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\okehdcjepjlkgjjokdcbhbpkoafegpfo deleted successfully

C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\bru_b_000\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\bru_b_000\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg deleted successfully

C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\bru_b_000\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\bru_b_000\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\nmpbciadcobibdjiclohgohelniffeoh deleted successfully

C:\Users\bruna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmpglakcajkndbjcmbdjjjcbklmppdn deleted successfully

C:\Users\bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmpglakcajkndbjcmbdjjjcbklmppdn deleted successfully

C:\Users\bruna_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_agmpglakcajkndbjcmbdjjjcbklmppdn_0.localstorage deleted successfully

C:\Users\bruna_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_agmpglakcajkndbjcmbdjjjcbklmppdn_0.localstorage-journal deleted successfully

C:\Users\bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_agmpglakcajkndbjcmbdjjjcbklmppdn_0.localstorage deleted successfully

C:\Users\bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_agmpglakcajkndbjcmbdjjjcbklmppdn_0.localstorage-journal deleted successfully


==== Set IE to Default ======================


Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://asus13.msn.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"


New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://asus13.msn.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"


==== All HKCU SearchScopes ======================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"



==== Deleting CLSID Registry Keys ======================


HKEY_USERS\S-1-5-21-3107198794-1239150594-4199542414-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD9DA8AB-2726-DBFC-FAA4-AA19CF2435A2} deleted successfully

HKEY_USERS\S-1-5-21-3107198794-1239150594-4199542414-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD9DA8AB-2726-DBFC-FAA4-AA19CF2435A2} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD9DA8AB-2726-DBFC-FAA4-AA19CF2435A2} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD9DA8AB-2726-DBFC-FAA4-AA19CF2435A2} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{CD9DA8AB-2726-DBFC-FAA4-AA19CF2435A2} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{CD9DA8AB-2726-DBFC-FAA4-AA19CF2435A2} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD9DA8AB-2726-DBFC-FAA4-AA19CF2435A2} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD9DA8AB-2726-DBFC-FAA4-AA19CF2435A2} deleted successfully


==== Deleting CLSID Registry Values ======================



==== shortcuts on Users Desktops ======================


C:\Users\bruna_000\Desktop\Downloads - Atalho.lnk - C:\Users\bruna_000\Downloads

C:\Users\bruna_000\Desktop\SpyHunter.lnk - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\bruna_000\Desktop\TRABALHOS 3 SEMESTRE - Atalho.lnk - D:\Documentos\TRABALHOS 3 SEMESTRE.docx

C:\Users\bruna_000\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe

C:\Users\bruna_000\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

C:\Users\bruna_000\Desktop\µTorrent.lnk -

C:\Users\bru_b_000\Desktop\Data (D) - Atalho.lnk - D:\

C:\Users\bru_b_000\Desktop\Documentos - Atalho.lnk - C:\Users\bruna_000\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

C:\Users\bru_b_000\Desktop\Documentos.lnk - D:\Documentos

C:\Users\bru_b_000\Desktop\Downloads.lnk - D:\Downloads

C:\Users\bru_b_000\Desktop\Facul.lnk - D:\Facul

C:\Users\bru_b_000\Desktop\Imagens.lnk - D:\Imagens

C:\Users\bru_b_000\Desktop\JCreator Pro.lnk - C:\Program Files (x86)\Xinox Software\JCreatorV4\JCreator.exe

C:\Users\bru_b_000\Desktop\music.lnk - D:\music

C:\Users\bru_b_000\Desktop\Photoshop - Atalho.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe

C:\Users\bru_b_000\Desktop\µTorrent.lnk -


==== shortcuts on All Users Desktop ======================


C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Users\Public\Desktop\Corel CAPTURE X6 (64-Bit).lnk - c:\Windows\Installer\{1967EF95-E00B-4669-8B1C-A589BE8BF24F}\NewShortcut6_C2D12190778B49D7B6847BAECAE7BE9D.exe

C:\Users\Public\Desktop\Corel CONNECT X6 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Connect64\Connect.exe

C:\Users\Public\Desktop\Corel PHOTO-PAINT X6 (64-Bit).lnk - c:\Windows\Installer\{D7C2687D-924E-4485-B367-C7D95CBF8DDD}\NewShortcut4_1B93EBAA624B47A7847E8976FF2E037B.exe

C:\Users\Public\Desktop\CorelDRAW X6 (64-Bit).lnk - c:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut1_41AAC0AC880545E6A1C81230F4159C30.exe

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Public\Desktop\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8

C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8


==== shortcuts in Users Start Menu ======================


C:\Users\bruna_000\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -

C:\Users\bruna_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\bruna_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\bruna_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk - C:\Windows\SysWOW64\msiexec.exe /X {4FC9DA9D-F608-454E-8191-D7EFFDCC5726}

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\bru_b_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\bru_b_000\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe


==== shortcuts in All Users Start Menu ======================


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk - C:\Program Files (x86)\Java\jdk1.7.0_51\bin\jmc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JCreator Pro\JCreator 4.50 Pro.lnk - C:\Program Files (x86)\Xinox Software\JCreatorV4\JCreator.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\accicons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\inficon.exe /design

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\inficon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pubs.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Send to OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\SkyDrive Pro 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Lync Recording Manager.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe


==== shortcuts in Quick Launch ======================


C:\Users\Bruna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Bruna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Bruna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Bruna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Bruna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\bruna_000\AppData\Roaming\Microsoft\Windows\Libraries

C:\Users\Bruna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Bruna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Trend Micro\Trend Micro Titanium Internet Security.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

C:\Users\bruna_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\bruna_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\bruna_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\bruna_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\bruna_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\bruna_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe

C:\Users\bruna_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CorelDRAW X6 (64-Bit).lnk - c:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut1_41AAC0AC880545E6A1C81230F4159C30.exe

C:\Users\bruna_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\bruna_000\AppData\Roaming\Microsoft\Windows\Libraries

C:\Users\bruna_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\bruna_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\bruna_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows.Defender.lnk -

C:\Users\bruna_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\Users\bruna_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Trend Micro\Trend Micro Titanium Internet Security.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE /recycle

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CorelDRAW X6 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Programs64\CorelDRW.exe

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\bruna_000\AppData\Roaming\Microsoft\Windows\Libraries

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Photoshop - Atalho.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows.Defender.lnk -

C:\Users\bru_b_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Trend Micro\Trend Micro Titanium Internet Security.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -


==== Deleting Registry Keys ======================


HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\26d611e1-9ae6-402a-ac2b-b0ad50f9a23c deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0} deleted successfully


==== HijackThis Entries ======================


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1209\1.0.1209\TmopIEPlg32.dll

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S

O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll

O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1209\1.0.1209\TmopIEPlg32.dll

O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~2\gsb779~1.ena

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


==== Empty IE Cache ======================


C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Bruna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Bruna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\bruna_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\bruna_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\bru_b_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\bru_b_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully


==== Empty FireFox Cache ======================


No FireFox Profiles found


==== Empty Chrome Cache ======================


C:\Users\Bruna\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\bruna_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\bru_b_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully


==== Empty All Flash Cache ======================


Flash Cache Emptied Successfully


==== Empty All Java Cache ======================


Java Cache cleared successfully


==== C:\zoek_backup content ======================


C:\zoek_backup (files=450 folders=151 4237540 bytes)


==== Empty Temp Folders ======================


C:\Users\Bruna\AppData\Local\Temp emptied successfully

C:\Users\bruna_000\AppData\Local\Temp will be emptied at reboot

C:\Users\bru_b_000\AppData\Local\Temp emptied successfully

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot


==== After Reboot ======================


==== Empty Temp Folders ======================


C:\Windows\Temp successfully emptied

C:\Users\BRUNA_~1\AppData\Local\Temp successfully emptied


==== Empty Recycle Bin ======================


C:\$RECYCLE.BIN successfully emptied


==== EOF on 30/03/2014 at 20:26:24,19 ======================

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Rafael Icassati

|- Baixe: < UsbFix > ( ...de C_XX & El Desaparecido )

UsbFix_Telecharge.jpg

|- Salve-o no desktop!
|- Siga com sua instalação.
|- Execute o arquivo UsbFix.exe,com um duplo clique.

UsbFix_Supprssion.jpg

|- Escolha a opção "Suppression" ou "Delete".
|- Aguarde a conclusão e poste o relatório. ( C:\UsbFix.txt )

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito