Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Prezados, estou meio que desesperado e não consigo remover alguns malwares em meu PC. Gostaria de ajuda para remove-los.
em anexo uma imagem de alguns que encontrei mas o programa nao remove.
/applications/core/interface/imageproxy/imageproxy.php?img=http://www.femperj.org.br/imagens/virus.jpg&key=cbe3d614d29366043a8e85e69e40888462dd75e3fcf5bf0471f286199c641eb2" alt="virus.jpg" />
*** [ Services ] ***
Service Found : Update NetCrawl
Service Found : WindowsMangerProtect
Service Found : shopperz Updater
Service Found : IHProtect Service
Service Found : cherimoya
Service Found : csrcc
Service Found : 70F4EEDB-1367-4b4f-8247-3133551A7415
*** [ Files / Folders ] ***
File Found : C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
File Found : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Found : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Found : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Found : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.williamhill.com_0.localstorage
File Found : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.williamhill.com_0.localstorage-journal
File Found : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.best-deals-products.com_0.localstorage-journal
File Found : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.com.br_0.localstorage-journal
File Found : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.best-deals-products.com_0.localstorage-journal
File Found : C:\Users\magalhaes\AppData\Local\mysearchdial-speeddial.crx
File Found : C:\Users\magalhaes\AppData\Roaming\Mozilla\Firefox\Profiles\9zlp1fq2.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\magalhaes\AppData\Roaming\Mozilla\Firefox\Profiles\9zlp1fq2.default\user.js
File Found : C:\WINDOWS\System32\drivers\cherimoya.sys
File Found : C:\WINDOWS\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Mobogenie
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\XTab
Folder Found : C:\Program Files\shopperz
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\baidu
Folder Found : C:\ProgramData\IHProtectUpDate
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\MAGALH~1\AppData\Local\Temp\Macwebtoise
Folder Found : C:\Users\magalhaes\AppData\Local\Babylon
Folder Found : C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
Folder Found : C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Found : C:\Users\magalhaes\AppData\Local\FilesFrog Update Checker
Folder Found : C:\Users\magalhaes\AppData\Local\lollipop
Folder Found : C:\Users\magalhaes\AppData\Local\webplayer
Folder Found : C:\Users\magalhaes\AppData\LocalLow\Mysearchdial
Folder Found : C:\Users\magalhaes\AppData\Roaming\Babylon
Folder Found : C:\Users\magalhaes\AppData\Roaming\baidu
Folder Found : C:\Users\magalhaes\AppData\Roaming\Macwebtoise
Folder Found : C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Found : C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
Folder Found : C:\Users\magalhaes\AppData\Roaming\Mozilla\Firefox\Profiles\9zlp1fq2.default\Extensions\fftoolbar2014@etech.com
Folder Found : C:\Users\magalhaes\AppData\Roaming\Mozilla\Firefox\Profiles\9zlp1fq2.default\Extensions\istart_ffnt@gmail.com
Folder Found : C:\Users\magalhaes\AppData\Roaming\Mozilla\Firefox\Profiles\9zlp1fq2.default\Extensions\searchengine@gmail.com
Folder Found : C:\Users\magalhaes\AppData\Roaming\mystartsearch
Folder Found : C:\Users\magalhaes\AppData\Roaming\Systweak
Folder Found : C:\Users\magalhaes\SupTab
Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
*** [ Scheduled tasks ] ***
Task Found : SomotoUpdateCheckerAutoStart
Task Found : gtaUpt
*** [ Shortcuts ] ***
*** [ Registry ] ***
Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1427145097&from=slbnew&uid=TOSHIBAXDT01ACA100_23RZ8K9PSXX23RZ8K9PSX
Key Found : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Found : HKCU\Software\Baidu
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\GAMESDESKTOP
Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKCU\Software\HomeTab
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\lollipop
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Found : HKCU\Software\Mozilla\Extends
Key Found : HKCU\Software\mysearchdial.com
Key Found : HKCU\Software\SearchProtectWS
Key Found : HKCU\Software\simplytech
Key Found : HKCU\Software\Somoto
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\TNT2
Key Found : HKCU\Software\UpdateStar
Key Found : HKCU\Software\WajIntEnhance
Key Found : HKCU\Software\Webplayer
Key Found : [x64] HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Found : [x64] HKCU\Software\Baidu
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\GAMESDESKTOP
Key Found : [x64] HKCU\Software\HomeTab
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\lollipop
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}
Key Found : [x64] HKCU\Software\mysearchdial.com
Key Found : [x64] HKCU\Software\SearchProtectWS
Key Found : [x64] HKCU\Software\simplytech
Key Found : [x64] HKCU\Software\Somoto
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\TNT2
Key Found : [x64] HKCU\Software\UpdateStar
Key Found : [x64] HKCU\Software\WajIntEnhance
Key Found : [x64] HKCU\Software\Webplayer
Key Found : HKLM\SOFTWARE\Baidu
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKLM\SOFTWARE\IHProtect
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Found : HKLM\SOFTWARE\mysearchdial
Key Found : HKLM\SOFTWARE\mystartsearchSoftware
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\shopperz
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\WajIntEnhance
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28193046-93B0-4A88-923B-2DB1AA023853}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\shopperz
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [istart_ffnt@gmail.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
*** [ Web browsers ] ***
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v36.0.1 (x86 pt-BR)
[9zlp1fq2.default] - Line Found : user_pref("extensions.enabledAddons", "istart_ffnt%40gmail.com:5.3.7,searchengine%40gmail.com:1.0.0.1027,%7B87F8774F-B485-47E2-A755-A40A8A5E8873%7D:3.10.0.1,%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:[...]
-\\ Google Chrome v41.0.2272.101
[C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.shutterstock.com/cat.mhtml?searchterm={searchTerms}&language=en〈=en&search_source=&safesearch=1&version=llv1&media_type=
[C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.centauro.com.br/browse/searchResults.jsp?_dyncharset=UTF-8&_dynSessConf=3631743065349689591&questionSaved=&catIdSaved=&isSimpleSearchResults=true&searchExecByFormSubmit=true&q_pageSize=48&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.goToPage=1&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.goToPage=+&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.docSort=relevance&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.docSort=+&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.docSortOrder=descending&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.docSortOrder=+&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.multiSearchSession=false&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.multiSearchSession=+&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.saveRequest=false&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.saveRequest=+&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.pageSize=48&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.pageSize=+&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.question={searchTerms}&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.searchRequest.question=+&startCategory=rootCategory&%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.search=Enviar&_D%3A%2Fatg%2Fcommerce%2Fsearch%2Fcatalog%2FQueryFormHandler.search=+&_DARGS=%2Fnavigation%2Fgadgets%2Fsearch.jsp
[C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://idg.receita.fazenda.gov.br/@@busca?SearchableText={searchTerms}
[C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://wordpress.org/search/do-search.php?search={searchTerms}
[C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.softonic.com.br/s/{searchTerms}
[C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.softonic.com.br/s/{searchTerms}
[C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.softonic.com.br/s/{searchTerms}
[C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.hao123.com/s?tn=SE_garavast_6upp6eh1&cid=avastbcl&ie=utf-8&wd={searchTerms}
[C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
-\\ Comodo Dragon v
[C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - Found [search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - Found [search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-07-07&apn_dtid=%5ECMD011%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [14871 bytes] - [25/03/2015 14:11:14]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14931 bytes] ##########
===============
=======
=
==
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 8.1 Single Language x64
Ran by magalhaes on 25/03/2015 at 14:11:20,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-342643391-3236263706-997985258-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update netcrawl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawl_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawl_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateNetCrawl_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateNetCrawl_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\NetCrawl_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\NetCrawl_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateNetCrawl_RASMANCS
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{28193046-93B0-4A88-923B-2DB1AA023853}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
~~~ Files
Successfully deleted: [File] "C:\ProgramData\duplicaterecord.js"
Successfully deleted: [File] "C:\Users\magalhaes\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\magalhaes\appdata\local\google\chrome\user data\default\local storage\http_www.wajam.com_0.localstorage-journal"
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\AlawarWrapper
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\ProgramData\ihprotectupdate"
Successfully deleted: [Folder] "C:\ProgramData\windowsmangerprotect"
Successfully deleted: [Folder] "C:\Users\magalhaes\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\magalhaes\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\magalhaes\AppData\Roaming\baidu security"
Successfully deleted: [Folder] "C:\Users\magalhaes\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\magalhaes\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\magalhaes\appdata\local\filesfrog update checker"
Successfully deleted: [Folder] "C:\Users\magalhaes\appdata\local\lollipop"
Successfully deleted: [Folder] "C:\Users\magalhaes\appdata\local\webplayer"
Successfully deleted: [Folder] "C:\Users\magalhaes\appdata\locallow\mysearchdial"
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"
Successfully deleted: [Folder] "C:\Program Files (x86)\mobogenie"
Successfully deleted: [Folder] "C:\Program Files (x86)\predm"
Successfully deleted: [Folder] "C:\Program Files (x86)\xtab"
Successfully deleted: [Folder] "C:\Users\magalhaes\AppData\Roaming\microsoft\windows\start menu\programs\filesfrog update checker"
~~~ FireFox
Successfully deleted: [File] C:\Users\magalhaes\AppData\Roaming\mozilla\firefox\profiles\9zlp1fq2.default\user.js
Successfully deleted: [File] C:\Users\magalhaes\AppData\Roaming\mozilla\firefox\profiles\9zlp1fq2.default\searchplugins\mysearchdial.xml
Successfully deleted: [Folder] C:\Users\magalhaes\AppData\Roaming\mozilla\firefox\profiles\9zlp1fq2.default\extensions\staged
Successfully deleted the following from C:\Users\magalhaes\AppData\Roaming\mozilla\firefox\profiles\9zlp1fq2.default\prefs.js
user_pref("browser.search.searchengine.alias", "mystartsearch");
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/web/favicon.ico");
user_pref("browser.search.searchengine.name", "mystartsearch");
user_pref("browser.search.searchengine.ptid", "slbnew");
user_pref("browser.search.searchengine.uid", "TOSHIBAXDT01ACA100_23RZ8K9PSXX23RZ8K9PSX");user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=dspp&ts=1427145198&from=slbnew&uid=TOSHIBAXDT01ACA100_23RZ8K9PSXX23RZ8K9PSX&q={searchTerms
user_pref("browser.startup.homepage", "hxxp://www.mystartsearch.com/?type=hppp&ts=1427145198&from=slbnew&uid=TOSHIBAXDT01ACA100_23RZ8K9PSXX23RZ8K9PSX");
user_pref("extensions.ffxtlbr@mysearchdial.com.install-event-fired", true);
user_pref("extensions.firefox@mybuzzsearch.com.install-event-fired", true);
user_pref("extensions.irmysearch.aflt", "irmsd1103");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0ByDyB0D0CtAyCyEzzyEtN0D0Tzu0CyCzyzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
user_pref("extensions.irmysearch.cr", "1186918451");
user_pref("extensions.irmysearch.instlRef", "");
user_pref("extensions.mysearchdial.aflt", "irmsd1103");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0ByDyB0D0CtAyCyEzzyEtN0D0Tzu0CyCzyzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
user_pref("extensions.mysearchdial.cntry", "BR");
user_pref("extensions.mysearchdial.cr", "1186918451");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,32
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hdrMd5", "95F4518B5FECE855D306D140C850BCCD");
user_pref("extensions.mysearchdial.hmpg", true);user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0ByDyB0D0CtAyCyEzzyEtN0D0Tzu0CyCzyzztN1L2XzutBtFtBt
user_pref("extensions.mysearchdial.id", "ECA86BB57DC36484");
user_pref("extensions.mysearchdial.instlDay", "16037");
user_pref("extensions.mysearchdial.instlRef", "");user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0ByDyB0D0CtAyCyEzzyEtN0D0Tzu0CyCzyzztN1L2XzutBtFtBtFt
user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.018:39:56");
user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0ByDyB0D0CtAyCyEzzyEtN0D0Tzu0CyCzyzztN1L2XzutBtFt
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.sg", "none");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0ByDyB0D0CtAyCyEzzyEtN0D0Tzu0CyCzyzztN1L2XzutBt
user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.018:39:56");Emptied folder: C:\Users\magalhaes\AppData\Roaming\mozilla\firefox\profiles\9zlp1fq2.default\minidumps [4 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/03/2015 at 14:15:14,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Desculpe!
Veja se agora está correto
*** [ Services ] ***
[#] Service Deleted : Update NetCrawl
[#] Service Deleted : WindowsMangerProtect
Service Deleted : shopperz Updater
[#] Service Deleted : IHProtect Service
[#] Service Deleted : cherimoya
Service Deleted : csrcc
Service Deleted : 70F4EEDB-1367-4b4f-8247-3133551A7415
*** [ Files / Folders ] ***
Folder Deleted : C:\Users\MAGALH~1\AppData\Local\Temp\Macwebtoise
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Folder Deleted : C:\Program Files\shopperz
Folder Deleted : C:\Users\magalhaes\SupTab
Folder Deleted : C:\Users\magalhaes\AppData\Roaming\mystartsearch
Folder Deleted : C:\Users\magalhaes\AppData\Roaming\Macwebtoise
Folder Deleted : C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
Folder Deleted : C:\Users\magalhaes\AppData\Roaming\Mozilla\Firefox\Profiles\9zlp1fq2.default\Extensions\fftoolbar2014@etech.com
Folder Deleted : C:\Users\magalhaes\AppData\Roaming\Mozilla\Firefox\Profiles\9zlp1fq2.default\Extensions\searchengine@gmail.com
Folder Deleted : C:\Users\magalhaes\AppData\Roaming\Mozilla\Firefox\Profiles\9zlp1fq2.default\Extensions\istart_ffnt@gmail.com
Folder Deleted : C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Deleted : C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\WINDOWS\System32\drivers\cherimoya.sys
File Deleted : C:\Users\magalhaes\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.com.br_0.localstorage-journal
File Deleted : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.best-deals-products.com_0.localstorage-journal
File Deleted : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.best-deals-products.com_0.localstorage-journal
File Deleted : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.williamhill.com_0.localstorage
File Deleted : C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.williamhill.com_0.localstorage-journal
File Deleted : C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
*** [ Scheduled tasks ] ***
Task Deleted : SomotoUpdateCheckerAutoStart
Task Deleted : gtaUpt
*** [ Shortcuts ] ***
*** [ Registry ] ***
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [istart_ffnt@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28193046-93B0-4A88-923B-2DB1AA023853}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\GAMESDESKTOP
Key Deleted : HKCU\Software\Baidu
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\WajIntEnhance
Key Deleted : HKCU\Software\SearchProtectWS
Key Deleted : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\mysearchdial
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\shopperz
Key Deleted : HKLM\SOFTWARE\Baidu
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\WajIntEnhance
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : [x64] HKLM\SOFTWARE\shopperz
*** [ Web browsers ] ***
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v36.0.1 (x86 pt-BR)
[9zlp1fq2.default\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "istart_ffnt%40gmail.com:5.3.7,searchengine%40gmail.com:1.0.0.1027,%7B87F8774F-B485-47E2-A755-A40A8A5E8873%7D:3.10.0.1,%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:[...]
-\\ Google Chrome v41.0.2272.101
[C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-07-07&apn_dtid=%5ECMD011%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
-\\ Comodo Dragon v
[C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-07-07&apn_dtid=%5ECMD011%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko
-\\ Opera v0.0.0.0
[C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-07-07&apn_dtid=%5ECMD011%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
*************************
AdwCleaner[R0].txt - [15103 bytes] - [25/03/2015 14:11:14]
AdwCleaner[R1].txt - [10475 bytes] - [25/03/2015 15:12:34]
AdwCleaner[s0].txt - [10353 bytes] - [25/03/2015 15:14:42]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10413 bytes] ##########
Segue o relatório
Segue o relatorio
Rapport de ZHPFix 2015.3.18.4 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by magalhaes at 26/03/2015 13:45:08
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Reciclagem vazia (00mn 11s)
Prefetcher vazio
========== Softwares ==========
ELIMINÉ: SpyHunter
AUSENTE Uninstall Process: c:\users\magalhaes\appdata\roaming\enigma software group\sh_installer.exe
========== Estado dos serviços ==========
KMSEmulator Parado
Bfilter Parado
Bfmon Parado
Bnbase Parado
Bndef Parado
Bprotect Parado
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter]
ELIMINÉ: Service: KMSEmulator
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ:* HKLM\Software\EnigmaSoftwareGroup
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\atajitos
ELIMINÉ:* StartupReg: FLV Player
ELIMINÉ:* StartupReg: shopperz
ELIMINÉ:* StartupReg: shopperz64
ELIMINÉ:* HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
ELIMINÉ: Toolbar: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
ELIMINÉ: Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}
ELIMINÉ RunValue: 3D BubbleSound
ELIMINÉ RunValue: UDC Integration
ELIMINÉ RunValue: gmsd_br_339
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Domain) : {9E3D57FC-7C37-4424-9352-4831E97D029D}
ELIMINÉ: FirewallRaz (Domain) : {548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}
ELIMINÉ: FirewallRaz (Domain) : NetPres-In-TCP-NoScope
ELIMINÉ: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope
ELIMINÉ: FirewallRaz (None) : NetPres-WSD-In-UDP
ELIMINÉ: FirewallRaz (None) : NetPres-WSD-Out-UDP
ELIMINÉ: FirewallRaz (Public) : NetPres-In-TCP
ELIMINÉ: FirewallRaz (Public) : NetPres-Out-TCP
ELIMINÉ: FirewallRaz (None) : MCX-Prov-Out-TCP
ELIMINÉ: FirewallRaz (None) : MCX-McrMgr-Out-TCP
ELIMINÉ: FirewallRaz (Private) : {CE1C85AC-2E67-42BE-8443-FB9F92054EC0}
ELIMINÉ: FirewallRaz (Private) : {6D3B90D7-A94E-4917-B3AB-0B7BC91D285C}
ELIMINÉ: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}
ELIMINÉ: FirewallRaz (None) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (170)
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ: c:\users\magalhaes\appdata\roaming\microsoft\internet explorer\quick launch\google chrome.lnk (http://www.atajitos.com)
CRIADO: C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
ELIMINÉ: c:\users\magalhaes\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk (http://www.atajitos.com)
CRIADO: C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
ELIMINÉ: c:\users\magalhaes\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\google chrome.lnk (http://www.atajitos.com)
CRIADO: C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
ELIMINÉ: c:\users\magalhaes\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk (http://www.atajitos.com)
CRIADO: C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
ELIMINÉ: c:\users\magalhaes\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk (http://www.atajitos.com)
CRIADO: C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
ELIMINÉ: c:\programdata\kmsauto\kmses.exe
ELIMINÉ: c:\spyhunter.fix
ELIMINÉ: c:\windows\prefetch\3d bubblesound.exe-920eae65.pf
ELIMINÉ: c:\windows\prefetch\gamesdesktop3-brinstaller.tmp-50864629.pf
ELIMINÉ: c:\windows\prefetch\gamesdesktop3-brinstaller.tmp-a1f8767b.pf
ELIMINÉ: c:\windows\prefetch\package_bubblesound_installer-2471ecba.pf
ELIMINÉ: c:\windows\prefetch\package_quickref_p_installer_-d30bbcea.pf
ELIMINÉ: c:\windows\prefetch\predm.tmp-3fae61ea.pf
ELIMINÉ: c:\windows\prefetch\predm.tmp-58a42ba3.pf
ELIMINÉ: c:\windows\prefetch\quickref_p_soft_partner.tmp-88ab9de5.pf
ELIMINÉ: c:\windows\prefetch\spyhunter-installer.exe-93e8f4e1.pf
ELIMINÉ: c:\windows\prefetch\spyhunter4.exe-3b4e3201.pf
ELIMINÉ: c:\windows\prefetch\spyhunter4.exe-c6ed45bc.pf
ELIMINÉ: c:\windows\prefetch\spyhunters.exe-d9aa41ac.pf
ELIMINÉ: c:\windows\prefetch\spyhunters.exe-dcfe7ccc.pf
ELIMINÉ: c:\windows\prefetch\vopackage.exe-2b7684a8.pf
ELIMINÉ: c:\windows\prefetch\vuupcinstaller.exe-2823f475.pf
ELIMINÉ: c:\users\magalhaes\appdata\local\temp\is-n3m01.tmp\quickref_p_soft_partner.exe
ELIMINÉ: c:\users\magalhaes\appdata\local\temp\is-bkaes.tmp\package_bubblesound_installer_multilang.exe
ELIMINÉ: c:\users\magalhaes\appdata\local\temp\is-bkaes.tmp\package_quickref_p_installer_multilang.exe
ELIMINÉ: c:\users\magalhaes\appdata\local\microsoft\windows\inetcache\ie\8hni119q\sprz[1].exe
ELIMINÉ: c:\users\magalhaes\downloads\spyhunter 4.1.11.0 + crack\crack\spyhunter4.exe
ELIMINÉ: c:\users\magalhaes\downloads\spyhunter 4.1.11.0 + crack\spyhunters.exe
ELIMINÉ Temporários windows (616) (2.086.373.364 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
16 : Chaves do Registo
22 : Valores do Registo
3 : Pastas
35 : Ficheiros
2 : Softwares
6 : Estado dos serviços
1 : Restauração Sistema
End of clean in 02mn 51s
========== Caminho do ficheiro do relatório ==========
C:\Users\magalhaes\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/03/2015 13:45:24 [6049]
Zoek.exe v5.0.0.0 Updated 26-March-2015
Tool run by magalhaes on 26/03/2015 at 16:52:50,80.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\magalhaes\Downloads\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
26/03/2015 17:00:38 Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\DsNET Corp deleted successfully
C:\PROGRA~2\Freemake deleted successfully
C:\PROGRA~2\gmsd_br_332 deleted successfully
C:\Program Files\office.tmp deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\CorelDRAW Graphics Suite X6 deleted successfully
C:\PROGRA~3\CorelDRAW Graphics Suite X6.1 deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\magalhaes\AppData\Local\PACE Anti-Piracy deleted successfully
Zoek.exe v5.0.0.0 Updated 26-March-2015
Tool run by magalhaes on 26/03/2015 at 17:14:35,50.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\magalhaes\Desktop\zoek.exe [scan all users] [script inserted]
==== Older Logs ======================
C:\zoek-results2015-03-26-200147.log 924 bytes
==== System Restore Info ======================
26/03/2015 17:25:53 Zoek.exe System Restore Point Created Successfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe"
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Universal Document Converter deleted
C:\Users\magalhaes\AppData\Roaming\03000200-1427145148-0500-0006-000700080009 deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\magalhaes\AppData\LocalLow\Company deleted
C:\Users\magalhaes\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} deleted
C:\windows\SysNative\tasks\060184C3-9766-46a0-B258-F4518A0B2633 deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\magalhaes\AppData\Roaming\unins000.exe deleted
"C:\Users\magalhaes\AppData\Roaming\ntsvc\ntsvc.exe" deleted
"C:\Users\magalhaes\AppData\Roaming\ntsvc" not deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [28/05/2014 17:20]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\magalhaes\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [27/08/2014 16:34]
==== Chromium Look ======================
Google Chrome Version: 41.0.2272.101 (Latest Stable version: 41.0.2272.101)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[25/03/2015 09:11]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
Comodo Drag&Drop Service - magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
Firebug Lite for Google Chrome™ - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench
Jotform Notifier - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdcoccpkmfifppefclifememfhakacb
Soongz - Youtube player de músicas - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnnolclmpccgkjdnipokkcbjlgelanb
Stupeflix Video Maker - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem
Cartola for Chrome™ - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmakjnhammpmefchjkboohfgebblhab
vGet Extension (Video Downloader DLNA) - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic
Vagalume - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipgcdnbeeiajinajlafjcdfhckglcopd
GBBD Guardião - Itaú 30 horas - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
Show media files - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\khbkckdkhakengfjmejmiabaakdlhaab
Dropbox Shortcut - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbelldokcfkkgejineadomjjcicgghbk
Downloader - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
Boomerang for Gmail - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll
imo free video calls and text - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi
Any.do - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld
Sidekick - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd
Instagram Video Compilation ™ - magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkjgkpkhpnpfgldmkimppnbpfnbkoibe
==== Chromium Startpages ======================
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": ""http://br.hao123.com/?tn=bbl_pay_hp_01_hao123_br&babsrc=HP_ss&mntrId=721B00242CAE6E6C", "http://br.hao123.com/?tn=R0YsXNdDeT_hao123_br&cid=avastbcl", "http://www.mystartsearch.com/?type=hp&ts=1427145097&from=slbnew&uid=TOSHIBAXDT01ACA100_23RZ8K9PSXX23RZ8K9PSX", "http://www.mystartsearch.com/?type=hppp&ts=1427145198&from=slbnew&uid=TOSHIBAXDT01ACA100_23RZ8K9PSXX23RZ8K9PSX", "http://www.google.com.br/" ]
==== Chromium Fix ======================
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.mlstatic.com_0.localstorage-journal deleted successfully
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal deleted successfully
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_artigos.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic deleted successfully
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd deleted successfully
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oiiaigjnkhngdbnoookogelabohpglmd_0.localstorage deleted successfully
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oiiaigjnkhngdbnoookogelabohpglmd_0.localstorage-journal deleted successfully
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiiaigjnkhngdbnoookogelabohpglmd deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{E921F400-D383-4B1B-9DE6-FCFCACFC1173} Unknown Url="Not_Found"
==== Reset Google Chrome ======================
C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Preferences was reset successfully
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\magalhaes\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Web Data was reset successfully
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\magalhaes\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\magalhaes\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-342643391-3236263706-997985258-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E921F400-D383-4B1B-9DE6-FCFCACFC1173} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E921F400-D383-4B1B-9DE6-FCFCACFC1173} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E921F400-D383-4B1B-9DE6-FCFCACFC1173} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\magalhaes\Desktop\FEMPERJ - Atalho.lnk - C:\Users\magalhaes\Dropbox\Sites\FEMPERJ
C:\Users\magalhaes\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\magalhaes\Desktop\HiJackThis.lnk - C:\Users\magalhaes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\magalhaes\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\magalhaes\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\magalhaes\Desktop\PENDRIVE\Photos\2014-04-05 - Condominio Cidade Jardim\DSC_6883 - Atalho.lnk - C:\Users\magalhaes\Desktop\PENDRIVE\Photos\2014-04-05 - Condominio Cidade Jardim\DSC_6883.JPG
C:\Users\magalhaes\Desktop\PENDRIVE\Site\FIFA13\TABELA - Atalho.lnk - C:\Users\magalhaes\Desktop\PENDRIVE\Site\FIFA13\TABELA.xlsm
==== shortcuts in Users Start Menu ======================
C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast antivirus.lnk -
C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Any.do.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.atajitos.com/?bd=sc&oem=Cube&uid=TOSHIBAXDT01ACA100_23RZ8K9PSXX23RZ8K9PSX&version=2.2.0.7859&pid=414031160&tid=317
C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Awesome Screenshot App.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.atajitos.com/?bd=sc&oem=Cube&uid=TOSHIBAXDT01ACA100_23RZ8K9PSXX23RZ8K9PSX&version=2.2.0.7859&pid=414031160&tid=317
C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\magalhaes\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\magalhaes\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.atajitos.com/?bd=sc&oem=Cube&uid=TOSHIBAXDT01ACA100_23RZ8K9PSXX23RZ8K9PSX&version=2.2.0.7859&pid=414031160&tid=317
C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gramblr\Gramblr.lnk - C:\Gramblr\Gramblr.exe iconPath=@TargetDir/gramblr.ico
C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\magalhaes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\magalhaes\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Bitstream Font Navigator.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\FontNav\FontNav.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Corel CAPTURE X6.lnk - c:\WINDOWS\Installer\{74FA94F1-9566-4252-9372-E7EAFFEFE209}\NewShortcut8.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Corel CONNECT X6.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Connect\Connect.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Corel PHOTO-PAINT X6.lnk - c:\WINDOWS\Installer\{6F53FB68-6620-423E-B7CD-B8205655B421}\NewShortcut2.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\CorelDRAW X6.lnk - c:\WINDOWS\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Duplexing Wizard.lnk - c:\WINDOWS\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut4.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Video Tutorials X6.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\VideoBrowser\VideoBrowser.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Documentation\CorelDRAW Graphics Suite X6 Guidebook.lnk - c:\WINDOWS\Installer\{7F9F6864-8CAB-440C-AF44-030D0135666D}\NewShortcut1_2D4561AA1380433B9EC818E5007E4288.exe Help\GB.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Documentation\Macro Programming Guide.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Data\Macro Programming Guide.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.atajitos.com/?bd=sc&oem=Cube&uid=TOSHIBAXDT01ACA100_23RZ8K9PSXX23RZ8K9PSX&version=2.2.0.7859&pid=414031160&tid=317
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype para a área de trabalho.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe After Effects CS6.lnk - C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Illustrator CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\Illustrator.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Premiere Pro CS6.lnk - C:\Program Files\Adobe\Adobe Premiere Pro CS6\Adobe Premiere Pro.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\WINDOWS\system32\calc.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Dreamweaver - Atalho.lnk - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\filezilla - Atalho.lnk - C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Flash - Atalho.lnk - C:\Program Files (x86)\Adobe\Adobe Flash CS6\Flash.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gramblr (2).lnk - C:\Gramblr\Gramblr.exe iconPath=@TargetDir/gramblr.ico
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gramblr.lnk - C:\Gramblr\Gramblr.exe iconPath=@TargetDir/gramblr.ico
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\InDesign - Atalho.lnk - C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Project1.lnk - C:\Users\magalhaes\Dropbox\Trade\Project1.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Any.do.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Awesome Screenshot App.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\magalhaes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\magalhaes\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\magalhaes\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\magalhaes\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\magalhaes\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\magalhaes\AppData\Local\Mozilla\Firefox\Profiles\9zlp1fq2.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\magalhaes\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\magalhaes\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully
C:\Users\magalhaes\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=446 folders=97 23428582 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\magalhaes\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\MAGALH~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\magalhaes\AppData\Roaming\ntsvc" not found
==== EOF on 26/03/2015 at 18:01:10,12 ======================
O PC está bem melhor, não vejo mais os problemas anteriores que estavam me perturbando
segue o relatório
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by magalhaes at 2015-04-06 11:00:14 Run:1
Running from C:\Users\magalhaes\Downloads
Loaded Profiles: magalhaes (Available profiles: magalhaes)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
S2 Sed; C:\Users\magalhaes\AppData\Roaming\ntsvc\ntsvc.exe [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BdCameraProtect64.sys [X]
2015-03-24 18:14 - 2015-03-24 18:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-23 18:31 - 2013-11-28 17:36 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
Task: {1DF9A996-C7B8-4DD3-BF96-F6440A926C55} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
Sed => Service deleted successfully.
BdCameraProtect => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Users\Public\Documents\Baidu Security => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1DF9A996-C7B8-4DD3-BF96-F6440A926C55}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DF9A996-C7B8-4DD3-BF96-F6440A926C55}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.========= ipconfig /flushdns =========
Configura o de IP do Windows
Libera o do Cache do DNS Resolver bem-sucedida.
========= End of CMD: =========
EmptyTemp: => Removed 1 GB temporary data.
The system needed a reboot.
==== End of Fixlog 11:01:24 ====
Segue o log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:31:10, on 25/03/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\magalhaes\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\SysWOW64\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_93B0EF6D6451A2CCCC2ADFE3A7EE2F96] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - Startup: Dropbox.lnk = magalhaes\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{866359DA-FCEF-4B9A-98AC-A6ACA4E75E31}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: 70F4EEDB-1367-4b4f-8247-3133551A7415 - Unknown owner - C:\Program Files\shopperz\grunt.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: csrcc - Unknown owner - C:\Program Files\shopperz\csrcc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Tecnologia de armazenamento Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: IHProtect Service - XTab system - C:\Program Files (x86)\XTab\ProtectService.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: KMS Server Service (KMSEmulator) - Unknown owner - C:\ProgramData\KMSAuto\KMSES.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Net Service Event Handler (Sed) - Navigation Co., Ltd. - C:\Users\magalhaes\AppData\Roaming\ntsvc\ntsvc.exe
O23 - Service: shopperz Updater - Unknown owner - C:\Program Files\shopperz\nseven.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Update NetCrawl - Unknown owner - C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @oem2.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - SysTool PasSame LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12930 bytes