Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Soraya Lourenço

[Resolvido] Não consigo atualizar ou desinstalar o AVG 2014...

Recommended Posts

Bom dia!

 

Estou com sérios problemas.

Começou com o AVG não conseguindo atualizar.

Tentei então desinstala-lo e para minha surpresa não é possível. Na verdade, não consigo mais instalar ou desinstalar qualquer outro antivirus ou antimalware que eu possa querer.

Depois de não conseguir desinstalar o AVG tentei escanear com o malwarebytes. Mas ele simplesmente não abre.

Não consigo seuqer fazer o HijackThis rodar. Baixo os arquivos mas não é permitido instalala-los ou atualiza-los.

 

Me ajude.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Soraya.

 

Faça o download do < ZHPDiag > < NicolasCoolman.jpg> ( ... de Nicolas Coolman )

 

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

 

2aa105k.jpg

 

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite! Ferramenta instalada.

 

Segue o log:

 

~ Relatório do ZHPDiag v2014.7.19.106 - Nicolas Coolman (19/07/2014)
~ Iniciado por Soraya (20/07/2014 22:38:34)
~ Endereço do Website : =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] Web - (Web) - http://br.yhs4.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -
=>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {33D59858-89D9-4AC2-A956-93875EB02323} - (LocalStrike Search) - http://find.localstrike.net
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) -
http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {92001F8A-C36B-473A-91E7-5BE0C81CF2B3} - (PSafe ClikSeguro) - http://clikseguro.com
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [sPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.EECD181357EEBCCD1C414D89B4D9078D] [sPRF][12/07/2013] (...) -- C:\Users\Soraya\AppData\Roaming\unins000.dat [12795]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [sPRF][12/07/2013] (.No owner - Setup/Uninstall.) -- C:\Users\Soraya\AppData\Roaming\unins000.exe [720082]
[MD5.739F4BFD0576A184CE8BB8140026B93F] [sPRF][20/07/2014] (...) -- C:\Users\Soraya\Desktop\u14iavi7887zr.bin [88979219]
~ Files: 5 Legitimates Filtered in 00mn 06s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\funmoods_RASAPI32 =>PUP.Funmoods
HKLM\SOFTWARE\Microsoft\Tracing\funmoods_RASMANCS =>PUP.Funmoods
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_2-KFRPtAWP-1__RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_2-KFRPtAWP-1__RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32 =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mkv-player_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mkv-player_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_directx_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_directx_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_project64_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_project64_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup(1)_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup(1)_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASAPI32 =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASMANCS =>PUP.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32 =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS =>Hijacker.FindrToolbar
HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32 =>PUP.WebConnect
HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS =>PUP.WebConnect
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 466 Legitimates Filtered in 00mn 03s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 27/06/2014 3241488 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
SS - | Auto 28/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 24/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 28/03/2011 4323256 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SS - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 09/08/2010 131888 | (Samsung UPD Service) . (.Samsung Electronics CO., LTD..) - C:\windows\System32\SUPDSvc.exe
SS - | Auto 10/07/1658 0 | (TuneUp.UtilitiesSvc) . (...) - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 10/08/2011 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 17/06/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 25/03/2011 660768 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 06/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 01/12/2009 244904 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 47s



---\\ Scâner Aditional (088)
Database Version : 13026 - (19/07/2014)
Clés trouvées (Keys found) : 12
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs] =>Toolbar.Ask
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}] =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:AVG-Secure-Search-Update_0913b =>Toolbar.AVGSearch^
C:\Program Files\WebConnect =>PUP.WebConnect^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\Soraya\AppData\Roaming\337 =>Hijacker.22Find^
C:\Users\Soraya\AppData\Local\genienext =>PUP.NextLive^
C:\Program Files\SimilarSites =>Adware.SimilarSites
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
~ Additionnel Scan: 332390 Items scanned in 02mn 37s



---\\ Informações complémentaires do módulos
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ =>.Browser Helper Objects do navegador (02)
~ =>.Barras do Internet Explorer (03))
~ =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
=>Adware.MyWebSearch
=>Hijacker.NationZoom
=>Hijacker.22Find
=>PUP.DealPly
=>Toolbar.Conduit
=>PUP.WebConnect
=>PUP.Tarma
=>PUP.NextLive
=>Toolbar.Ask
=>Hijacker.FindrToolbar
=>PUP.Funmoods
=>Adware.IMBooster
=>Adware.PredictAd
=>PUP.SweetIM
=>PUP.ToparcadeHits
=>Trojan.Lozavita
=>Adware.BrowseFox
=>PUP.CrossRider
http://nicolascoolman.fr/adware-similarsites%C2'> =>Adware.SimilarSites
~ MSI: 19 link(s) detected in 00mn 00s



~ 1005 Legitimates filtered by white list
End of the scan (647 lines in 08mn 09s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

 

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

 

Remova adwares e toolbars maliciosas com o Adwcleaner

 

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!

 

Como já tinha te informado. Consigo baixar os programas mas não instala-los.

Executei o AdwCleaner mas o vírus fecha o programa assim que abre. Questão de 1 segundo. É como se a tela piscasse pra mim.

 

Vc tem ideia de que vírus faz isso? Nem o sality acho que faz isso. Pelo menos da vez que ele veio de presentinho pra mim. Ele fez estrago mas não bloqueava os antivirus.

 

Inté.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Acesse o site https://www.virustotal.com e envie estes arquivos destacados em negrito abaixo para serem analisados:

C:\Program Files\Oi\Programmer\OiVeloxCheck.exe
C:\u14iavi7887zr.bin

Assim que a análise de cada um deles for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste estes links em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

Analise arquivos e links suspeitos de forma online e totalmente gratuita
____________________________________________________________________________

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com os links das análises dos arquivos no site Virus Total.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde!

 

O arquivo OiVeloxCheck primeiro acusou 3 vírus. Reavaliei e acusou 1 de 43 f749ff7a8439377070b3aae3cef259a7a917f418c13066fa1ed6673e2e80315b

 

O segundo está invalidado. Muito grande. Tem mais de 64 mb.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o relatório:

 

Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Soraya at 21/07/2014 14:58:04
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 22s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: Mozilla Plugin: @pandonetworks.com/PandoWebPlugin
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKCU\Software\Softonic
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ: SearchScopes :${searchCLSID}
ELIMINÉ: SearchScopes :{2D6734A5-DD67-46BD-99C0-8685B4286399}
ELIMINÉ: SearchScopes :{33D59858-89D9-4AC2-A956-93875EB02323}
ELIMINÉ: SearchScopes :{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\funmoods_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\funmoods_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_2-KFRPtAWP-1__RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_2-KFRPtAWP-1__RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mkv-player_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mkv-player_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_directx_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_directx_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_project64_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_project64_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup(1)_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup(1)_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS
ELIMINÉ: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
ELIMINÉ: HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
ELIMINÉ: HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
ELIMINÉ: HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
ELIMINÉ: HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS
ELIMINÉ: HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32
ELIMINÉ: HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
ELIMINÉ RunValue: AVG-Secure-Search-Update_0913b
ELIMINÉ RunValue: fab
ELIMINÉ RunValue: Del249980432
ELIMINÉ RunValue: Del428825345
ELIMINÉ RunValue: Del530267491

========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page = http://start.mysearc...EtD0C0AzyyEyBzz[...]
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.id", "E0CA9478F907ECD5");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.instlDay", "16124");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.instlRef", "");
AUSENTE Mozilla Pref: user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearc...u0EtD0C0AzyyEyB[...]
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.prdct", "mysearchdial");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.tlbrId", "base");
AUSENTE Mozilla Pref: user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearc...Qzu0EtD0C0AzyyE[...]
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.hmpg", true);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.newTab", false);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.smplGrp", "none");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:16:35");

========== Pastas ==========
ELIMINÉ: C:\Users\Soraya\AppData\Local\{11417E49-0057-4C30-A657-E5274F851281}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{2DEC70D6-CBA0-48BE-82D4-98C944022915}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{3BE2D233-C730-454E-8038-911E2E4D436E}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{3D4932A5-5BA5-4090-B154-579D6E80D79F}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{44399A52-AC33-4606-A69A-ACEA7F1D48B2}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{576F8FE8-9E83-4060-B572-A65C137F4B12}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{66A16A2C-3656-450A-9549-0E138EC5C025}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{6CF16F74-4CE2-4C05-9213-989116AEC755}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{87F8634D-5DBD-4DC2-BDB5-F493E10943EA}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{900768BE-D178-48E3-A775-8EA5734C98D4}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{9FAFEAD6-F7EE-4D64-A865-04A6C398DC4E}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{AE1E6D05-3922-416B-BA7A-EDD97DEAD48D}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{AFC4400C-7608-4FC6-AE26-6FDA67C005EE}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{B5EF2365-DA44-4B23-8B95-E444F3E2A264}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{CF2952F0-4F53-425D-BC39-E20C6FAB36D4}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{DBC6BB4F-7149-44DA-BBA8-89CD0EBE5354}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{E6E65691-81AA-4215-9CCD-7C67DF40E1B8}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{EAE0AE43-4516-4DAB-ADD0-F0F231232BC7}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{ED600DE5-6A38-4180-92E5-0AA81A29C433}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{F79CB6DB-BDEB-4625-B15C-A8886395204D}
ELIMINÉ: C:\Users\Soraya\AppData\Local\{FE8B0828-5948-4AF9-B1A0-03D5C5D9DB7E}

========== Ficheiros ==========
ELIMINÉ: c:\users\soraya\appdata\roaming\mozilla\firefox\profiles\d9gpgnfs.default\searchplugins\mysearchdial.xml
ELIMINÉ: c:\users\soraya\appdata\roaming\mozilla\firefox\profiles\d9gpgnfs.default\searchplugins\nation-secure-search.xml
ELIMINÉ: c:\users\soraya\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\ddtank.lnk
ELIMINÉ: c:\users\soraya\appdata\roaming\337\ddtank\gamelogin.exe
ELIMINÉ: c:\users\soraya\desktop\ddtank.lnk
ELIMINÉ: c:\users\soraya\appdata\roaming\ecad\fab.js
ELIMINA REINICIAR: c:\windows\system32\cmd.exe
ELIMINÉ: c:\windows\tasks\roc_jan2013_tb_rmv.job
ELIMINÉ: c:\windows\system32\tasks\roc_jan2013_tb_rmv
ELIMINÉ: c:\windows\system32\drivers\360hookoem.sys
ELIMINÉ: c:\windows\system32\drivers\360regoem.sys
ELIMINÉ: c:\windows\system32\drivers\360spoem.sys
ELIMINÉ Temporários windows (1605) (748.151.453 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: DealPly
ELIMINÉ: DealPly
ELIMINÉ: DealPlyUpdate
ELIMINÉ: {3512B0A4-6AD9-4A18-9B18-4A1397A3CD18}
ELIMINÉ: {616BA8F8-3069-4A1A-9DC4-86E4D3FABA90}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
47 : Chaves do Registo
6 : Valores do Registo
1 : Elementos dos dados do Registo
21 : Pastas
14 : Ficheiros
26 : Preferências do navegador
5 : Tarefa planificada
1 : Restauração Sistema


End of clean in 03mn 28s

========== Caminho do ficheiro do relatório ==========
C:\Users\Soraya\AppData\Roaming\ZHP\ZHPFix[R1].txt - 21/07/2014 14:58:26 [9278]

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Abra novamente o ( ZHPDiag )

 

ZHPDiag_Pergaminho2_zps6e758639.jpg

 

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

 

ZHPDiag_Pesquisar_zps3acb0f25.jpg

 

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

 

zhpdia11.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue:

 

~ Relatório do ZHPDiag v2014.7.19.106 - Nicolas Coolman (19/07/2014)
~ Iniciado por Soraya (21/07/2014 15:21:11)
~ Endereço do Website : http://nicolascoolman.fr
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 30.0 (Defaut)
GCIE: Google Chrome

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
AVG 2014 v2014.0.4716
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 20 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1788 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 128 GB (71%) free of 180 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LOURENÇO-PC
~ User Name: Soraya
~ All Users Names: Soraya, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Soraya\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Soraya\AppData\Roaming\
~ %Desktop% : C:\Users\Soraya\Desktop\
~ %Favorites% : C:\Users\Soraya\Favorites\
~ %LocalAppData% : C:\Users\Soraya\AppData\Local\
~ %StartMenu% : C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 128 Go of 180 Go)
D: Hard drive, Flash drive, Thumb drive (Free 253 Go of 268 Go)
E: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/35
~ Mes musiques (My Musics) : 43/483
~ Mes Videos (My Videos) : 1/17
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 2/405
~ Mon Bureau (My Desktop) : 2/2132
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 05s



---\\ Processos lançados
[MD5.41ADF70111483C1E5E81EE4E8F0B0D57] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe [846864] [PID.376]
[MD5.78BC21F8BB27A68895377070B727B8E2] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe [642576] [PID.428]
[MD5.3701779057885787AF031936EF56538E] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [527928] [PID.1020]
[MD5.AAE19C2290142740658B1A35CB96B836] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [176128] [PID.1212]
[MD5.B55C1AAA555EB05BA5F990227217D47F] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [401408] [PID.1676]
[MD5.6F44F5C0BC6B210FE5F5A1C8D899AD0A] - (.Microsoft Corporation - Windows Wireless LAN 802.11 Extensibility F.) -- C:\Windows\system32\WLANExt.exe [77312] [PID.1856]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.932]
[MD5.20B2C28E3914C6837B30D44D31D2A294] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488] [PID.1056]
[MD5.13BB5F8819F90CE30A967FD94823E21B] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328] [PID.1236]
[MD5.EFCBB730C49B957D4FE973F3F6085217] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [660768] [PID.1596]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2168]
[MD5.F12A68ED55053940CADD59CA5E3468DD] - (.No owner - RichVideo Module.) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904] [PID.2228]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2504]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2704]
[MD5.D8DB2DA1AD3C96D2A9898068F309EB57] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe [838672] [PID.3096]
[MD5.77505EFF423AFD7A2B41C0EFF919C935] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe [656912] [PID.3108]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3528]
[MD5.65533F93E9FDEB73D0C1397EAAC3F351] - (...) -- C:\Program Files\Oi\Programmer\OiVeloxCheck.exe [614400] [PID.1412]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512] [PID.1896]
[MD5.A8B68D4A0B815294819E2647D54A7686] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [5179408] [PID.828]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2776]
[MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3212]
[MD5.979D74799EA6C8B8167869A68DF5204A] - (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe [141824] [PID.964]
[MD5.19CB8B3851F40518DC639C0613273122] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [840992] [PID.4092]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\RunDll32.exe [0] [PID.3696]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228552] [PID.1512]
[MD5.D6C4B257BBD494F08B2984E533B072A0] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [945232] [PID.4588]
[MD5.CAF103ABAE8D7AC48C6283C9EA0C942F] - (.Samsung Electronics Co., Ltd. - Wifi Manager.) -- C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe [7060560] [PID.4628]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe [136488] [PID.4640]
[MD5.1D721C0A479F378326EA770B3E6FABEE] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [2852128] [PID.4964]
[MD5.EE34DEB598BFB6E0FAF3C483AA3E73F8] - (.SEC - Samsung Recovery Solution 5.) -- C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [4399696] [PID.5468]
[MD5.D9C70E8552670E7A67778ED238C18975] - (.Samsung Electronics Co., Ltd. - Smart Restarter Program.) -- C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2208624] [PID.5692]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.5808]
[MD5.2C7CF4D4A17B5765E23F6B82C16AF4EB] - (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe [87336] [PID.5816]
[MD5.5AFC1F763562C453C64B70886B460CDD] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360] [PID.5848]
[MD5.9F71DDE0A8C47254B9DA3AB6094915CC] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) -- C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [775848] [PID.6048]
[MD5.1E20F1E969193B6763630EAC6CFDC2EB] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [1757264] [PID.6108]
[MD5.B8C44BF5A86B4662458F4AA8F901C94B] - (.Samsung Electronics - Samsung Update Plus Background.) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2782064] [PID.2440]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [507264] [PID.3688]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.3924]
[MD5.DDBE89226D55D694F1B7B3DD0C324640] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [233048] [PID.3292]
[MD5.4F87179386948D61FBF74B0DDF265170] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.7204]
[MD5.192FFD3F99A0847740670AE711CB455A] - (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe [1869488] [PID.4444]
[MD5.19A0A39635A48351A75D92938586FA72] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8078848] [PID.7652]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4768]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\prefs.js
C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\user.js
P2 - FPN: [HKLM] [@raidcall.en/RCplugin] - (.Raidcall - Raidcall plugin.) -- C:\Users\Soraya\AppData\Roaming\raidcall\plugins\nprcplugin.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Soraya\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 30 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [OiVelox] . (...) -- C:\Program Files\Oi\Programmer\OiVeloxCheck.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [fab] C:\Users\Soraya\AppData\Roaming\ecad\fab.js (.not file.)
O4 - HKUS\S-1-5-21-1980178241-1392328930-356032191-1000\..\Run: [fab] C:\Users\Soraya\AppData\Roaming\ecad\fab.js (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Program Files\Hewlett-Packard\Smart Print\SmartPrint.ico
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{407B34B5-EE4D-482E-A4FA-5DF976D3A190}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFED9CB2-4AA8-4976-BCA7-CD8B46DA9FEB}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{407B34B5-EE4D-482E-A4FA-5DF976D3A190}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{EFED9CB2-4AA8-4976-BCA7-CD8B46DA9FEB}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{407B34B5-EE4D-482E-A4FA-5DF976D3A190}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{EFED9CB2-4AA8-4976-BCA7-CD8B46DA9FEB}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) . (...) - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (.not file.)
~ Services: 9 Legitimates Filtered in 00mn 18s



---\\ Tarefas planificadas automaticamente (039)
[MD5.5C7686EBAA8F27437C6F2C33F08768F5] [APT] [Windows Codec Update Service] (.MediaCodec.Org.) -- C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [258048]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 06s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 87 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\Pando Networks]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Pando Networks]
[HKLM\Software\RCBR]
[HKLM\Software\sXe_Injected]
~ Key Software: 213 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/07/2014 - 14:10:27 - [] -SH-D C:\Program Files\f3
O43 - CFD: 21/01/2014 - 17:40:38 - [] ----D C:\Program Files\Oi
O43 - CFD: 09/08/2013 - 11:19:54 - [] ----D C:\Program Files\Subway Surfers
O43 - CFD: 23/07/2012 - 12:35:17 - [] ----D C:\ProgramData\Oi
O43 - CFD: 23/02/2014 - 15:21:32 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 21/07/2014 - 14:57:01 - [0] -SH-D C:\Users\Soraya\AppData\Roaming\ecad
O43 - CFD: 23/02/2014 - 02:22:11 - [] ----D C:\Users\Soraya\AppData\Roaming\rcru
O43 - CFD: 14/08/2012 - 18:01:18 - [] ----D C:\Users\Soraya\AppData\Roaming\{90140011-0066-0416-0000-0000000FF1CE}
~ Program Folder: 230 Legitimates Filtered in 00mn 02s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoControlPanel"=
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
O56 - MWPE:[HKCU\...\policies\Explorer] - "NofolderOptions"=
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/10/2008 - 16:19:38 ---A- . (.Mobile Connector - USB/Serial Device Driver.) -- C:\Windows\System32\Drivers\cmnsusbser.sys [103424]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:12/11/2010 - 19:24:00 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [116008]
O58 - SDL:06/05/2014 - 15:04:04 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:19/06/2014 - 19:16:59 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys [31088]
O58 - SDL:01/03/2014 - 17:43:15 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:26/10/2011 - 21:18:54 ---A- . (.Windows ® 2003 DDK 3790 provider - Generic Port I/O for Win32.) -- C:\Windows\System32\Drivers\rtport.sys [15656]
O58 - SDL:22/01/2014 - 08:52:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [88576]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 100 Legitimates Filtered in 00mn 06s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 06/05/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 119 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.AL", 2); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.aflt", "irmsd0202ff"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyDtFtCy[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.cr", "1379947705"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.dfltLng", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.dfltSrch", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.dnsErr", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.excTlbr", false); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.hmpg", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.id", "E0CA9478F907ECD5"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.instlDay", "16124"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.instlRef", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyB[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.prdct", "mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.tlbrId", "base"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.vrsn", "1.8.21.0"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial.vrsni", "1.8.21.0"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial_i.hmpg", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial_i.newTab", false); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial_i.smplGrp", "none"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [soraya - d9gpgnfs.default] user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:16:35"); =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] Web - (Web) - http://br.yhs4.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [sPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.EECD181357EEBCCD1C414D89B4D9078D] [sPRF][12/07/2013] (...) -- C:\Users\Soraya\AppData\Roaming\unins000.dat [12795]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [sPRF][12/07/2013] (.No owner - Setup/Uninstall.) -- C:\Users\Soraya\AppData\Roaming\unins000.exe [720082]
[MD5.B653DD91D5D6E519D3357A80A15A5DFB] [sPRF][21/07/2014] (...) -- C:\Users\Soraya\Desktop\AdwCleaner.exe [1354223]
~ Files: 5 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 438 Legitimates Filtered in 00mn 01s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 28/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 24/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 28/03/2011 4323256 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SS - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Demand 09/08/2010 131888 | (Samsung UPD Service) . (.Samsung Electronics CO., LTD..) - C:\windows\System32\SUPDSvc.exe
SS - | Auto 10/07/1658 0 | (TuneUp.UtilitiesSvc) . (...) - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 10/08/2011 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 27/06/2014 3241488 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
SR - | Auto 17/06/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 25/03/2011 660768 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 06/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 01/12/2009 244904 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 36s



---\\ Scâner Aditional (088)
Database Version : 13026 - (19/07/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
~ Additionnel Scan: 321292 Items scanned in 01mn 35s



---\\ Informações complémentaires do módulos
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ =>.Browser Helper Objects do navegador (02)
~ =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
=>Adware.MyWebSearch
~ MSI: 1 link(s) detected in 00mn 00s



~ 950 Legitimates filtered by white list
End of the scan (529 lines in 04mn 46s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Soraya at 21/07/2014 15:53:43
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (Cancelado pelo utilizador)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect

========== Valores do Registo ==========
ELIMINÉ RunValue: fab

========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.AL", 2);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.aflt", "irmsd0202ff");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyDtFtCy[...]
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.cr", "1379947705");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.dfltLng", "");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.dfltSrch", true);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.dnsErr", true);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.excTlbr", false);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.hmpg", true);
AUSENTE Mozilla Pref: user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearc...EtD0C0AzyyEyBzz[...]
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.id", "E0CA9478F907ECD5");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.instlDay", "16124");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.instlRef", "");
AUSENTE Mozilla Pref: user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearc...u0EtD0C0AzyyEyB[...]
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.prdct", "mysearchdial");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.tlbrId", "base");
AUSENTE Mozilla Pref: user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearc...Qzu0EtD0C0AzyyE[...]
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.hmpg", true);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.newTab", false);
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.smplGrp", "none");
ELIMINÉ Mozilla Pref: user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:16:35");

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (7) (2.857.747 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
3 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
2 : Ficheiros
26 : Preferências do navegador
1 : Restauração Sistema


End of clean in 04mn 11s

========== Caminho do ficheiro do relatório ==========
C:\Users\Soraya\AppData\Roaming\ZHP\ZHPFix[R1].txt - 21/07/2014 14:58:26 [9359]
C:\Users\Soraya\AppData\Roaming\ZHP\ZHPFix[R2].txt - 21/07/2014 15:57:14 [3456]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus para evitar conflitos.

 

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

:seta: Para executá-lo corretamente siga as dicas deste tutorial:

 

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

 

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde, Max!

 

Baixei o programa. Foi difícil de conseguir abrir. Mas por fim consegui.

Segue o log
Zoek.exe v5.0.0.0 Updated 19-07-2014
Tool run by Soraya on 22/07/2014 at 9:05:07,52.
Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Soraya\Desktop\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-07-22-120350.log 488 bytes

==== System Restore Info ======================

22/07/2014 09:06:13 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com.br/");
user_pref("keyword.URL", "http://br.yhs4.search.yahoo.com/yhs/search");

Added to C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default

---- Lines mysearchdial removed from prefs.js ----
user_pref("extensions.mysearchdial.aflt", "irmsd0202ff");
user_pref("extensions.mysearchdial.AL", 2);
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDt
user_pref("extensions.mysearchdial.cr", "1379947705");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D
user_pref("extensions.mysearchdial.id", "E0CA9478F907ECD5");
user_pref("extensions.mysearchdial.instlDay", "16124");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyD
user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:16:35");
---- Lines mysearchdial removed from user.js ----

user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1379947705&ir=");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1379947705&ir=");
user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd0202ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1379947705&ir=&q=");
user_pref("extensions.mysearchdial.id", "E0CA9478F907ECD5");
user_pref("extensions.mysearchdial.instlDay", "16124");
user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:16:35");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.aflt", "irmsd0202ff");
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial.cr", "1379947705");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EtD0C0AzyyEyBzz0FzytDyB0E0C0DyDtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
user_pref("extensions.mysearchdial.AL", 2);

---- Lines CT3072253 removed from prefs.js ----
user_pref("CT3072253.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
---- Lines iminent removed from prefs.js ----
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent100", "1343261960979");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1343251267330");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1343262977540");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1343262977497");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1343262977570");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1343250242640");
---- Lines finder removed from prefs.js ----
user_pref("sitefinder.buttonremoved", "1");
user_pref("sitefinder.enable_sf", true);
user_pref("sitefinder.installtime", "1393179622.378");
user_pref("sitefinder.show_button", true);
user_pref("sitefinder@sitefinder.com.is_bundle", "true");
user_pref("sitefinder@sitefinder.com.isFirstRun", "false");
user_pref("sitefinder@sitefinder.com.last_version", "");
user_pref("sitefinder@sitefinder.com.piwikSuccessTime", "1393179624.932");
user_pref("sitefinder@sitefinder.com.server", "https://api31.webovernet.com");
user_pref("sitefinder@sitefinder.com.src", "7901");
user_pref("sitefinder@sitefinder.com.user_id", "9037360D-4DF0-4D02-84A6-F73BC382D237");
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WR
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
---- Lines Search-Results removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline url(\"IMAGE\") right no
---- Lines imbooster removed from prefs.js ----
user_pref("id_imbooster4web_v6.cache.tbs_include_xml_006938", "52/22/25/6/112");
user_pref("id_imbooster4web_v6.firstlaunch", "0");
user_pref("id_imbooster4web_v6.guid", "%7BDB1A7BDD-4DE4-555C-3CE1-1C5770F57D36%7D");
user_pref("id_imbooster4web_v6.userId", "%12");
user_pref("id_imbooster4web_v6.Var1", "0");
user_pref("id_imbooster4web_v6.Var10", "0");
user_pref("id_imbooster4web_v6.Var2", "0");
user_pref("id_imbooster4web_v6.Var3", "0");
user_pref("id_imbooster4web_v6.Var4", "0");
user_pref("id_imbooster4web_v6.Var5", "0");
user_pref("id_imbooster4web_v6.Var6", "0");
user_pref("id_imbooster4web_v6.Var7", "0");
user_pref("id_imbooster4web_v6.Var8", "0");
user_pref("id_imbooster4web_v6.Var9", "0");
user_pref("id_imbooster4web_v6_installed_version", "1.0.1018.0");
---- FireFox user.js and prefs.js backups ----

user_072014_0933_.backup
prefs_072014_0933_.backup

==== Deleting Files \ Folders ======================

C:\Users\Soraya\daemonprocess.txt deleted
C:\Users\Soraya\.android deleted
C:\Users\Soraya\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\Avg_Update_0414b deleted
C:\PROGRA~2\AVG Security Toolbar deleted
C:\PROGRA~2\QuickSet deleted
C:\Users\Soraya\AppData\Local\CRE deleted
C:\Users\Soraya\AppData\Local\Mobogenie deleted
C:\Users\Soraya\AppData\Local\cache deleted
C:\Users\Soraya\Searches deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\System32\sho12A5.tmp deleted
C:\Windows\System32\sho188E.tmp deleted
C:\Windows\System32\sho2840.tmp deleted
C:\Windows\System32\sho39D6.tmp deleted
C:\Windows\System32\sho420D.tmp deleted
C:\Windows\System32\sho486C.tmp deleted
C:\Windows\System32\sho5446.tmp deleted
C:\Windows\System32\sho553A.tmp deleted
C:\Windows\System32\sho63A5.tmp deleted
C:\Windows\System32\shoA55.tmp deleted
C:\Windows\System32\shoA8EF.tmp deleted
C:\Windows\System32\shoBA95.tmp deleted
C:\Windows\System32\shoCB53.tmp deleted
C:\Windows\System32\shoFEED.tmp deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Users\Soraya\Documents\Mobogenie deleted
C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\CT3072253 deleted
C:\Users\Soraya\AppData\Roaming\unins000.exe deleted
"C:\Windows\Installer\37b312a.msi" deleted
"C:\Users\Soraya\AppData\Roaming\ecad" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [09/09/2013 22:36]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Soraya\AppData\Local\GAS Tecnologia\GBBD\bb\sf.xpi" [12/07/2013 23:40]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default
- RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
- NewTabURL - %ProfilePath%\extensions\newtaburl_local.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
3A9E1940B4459CC97FDCBB24FCB69004 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)
0FCEAA7D12B7B0BA825E5C770B1DCA48 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
84A176D49D40379AEDF123008E27BA33 - C:\Users\Soraya\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin
01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
DF75FC32D3EB681B6FE7C092D6FC4695 - C:\Users\Soraya\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
65FB4909BD29CAAA81FDC69AD21BB905 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll - RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)
01F0264937036BD962563F1ADF35CE72 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eoccbpoodnckjdnackiffhjfkogfhnhh - C:\Program Files\VDownloader\Addons\Chrome.crx[]
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]

YouTube - Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast WebRep - Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
New Tab Redirect - Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
Gmail - Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage-journal deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_servedby-br.dealply.com_0.localstorage deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_servedby-br.dealply.com_0.localstorage-journal deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.sweetim.com_0.localstorage deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.sweetim.com_0.localstorage-journal deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage deleted successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
"Backup.Old.Start Page"="http://www.google.com"
"Search Page"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://find.localstrike.net/"
"Default_Page_URL"="http://find.localstrike.net/"
"Default_Search_URL"="http://find.localstrike.net/"
"Search Page"="http://find.localstrike.net/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://find.localstrike.net"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="${searchCLSID}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchCLSID}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com.br/"
"Backup.Old.Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{4DF1E8FD-FBA0-36E8-4176-40D549A35E8E} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== Reset Google Chrome ======================

C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1980178241-1392328930-356032191-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4DF1E8FD-FBA0-36E8-4176-40D549A35E8E} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\support@vdownloader.com deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Soraya\Desktop\DL.lnk - D:\DL
C:\Users\Soraya\Desktop\Media Player Classic.lnk - C:\Program Files\Essentials Codec Pack\MPC\mpc-hc.exe
C:\Users\Soraya\Desktop\MsPaint.lnk - C:\Windows\System32\mspaint.exe
C:\Users\Soraya\Desktop\Oi Velox.lnk - C:\Program Files\Oi\Programmer\OiVelox.exe
C:\Users\Soraya\Desktop\StarterBackgroundChanger.lnk - C:\Program Files\StarterBackgroundChanger\StarterBackgroundChanger.exe
C:\Users\Soraya\Desktop\Windows Defender.lnk - C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\Soraya\Desktop\Windows Live Messenger.lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Soraya\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\Soraya\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
C:\Users\Public\Desktop\Comprar suprimentos - HP Deskjet 2540 series.lnk - C:\Program Files\HP\HP Deskjet 2540 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\GOM Player.lnk - C:\Program Files\GRETECH\GomPlayer\GOM.EXE
C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk - C:\Program Files\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe -Start UDCDevicePage
C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files\HP Photo Creations\PhotoProduct.exe
C:\Users\Public\Desktop\jetAudio.lnk - C:\Program Files\JetAudio\JetAudio.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\RealPlayer.lnk - C:\program files\real\realplayer\RealPlay.exe /launch:desktop

==== shortcuts in Users Start Menu ======================

C:\Users\Soraya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2540 series.lnk - C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Deskjet 2540 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=BR39U1J43605XK;CONNECTION=USB;MONITOR=1;

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk - C:\Program Files\GRETECH\GomPlayer\GOM.EXE
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jetAudio.lnk - C:\Program Files\JetAudio\JetAudio.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70f62c6a7f1739bd\pinned.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,Options_RunDLL 1
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel Starter 2010.lnk - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Excel Starter 2010 9014006604160000"
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Live Messenger.lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word Starter 2010.lnk - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604160000"
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Soraya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully

==== Empty IE Cache ======================

C:\Users\Soraya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Soraya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Soraya\AppData\Local\Mozilla\Firefox\Profiles\d9gpgnfs.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1487 folders=192 112150674 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Soraya\AppData\Local\temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Soraya\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 22/07/2014 at 13:16:48,43 ======================

No aguardo

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.