Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Ruan Soares

[Resolvido]  Erro - Imagem Incorreta no Windows 7

Recommended Posts

Qual quer aplicativo que eu abra aparece uma mensagem de erro com isso:

 

IMAGEM INCORRETA

O aplicativo ou "Nome do Aplicativo" não é uma imagem válida para o windows. Compare com o disco de instalação.

 

Como resolvo isso ?

Me ajudem, por favor !

 

Log do HijackThis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:24:32, on 26/08/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Joaldo\AppData\Local\Akamai\netsession_win.exe

C:\Windows\system32\igfxsrvc.exe

C:\Users\Joaldo\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Internet Explorer\IELowutil.exe

C:\Users\Joaldo\Downloads\Programs\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/?ocid=OIE9HP

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110808&tt=201208_mnt_n_3412_1&babsrc=HP_ss&mntrId=921b4f7d000000000000e0cb4e304d58

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EtAtDyE0DyDzzyE0FyB0DtN0D0Tzu0StBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1862396459

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=1e0fb9a5-9938-4091-9a1f-620fa9cba993&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=1e0fb9a5-9938-4091-9a1f-620fa9cba993&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMes1.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll

O2 - BHO: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Program Files\MAX_BR\tbMAX_.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMes1.dll

O3 - Toolbar: (no name) - {12fc3d37-2a42-4fe3-8489-81296878cba5} - (no file)

O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Program Files\MAX_BR\tbMAX_.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [Google Update] "C:\Users\Joaldo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Joaldo\AppData\Local\Akamai\netsession_win.exe"

O4 - .DEFAULT User Startup: IconPackager.lnk = C:\Program Files\Stardock\MyColors\IconPackager.exe (User 'Default user')

O4 - .DEFAULT User Startup: Think Green Weather.lnk = C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: http://www.bancoreal.com.br

O15 - Trusted Zone: http://www.bancosantander.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://*.cga.com.cn

O15 - Trusted Zone: http://*.ogdev.net

O15 - Trusted Zone: http://www.santander.com.br

O15 - Trusted Zone: http://www.santanderempresarial.com.br

O15 - Trusted Zone: http://*.sdo.com

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MSSQL$JOALDO - Unknown owner - C:\PROGRA~1\MI3EDC~1\MSSQL$~1\binn\sqlservr.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SQLAgent$JOALDO - Unknown owner - C:\PROGRA~1\MI3EDC~1\MSSQL$~1\binn\sqlagent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

 

--

End of file - 15573 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Ruan Soares

 

 

 

:seta: Baixe o AdwCleaner (...de Xplode) e salve-o no desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

aabhmCRc.jpg

 

*Clique [Delete]

 

*Cole o relatório apresentado

 

 

 

:seta: Faça um scan online com o NOD32

 

th_Nod32.gif

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

Compartilhar este post


Link para o post
Compartilhar em outros sites

Relatório do AdwCleaner

 

# AdwCleaner v1.801 - Logfile created 08/27/2012 at 13:48:44

# Updated 14/08/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Joaldo - RUAN-PC

# Boot Mode : Normal

# Running from : C:\Users\Joaldo\Downloads\Programs\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

Stopped & Deleted : vToolbarUpdater11.2.0

Stopped & Deleted : Web Assistant Updater

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Users\Joaldo\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\Joaldo\AppData\Local\Conduit

Folder Deleted : C:\Users\Joaldo\AppData\Local\ConduitEngine

Folder Deleted : C:\Users\Joaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Folder Deleted : C:\Users\Joaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Folder Deleted : C:\Users\Joaldo\AppData\Local\OpenCandy

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\DownloadnSave

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\facemoods.com

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\FunWebProducts

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\imeshbandmltbpi

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\MAX_BR

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\Messenger_Plus_Live

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\MyWebSearch

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Joaldo\AppData\LocalLow\Softonic_Brasil

Folder Deleted : C:\Users\Joaldo\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Joaldo\AppData\Roaming\BabylonToolbar

Folder Deleted : C:\Users\Joaldo\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\Joaldo\AppData\Roaming\PriceGong

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Iminent

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent

Folder Deleted : C:\Program Files\Application Updater

Folder Deleted : C:\Program Files\AVG Secure Search

Folder Deleted : C:\Program Files\BabylonToolbar

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\ConduitEngine

Folder Deleted : C:\Program Files\Iminent

Folder Deleted : C:\Program Files\MAX_BR

Folder Deleted : C:\Program Files\Messenger_Plus_Live

Folder Deleted : C:\Program Files\Search Settings

Folder Deleted : C:\Program Files\Trymedia

Folder Deleted : C:\Program Files\Web Assistant

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\ProgramData\Premium

File Deleted : C:\Users\Joaldo\AppData\Local\funmoods-speeddial.crx

File Deleted : C:\user.js

 

***** [Registry] *****

 

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2124320

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2284000

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2552374

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851643

Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products

Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts

Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch

Key Deleted : HKCU\Software\AppDataLow\Software\NetNucleous

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\conduitEngine

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\Iminent

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\bandoo

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho

Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\I

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1

Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore

Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore.1

Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel

Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\SearchSettings.BHO

Key Deleted : HKLM\SOFTWARE\Classes\SearchSettings.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\conduitEngine

Key Deleted : HKLM\SOFTWARE\DataMngr

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Iminent

Key Deleted : HKLM\SOFTWARE\MAX_BR

Key Deleted : HKLM\SOFTWARE\Messenger_Plus_Live

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchya

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Search Settings

Key Deleted : HKLM\SOFTWARE\Softonic_Brasil

Key Deleted : HKLM\SOFTWARE\Software

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Key Deleted : HKLM\SOFTWARE\Web Assistant

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE379C63-1156-4C8C-8DBB-F823D3EA4B37}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCBA9F6A-CD55-4BE9-9EB2-FE113046B7DD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B339F6E-DDCD-401B-8764-230ADBD01761}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37E4AA2B-A119-4301-B106-34BE3897F4A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6527CDCF-5038-4916-8E4E-9E6896BE87CF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C0E8D2D-3791-46ED-B24A-AF7BCE50F806}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA74C8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F48DA960-0FD9-4BB5-9826-C0C271C6C74D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE379C63-1156-4C8C-8DBB-F823D3EA4B37}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B339F6E-DDCD-401B-8764-230ADBD01761}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCBA9F6A-CD55-4BE9-9EB2-FE113046B7DD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37E4AA2B-A119-4301-B106-34BE3897F4A8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DBAE245E-6D67-4CCB-82AF-5B10CA1FA152}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE379C63-1156-4C8C-8DBB-F823D3EA4B37}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9B339F6E-DDCD-401B-8764-230ADBD01761}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE379C63-1156-4C8C-8DBB-F823D3EA4B37}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9B339F6E-DDCD-401B-8764-230ADBD01761}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37E4AA2B-A119-4301-B106-34BE3897F4A8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBAE245E-6D67-4CCB-82AF-5B10CA1FA152}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE379C63-1156-4C8C-8DBB-F823D3EA4B37}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9B339F6E-DDCD-401B-8764-230ADBD01761}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{12FC3D37-2A42-4FE3-8489-81296878CBA5}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9B339F6E-DDCD-401B-8764-230ADBD01761}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{12FC3D37-2A42-4FE3-8489-81296878CBA5}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FE379C63-1156-4C8C-8DBB-F823D3EA4B37}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9B339F6E-DDCD-401B-8764-230ADBD01761}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{12FC3D37-2A42-4FE3-8489-81296878CBA5}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EtAtDyE0DyDzzyE0FyB0DtN0D0Tzu0StBtAyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1862396459 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110808&tt=201208_mnt_n_3412_1&babsrc=HP_ss&mntrId=921b4f7d000000000000e0cb4e304d58 --> hxxp://www.google.com

 

-\\ Google Chrome v21.0.1180.83

 

File : C:\Users\Joaldo\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=110808&tt=201208_mnt_n_34[...]

Deleted : "baseUrl": "hxxp://start.funmoods.com/results.php?",

Deleted : "update_url": "hxxp://update.funmoods.com/speeddial/update.xml?bu=st",

Deleted : "description": "Babylon Chrome OCR",

Deleted : "128": "babylon48.png",

Deleted : "48": "babylon48.png"

Deleted : "name": "Babylon Chrome OCR",

Deleted : "path": "BabylonChromePI.dll",

Deleted : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...]

Deleted : "default_title": "uTorrentBar_PT Community Toolbar",

Deleted : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...]

Deleted : "name": "uTorrentBar_PT",

Deleted : "path": "plugins/ConduitChromeApiPlugin.dll",

Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT285164[...]

Deleted : "path": "C:\\Users\\Joaldo\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

Deleted : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=110808&tt=201208_mnt_n_3412_[...]

 

-\\ Opera v [unable to get version]

 

File : C:\Users\Joaldo\AppData\Roaming\Opera\Opera\operaprefs.ini

 

Deleted : Home URL=hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EtAtDyE0DyD[...]

 

*************************

 

AdwCleaner[s1].txt - [298 octets] - [27/08/2012 13:48:29]

AdwCleaner[s2].txt - [34212 octets] - [27/08/2012 13:48:44]

 

########## EOF - C:\AdwCleaner[s2].txt - [34341 octets] ##########

 

O Relatório do NOD32

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=649fcaebf343a04c8ec93d1740cf7c2e

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-08-27 08:35:04

# local_time=2012-08-27 05:35:04 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1046

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1024 16777215 100 0 3733150 3733150 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 0 97636345 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=248678

# found=11

# cleaned=11

# scan_time=11749

C:\Program Files\SearchYa!\1.5.25.0\escortShld.dll Win32/Toolbar.Funmoods aplicativo (limpo por exclusão - em quarentena) 00000000000000000000000000000000 C

C:\Program Files\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A aplicativo (limpo por exclusão - em quarentena) 00000000000000000000000000000000 C

C:\Ruan Arquivos\Kursed\image\z.exe uma variante de Win32/Packed.Themida aplicativo (limpo por exclusão - em quarentena) 00000000000000000000000000000000 C

C:\Users\Joaldo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4b87730a-43872a74 uma variante de Java/JShrink.A aplicativo (excluído - em quarentena) 00000000000000000000000000000000 C

C:\Users\Joaldo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\174bf163-3db21082 Java/TrojanDownloader.Agent.NEV cavalo de Tróia (excluído - em quarentena) 00000000000000000000000000000000 C

C:\Users\Joaldo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5b091b32-78cee76b Java/TrojanDownloader.Agent.NEV cavalo de Tróia (excluído - em quarentena) 00000000000000000000000000000000 C

C:\Users\Joaldo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\3969f97e-71796ef1 Java/TrojanDownloader.Agent.NEV cavalo de Tróia (excluído - em quarentena) 00000000000000000000000000000000 C

C:\Users\Joaldo\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111111204744513.rsc várias ameaças (excluído - em quarentena) 00000000000000000000000000000000 C

C:\Users\Joaldo\Downloads\Programs\mini patch.exe uma variante de Win32/Packed.Themida aplicativo (excluído - em quarentena) 00000000000000000000000000000000 C

C:\Windows\Installer\20aa2e7.msi Win32/Toolbar.Widgi aplicativo (excluído - em quarentena) 00000000000000000000000000000000 C

C:\Windows\System32\XBVIRC\SKA.001 provavelmente uma variante de Win32/KeyLogger.Ardamax.NBG aplicativo (limpo por exclusão - em quarentena) 00000000000000000000000000000000 C

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

 

 

:seta: Execute o AdwCleaner e clique [uninstall]

 

 

:seta: Baixe o OTL e salve-o no Desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

aakGdPdI.jpg

 

*Selecione as opções:

Verificar All Users

Verificar Lop

Verificar Purity

 

*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções

regedit /e %USERPROFILE%\Desktop\registrybackup.reg /c

netsvcs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

 

*Clique [Verificar]

 

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

 

 

:seta: Acesse este link

 

*Clique [selecionar arquivo]

 

*Localize o arquivo OTL.txt no Desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [Envoyer le fichier]

*Cole o link criado abaixo de Fichier envoyé avec succés! Copiez votre lien :

 

*Repita o procedimento para o relatório Extras.txt e cole o link

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Desinstale o Spybot

 

 

:seta: Clique [iniciar]

*Clique com o botão direito do mouse em Meu computador e selecione Propriedades

*Clique em Proteção do sistema

*Clique em Disco Local (C:\) (Sistema) > [Configurar]

*Selecione Desativar a Proteção do Sistema

*Clique [Aplicar] > [sim] > [OK]

 

Caso tenha outra partição (ex. D:\), faça o descrito acima.

 

 

:seta: Desative seu antivírus temporariamente

 

1. Clique com o botão direito do mouse no ícone do AVG ao lado do relógio e selecione "Abrir Interface de Usuário do AVG"

2. Clique [Ferramentas] > [Configurações avançadas]

3. No lado esquerdo, clique Desativar temporariamente a proteção do AVG

4. No lado direito selecione Desativar temporariamente a proteção do AVG

5. Clique [OK]

6. Uma janela será aberta, selecione o tempo em que a proteção ficará desativada

7. Clique [Desativar proteção em tempo real]

 

 

:seta: Baixe o SalityKiller (...da Kaspersky) e salve-o em C:\

 

*Este programa será executado em 2 janelas distintas ao mesmo tempo!!

 

*A primeira janela:

 

*Clique [iniciar] > [Todos os Programas] > [Acessórios] > [Executar] > copie e cole: C:\salitykiller.exe -m

 

*Clique [OK]

 

*Não feche esta janela!! Se desejar, minimize-a.

 

 

*A segunda janela:

 

*Clique [iniciar] > [Todos os Programas] > [Acessórios] > [Executar] > copie e cole: C:\salitykiller.exe -y -l sality.txt

 

*Clique [OK]

 

*Ao término, a segunda janela será fechada automaticamente. Feche, então, a primeira janela.

 

*Cole o resumo localizado no final do arquivo C:\sality.txt, conforme mostrado abaixo:

23:57:51:0 Infected files: 8

23:57:51:0 Infected processes: 0

23:57:51:0 Infected threads: 2

23:57:51:0 Cured files: 8

23:57:51:0 Executed registry scripts: 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Resumo do SalityKiller

 

21:38:08:392 6100 Infected files: 0

21:38:08:392 6100 Infected processes: 0

21:38:08:392 6100 Infected threads: 0

21:38:08:392 6100 Cured files: 0

21:38:08:392 6100 Will be cured on reboot: 0

21:38:08:392 6100 Executed registry scripts: 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções:

:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva398.sys -- (XDva398)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva394.sys -- (XDva394)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva389.sys -- (XDva389)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva387.sys -- (XDva387)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva327.sys -- (XDva327)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\npf.sys -- (NPF)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6512D3E3-1718-4B43-B6A5-388B07DBF450}\MpKsled3b1d4d.sys -- (MpKsled3b1d4d)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A061C26A-14AE-4BDF-902E-3A64B4697B35}\MpKsle64bf020.sys -- (MpKsle64bf020)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22206D71-6E71-475D-94D6-D471C0DAB503}\MpKsle37f6e97.sys -- (MpKsle37f6e97)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{623E0573-18A1-4F4A-BA7D-D80573EF6857}\MpKsle32548d2.sys -- (MpKsle32548d2)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC6BD3FF-659F-445C-AC90-AE6421F712A1}\MpKsld860b112.sys -- (MpKsld860b112)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{515B12EC-F0A3-48F0-A041-D5068569174A}\MpKsld80bff7b.sys -- (MpKsld80bff7b)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB9032FB-58FB-45BC-B6C7-D1C121A25A4E}\MpKsld6768ae6.sys -- (MpKsld6768ae6)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7A5FD0AB-BE6A-4BB8-BDA7-978F746EC95D}\MpKslc8e37866.sys -- (MpKslc8e37866)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6CFEDB66-75A2-4D72-8D6C-7BFB7B0A940C}\MpKslc613ec8c.sys -- (MpKslc613ec8c)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D149381-056C-4B38-AC62-AE54DFD22089}\MpKslc5d8b7f3.sys -- (MpKslc5d8b7f3)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6E6132B-7CDB-46B7-B82C-2ADF0DA8AB86}\MpKslb7c7fd45.sys -- (MpKslb7c7fd45)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B004A096-5619-4E79-A809-A11AC28112E3}\MpKslaa1fdee7.sys -- (MpKslaa1fdee7)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9CD69D16-C6BE-4F06-8982-2FEDA10C0937}\MpKsla7d6cd0b.sys -- (MpKsla7d6cd0b)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6FA6905E-5D4E-4A40-A801-78E8D512A599}\MpKsl9f4dd97d.sys -- (MpKsl9f4dd97d)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{27499487-EAE1-447E-891B-DD571FB075A0}\MpKsl908b1cbf.sys -- (MpKsl908b1cbf)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A4D00F3-FC3A-49B0-BA8F-7574220078A2}\MpKsl8553aa5e.sys -- (MpKsl8553aa5e)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EBC9D558-4765-4B38-857A-6926F6E34AFA}\MpKsl83205842.sys -- (MpKsl83205842)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E2110CC-5D2A-4933-9833-FB9003B8A0DF}\MpKsl816987f0.sys -- (MpKsl816987f0)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F49328D8-D997-4F04-BAAE-CD8302D8AE25}\MpKsl8113d724.sys -- (MpKsl8113d724)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{614ED726-D1D4-44E8-92E6-A8A7693EC925}\MpKsl5ac72c92.sys -- (MpKsl5ac72c92)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6512D3E3-1718-4B43-B6A5-388B07DBF450}\MpKsl52af09ef.sys -- (MpKsl52af09ef)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C088DDE5-A194-413F-B77F-15ED617A7EE6}\MpKsl507d1def.sys -- (MpKsl507d1def)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B98CF5F4-61EF-4CA8-B882-CF7F54A6E286}\MpKsl4cc521b2.sys -- (MpKsl4cc521b2)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C088DDE5-A194-413F-B77F-15ED617A7EE6}\MpKsl301c4a25.sys -- (MpKsl301c4a25)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B9CC560D-8DDA-438B-AEEC-AD898271F70C}\MpKsl2f35cf29.sys -- (MpKsl2f35cf29)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04B95720-6E3F-4C1B-96B3-0DFE2EFB88DB}\MpKsl211ac3ab.sys -- (MpKsl211ac3ab)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7569F59D-8ADC-417B-B994-B441D117EA47}\MpKsl1d1f9edc.sys -- (MpKsl1d1f9edc)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2456D70B-2376-49C4-BBF6-2F4710D8F4D2}\MpKsl1c10e9e9.sys -- (MpKsl1c10e9e9)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB236C97-A5FE-4D43-A4E7-183044FFA365}\MpKsl1b1dce41.sys -- (MpKsl1b1dce41)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AC25CB1-3EC3-4F65-B5C1-24BBC4C90DC0}\MpKsl14cf9b04.sys -- (MpKsl14cf9b04)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97967229-40D9-41BA-B6EB-2812A79DA202}\MpKsl10388002.sys -- (MpKsl10388002)

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EBC9D558-4765-4B38-857A-6926F6E34AFA}\MpKsl04802ed3.sys -- (MpKsl04802ed3)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a4l8qw9e)

 

:Files

ipconfig flushdns /c

netsh advfirewall reset /c

 

:Reg

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D1A8D62-2B07-AB84-616C-4E04CB00BD98}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3728132D-FE48-466C-91DB-A903BC6D2705}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3854B85A-BF13-DD98-A7A8-0BE849409EA4}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C39899-F4AA-B9D4-2E46-500DC57FB43D}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{111A277D-B874-49DE-AE84-86854125334F}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2D1A8D62-2B07-AB84-616C-4E04CB00BD98}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33D59858-89D9-4AC2-A956-93875EB02323}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3854B85A-BF13-DD98-A7A8-0BE849409EA4}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67C39899-F4AA-B9D4-2E46-500DC57FB43D}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BF5F7505-E031-457A-87A9-454D99E05D60}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EAB1369A-405E-46A6-AE69-07DAADE35E66}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

:Commands

[emptytemp]

 

*Clique [Consertar]

 

*Clique [OK] para reiniciar o PC

 

*Cole o relatório criado em C:\_OTL\MovedFiles\data_hora.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Relatório do OTL

 

All processes killed

========== OTL ==========

Service XDva398 stopped successfully!

Service XDva398 deleted successfully!

File C:\Windows\system32\XDva398.sys not found.

Service XDva397 stopped successfully!

Service XDva397 deleted successfully!

File C:\Windows\system32\XDva397.sys not found.

Service XDva394 stopped successfully!

Service XDva394 deleted successfully!

File C:\Windows\system32\XDva394.sys not found.

Service XDva392 stopped successfully!

Service XDva392 deleted successfully!

File C:\Windows\system32\XDva392.sys not found.

Service XDva391 stopped successfully!

Service XDva391 deleted successfully!

File C:\Windows\system32\XDva391.sys not found.

Service XDva389 stopped successfully!

Service XDva389 deleted successfully!

File C:\Windows\system32\XDva389.sys not found.

Service XDva387 stopped successfully!

Service XDva387 deleted successfully!

File C:\Windows\system32\XDva387.sys not found.

Service XDva385 stopped successfully!

Service XDva385 deleted successfully!

File C:\Windows\system32\XDva385.sys not found.

Service XDva327 stopped successfully!

Service XDva327 deleted successfully!

File C:\Windows\system32\XDva327.sys not found.

Service VGPU stopped successfully!

Service VGPU deleted successfully!

File System32\drivers\rdvgkmd.sys not found.

Service VBoxNetFlt stopped successfully!

Service VBoxNetFlt deleted successfully!

File system32\DRIVERS\VBoxNetFlt.sys not found.

Service tsusbhub stopped successfully!

Service tsusbhub deleted successfully!

File system32\drivers\tsusbhub.sys not found.

Service Synth3dVsc stopped successfully!

Service Synth3dVsc deleted successfully!

File System32\drivers\synth3dvsc.sys not found.

Service NPF stopped successfully!

Service NPF deleted successfully!

File system32\drivers\npf.sys not found.

Service MpKsled3b1d4d stopped successfully!

Service MpKsled3b1d4d deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6512D3E3-1718-4B43-B6A5-388B07DBF450}\MpKsled3b1d4d.sys not found.

Service MpKsle64bf020 stopped successfully!

Service MpKsle64bf020 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A061C26A-14AE-4BDF-902E-3A64B4697B35}\MpKsle64bf020.sys not found.

Service MpKsle37f6e97 stopped successfully!

Service MpKsle37f6e97 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22206D71-6E71-475D-94D6-D471C0DAB503}\MpKsle37f6e97.sys not found.

Service MpKsle32548d2 stopped successfully!

Service MpKsle32548d2 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{623E0573-18A1-4F4A-BA7D-D80573EF6857}\MpKsle32548d2.sys not found.

Service MpKsld860b112 stopped successfully!

Service MpKsld860b112 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC6BD3FF-659F-445C-AC90-AE6421F712A1}\MpKsld860b112.sys not found.

Service MpKsld80bff7b stopped successfully!

Service MpKsld80bff7b deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{515B12EC-F0A3-48F0-A041-D5068569174A}\MpKsld80bff7b.sys not found.

Service MpKsld6768ae6 stopped successfully!

Service MpKsld6768ae6 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB9032FB-58FB-45BC-B6C7-D1C121A25A4E}\MpKsld6768ae6.sys not found.

Service MpKslc8e37866 stopped successfully!

Service MpKslc8e37866 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7A5FD0AB-BE6A-4BB8-BDA7-978F746EC95D}\MpKslc8e37866.sys not found.

Service MpKslc613ec8c stopped successfully!

Service MpKslc613ec8c deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6CFEDB66-75A2-4D72-8D6C-7BFB7B0A940C}\MpKslc613ec8c.sys not found.

Service MpKslc5d8b7f3 stopped successfully!

Service MpKslc5d8b7f3 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D149381-056C-4B38-AC62-AE54DFD22089}\MpKslc5d8b7f3.sys not found.

Service MpKslb7c7fd45 stopped successfully!

Service MpKslb7c7fd45 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6E6132B-7CDB-46B7-B82C-2ADF0DA8AB86}\MpKslb7c7fd45.sys not found.

Service MpKslaa1fdee7 stopped successfully!

Service MpKslaa1fdee7 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B004A096-5619-4E79-A809-A11AC28112E3}\MpKslaa1fdee7.sys not found.

Service MpKsla7d6cd0b stopped successfully!

Service MpKsla7d6cd0b deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9CD69D16-C6BE-4F06-8982-2FEDA10C0937}\MpKsla7d6cd0b.sys not found.

Service MpKsl9f4dd97d stopped successfully!

Service MpKsl9f4dd97d deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6FA6905E-5D4E-4A40-A801-78E8D512A599}\MpKsl9f4dd97d.sys not found.

Service MpKsl908b1cbf stopped successfully!

Service MpKsl908b1cbf deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{27499487-EAE1-447E-891B-DD571FB075A0}\MpKsl908b1cbf.sys not found.

Service MpKsl8553aa5e stopped successfully!

Service MpKsl8553aa5e deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A4D00F3-FC3A-49B0-BA8F-7574220078A2}\MpKsl8553aa5e.sys not found.

Service MpKsl83205842 stopped successfully!

Service MpKsl83205842 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EBC9D558-4765-4B38-857A-6926F6E34AFA}\MpKsl83205842.sys not found.

Service MpKsl816987f0 stopped successfully!

Service MpKsl816987f0 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E2110CC-5D2A-4933-9833-FB9003B8A0DF}\MpKsl816987f0.sys not found.

Service MpKsl8113d724 stopped successfully!

Service MpKsl8113d724 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F49328D8-D997-4F04-BAAE-CD8302D8AE25}\MpKsl8113d724.sys not found.

Service MpKsl5ac72c92 stopped successfully!

Service MpKsl5ac72c92 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{614ED726-D1D4-44E8-92E6-A8A7693EC925}\MpKsl5ac72c92.sys not found.

Service MpKsl52af09ef stopped successfully!

Service MpKsl52af09ef deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6512D3E3-1718-4B43-B6A5-388B07DBF450}\MpKsl52af09ef.sys not found.

Service MpKsl507d1def stopped successfully!

Service MpKsl507d1def deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C088DDE5-A194-413F-B77F-15ED617A7EE6}\MpKsl507d1def.sys not found.

Service MpKsl4cc521b2 stopped successfully!

Service MpKsl4cc521b2 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B98CF5F4-61EF-4CA8-B882-CF7F54A6E286}\MpKsl4cc521b2.sys not found.

Service MpKsl301c4a25 stopped successfully!

Service MpKsl301c4a25 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C088DDE5-A194-413F-B77F-15ED617A7EE6}\MpKsl301c4a25.sys not found.

Service MpKsl2f35cf29 stopped successfully!

Service MpKsl2f35cf29 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B9CC560D-8DDA-438B-AEEC-AD898271F70C}\MpKsl2f35cf29.sys not found.

Service MpKsl211ac3ab stopped successfully!

Service MpKsl211ac3ab deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04B95720-6E3F-4C1B-96B3-0DFE2EFB88DB}\MpKsl211ac3ab.sys not found.

Service MpKsl1d1f9edc stopped successfully!

Service MpKsl1d1f9edc deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7569F59D-8ADC-417B-B994-B441D117EA47}\MpKsl1d1f9edc.sys not found.

Service MpKsl1c10e9e9 stopped successfully!

Service MpKsl1c10e9e9 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2456D70B-2376-49C4-BBF6-2F4710D8F4D2}\MpKsl1c10e9e9.sys not found.

Service MpKsl1b1dce41 stopped successfully!

Service MpKsl1b1dce41 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB236C97-A5FE-4D43-A4E7-183044FFA365}\MpKsl1b1dce41.sys not found.

Service MpKsl14cf9b04 stopped successfully!

Service MpKsl14cf9b04 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AC25CB1-3EC3-4F65-B5C1-24BBC4C90DC0}\MpKsl14cf9b04.sys not found.

Service MpKsl10388002 stopped successfully!

Service MpKsl10388002 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97967229-40D9-41BA-B6EB-2812A79DA202}\MpKsl10388002.sys not found.

Service MpKsl04802ed3 stopped successfully!

Service MpKsl04802ed3 deleted successfully!

File c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EBC9D558-4765-4B38-857A-6926F6E34AFA}\MpKsl04802ed3.sys not found.

Service EagleXNt stopped successfully!

Service EagleXNt deleted successfully!

File C:\Windows\system32\drivers\EagleXNt.sys not found.

Service EagleNT stopped successfully!

Service EagleNT deleted successfully!

File C:\Windows\system32\drivers\EagleNT.sys not found.

Error: No service named a4l8qw9e was found to stop!

Service\Driver key a4l8qw9e not found.

========== FILES ==========

< ipconfig flushdns /c >

Erro: linha de comando nÆo reconhecida ou incompleta.

USO:

ipconfig [/allcompartments] [/? | /all |

/renew [adapter] | /release [adapter] |

/renew6 [adapter] | /release6 [adapter] |

/flushdns | /displaydns | /registerdns |

/showclassid adapter |

/setclassid adapter [classid] |

/showclassid6 adapter |

/setclassid6 adapter [classid] ]

onde

adaptador Nome da conexÆo

(caracteres curinga * e ? permitidos; consulte exemplos)

Op‡äes:

/? Exibe esta mensagem de ajuda

/all Exibe informa‡äes completas sobre configura‡Æo.

/release Libera o endere‡o IPv4 para o adaptador especificado.

/release6 Libera o endere‡o IPv6 para o adaptador especificado.

/renew Renova o endere‡o IPv4 para o adaptador especificado.

/renew6 Renova o endere‡o IPv6 para o adaptador especificado.

/flushdns Limpa o cache do DNS Resolver.

/registerdns Atualiza todas as concessäes de DHCP e registra

novamente nomes DNS

/displaydns Exibe o conte£do do Cache do DNS Resolver.

/showclassid Exibe todas as Ids de classe dhcp permitidas para o

adaptador.

/setclassid Modifica a id. de classe dhcp.

/showclassid6 Exibe todas as Ids de classe DHCP IPv6 permitidas

para o adaptador.

/setclassid6 Modifica a id de classe DHCP IPv6.

O padrÆo ‚ exibir apenas o endere‡o IP, a m scara de sub-rede e

o gateway padrÆo para cada adaptador limitado ao TCP/IP.

Para Release e Renew, se nenhum nome de adaptador for especificado,

as concessäes de endere‡os IP para todos os adaptadores limitados ao TCP/IP

serÆo liberadas ou renovadas.

Para Setclassid e Setclassid6, se nenhuma ClassId for especificada, ClassId

ser removida.

Exemplos:

> ipconfig ... Mostra informa‡äes

> ipconfig /all ... Mostra informa‡äes detalhadas

> ipconfig /renew ... renova todos os adaptadores

> ipconfig /renew EL* ... renova qualquer conexÆo cujo nome

seja iniciado por EL

> ipconfig /release *Con* ... libera todas as conexäes

correspondentes, por exemplo,

"ConexÆo de µrea Local" ou

"ConexÆo de µrea Local 2"

> ipconfig /allcompartments ... Mostra informa‡äes sobre todos os

compartimentos

> ipconfig /allcompartments /all ... Mostra informa‡äes detalhadas sobre

todos os compartimentos

C:\Users\Joaldo\Desktop\cmd.bat deleted successfully.

C:\Users\Joaldo\Desktop\cmd.txt deleted successfully.

< netsh advfirewall reset /c >

Ok.

C:\Users\Joaldo\Desktop\cmd.bat deleted successfully.

C:\Users\Joaldo\Desktop\cmd.txt deleted successfully.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D1A8D62-2B07-AB84-616C-4E04CB00BD98}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D1A8D62-2B07-AB84-616C-4E04CB00BD98}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3728132D-FE48-466C-91DB-A903BC6D2705}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3728132D-FE48-466C-91DB-A903BC6D2705}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3854B85A-BF13-DD98-A7A8-0BE849409EA4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3854B85A-BF13-DD98-A7A8-0BE849409EA4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C39899-F4AA-B9D4-2E46-500DC57FB43D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67C39899-F4AA-B9D4-2E46-500DC57FB43D}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{111A277D-B874-49DE-AE84-86854125334F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{111A277D-B874-49DE-AE84-86854125334F}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2D1A8D62-2B07-AB84-616C-4E04CB00BD98}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D1A8D62-2B07-AB84-616C-4E04CB00BD98}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33D59858-89D9-4AC2-A956-93875EB02323}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33D59858-89D9-4AC2-A956-93875EB02323}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3854B85A-BF13-DD98-A7A8-0BE849409EA4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3854B85A-BF13-DD98-A7A8-0BE849409EA4}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67C39899-F4AA-B9D4-2E46-500DC57FB43D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67C39899-F4AA-B9D4-2E46-500DC57FB43D}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BF5F7505-E031-457A-87A9-454D99E05D60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF5F7505-E031-457A-87A9-454D99E05D60}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EAB1369A-405E-46A6-AE69-07DAADE35E66}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EAB1369A-405E-46A6-AE69-07DAADE35E66}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope" | {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /E : value set successfully!

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope" | {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: DefaultAppPool

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

 

User: Joaldo

->Temp folder emptied: 175781 bytes

->Temporary Internet Files folder emptied: 11744302 bytes

->Java cache emptied: 5628755 bytes

->Google Chrome cache emptied: 31790464 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 3824077 bytes

 

User: Public

 

User: Todos os Usuários

 

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2160566 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 53,00 mb

 

 

OTL by OldTimer - Version 3.2.59.1 log created on 08282012_134417

 

Files\Folders moved on Reboot...

File\Folder C:\Users\Joaldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPV1HPPU\ADSAdClient31[1].htm not found!

File\Folder C:\Users\Joaldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPV1HPPU\adServer[1].htm not found!

File\Folder C:\Users\Joaldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPV1HPPU\direct;auc.8658582975362701316;ai.285814773.287449034;ac.1346110443-4194218;wi.234;hi.60;cp[1].htm not found!

File\Folder C:\Users\Joaldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPV1HPPU\tt[1].htm not found!

File\Folder C:\Users\Joaldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPV1HPPU\w4_HojeNoMSN[1].htm not found!

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Delete o salitykiller e o relatório C:\sality.txt

 

 

:seta: Clique [iniciar] > [Painel de controle] > [Reprodução automática]

 

*No lado direito, em "Escolher um padrão" selecione "Nenhuma ação"

 

 

*Desative temporariamente seu antivírus

 

 

:seta: Baixe o UsbFix (...de El desaparecido) e salve-o no desktop (Área de Trabalho)

 

*Conecte o pen drive no PC

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

aaz0xElw.jpg

 

*Clique [Pesquisa]

 

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Relatório do USBFix

 

############################## | UsbFix V 7.096 | [Pesquisa]

 

Usuário: Joaldo (Administrador) # RUAN-PC

Atualizado em 15/08/2012 por El Desaparecido

Começou em 18:39:44 | 01/09/2012

 

Site: http://eldesaparecido.com

Foro: http://forum.eldesaparecido.com

Arquivo suspeito ? : http://eldesaparecido.com/upload.php

Contato: contact@eldesaparecido.com

 

PC: POSITIVO (POS-AG31AP) (X86-based PC) # Desktop Computer

CPU: Pentium® Dual-Core CPU E5400 @ 2.70GHz (2700)

RAM -> [Total : 2038 | Free : 1227]

BIOS: BIOS Date: 07/06/09 14:59:06 Ver: 08.00.12

BOOT: Normal boot

 

OS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) # Service Pack 1

WB: Windows Internet Explorer 9.0.8112.16421

 

SC: Security Center Service [Enabled]

WU: Windows Update Service [Enabled]

AV: ESET NOD32 Antivirus 6.0 [(!) Disabled | Updated]

FW: Windows FireWall Service [Enabled]

 

C:\ (%systemdrive%) -> Disco fixo # 288 Gb (233 Mb livre - 81%) [] # NTFS

D:\ -> CD-ROM

E:\ -> CD-ROM

G:\ -> Disco removível # 958 Mb (407 Mb livre - 42%) [PEN DRIVE] # FAT

 

################## | Processos Ativos |

 

C:\Windows\system32\csrss.exe (420)

C:\Windows\system32\wininit.exe (472)

C:\Windows\system32\csrss.exe (484)

C:\Windows\system32\winlogon.exe (532)

C:\Windows\system32\services.exe (576)

C:\Windows\system32\lsass.exe (592)

C:\Windows\system32\lsm.exe (600)

C:\Windows\system32\svchost.exe (696)

C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (752)

C:\PROGRA~1\GbPlugin\GbpSv.exe (808)

C:\Windows\system32\svchost.exe (900)

C:\Windows\System32\svchost.exe (996)

C:\Windows\System32\svchost.exe (1032)

C:\Windows\system32\svchost.exe (1076)

C:\Windows\system32\svchost.exe (1188)

C:\Windows\system32\svchost.exe (1268)

C:\Windows\System32\spoolsv.exe (1380)

C:\Windows\system32\svchost.exe (1428)

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1500)

C:\Windows\System32\svchost.exe (1536)

C:\Windows\system32\svchost.exe (1560)

C:\Program Files\Bonjour\mDNSResponder.exe (1580)

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (1628)

C:\Windows\system32\inetsrv\inetinfo.exe (1708)

C:\Windows\System32\svchost.exe (1812)

C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (1848)

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (1932)

C:\Windows\System32\svchost.exe (1972)

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2008)

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (320)

C:\Windows\system32\svchost.exe (428)

C:\Windows\system32\svchost.exe (488)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (652)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2164)

C:\Windows\system32\taskhost.exe (2276)

C:\Windows\system32\Dwm.exe (2428)

C:\Windows\Explorer.EXE (2440)

C:\Windows\system32\WUDFHost.exe (2892)

C:\Windows\System32\igfxtray.exe (3220)

C:\Windows\System32\hkcmd.exe (3232)

C:\Windows\System32\igfxpers.exe (3240)

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (3268)

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (3276)

C:\Users\Joaldo\AppData\Local\Akamai\netsession_win.exe (3304)

C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (3312)

C:\Windows\system32\igfxsrvc.exe (3472)

C:\Users\Joaldo\AppData\Local\Akamai\netsession_win.exe (3736)

C:\Program Files\Internet Download Manager\IEMonitor.exe (3888)

C:\Windows\system32\SearchIndexer.exe (4072)

C:\Windows\system32\svchost.exe (2704)

C:\Program Files\Windows Media Player\wmpnetwk.exe (3144)

C:\Windows\System32\mobsync.exe (2936)

C:\Windows\System32\svchost.exe (1824)

C:\Windows\system32\DllHost.exe (4404)

C:\Windows\System32\svchost.exe (5528)

C:\Windows\system32\svchost.exe (4952)

C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (2832)

C:\UsbFix\Go.exe (1236)

C:\Windows\system32\wbem\wmiprvse.exe (1140)

 

################## | Ficheiros # pastas infeciosos |

 

Presente ! C:\Users\Joaldo\AppData\Roaming\inst.exe

Presente ! C:\Users\Joaldo\AppData\Local\Temp\InstHelper.exe

Presente ! C:\Windows\system32\install

Presente ! C:\Users\Joaldo\AppData\Local\Temp\ir_ext_temp_0

Presente ! G:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe

Presente ! G:\i.bat

Presente ! G:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013

Presente ! G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

 

################## | Registro |

 

 

################## | Mountpoints2 |

 

HKCU\.\.\.\.\Explorer\MountPoints2\H

Shell\AutoRun\Command = H:\Autorun.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf967a2-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = G:\autorun.exe

Shell\directx\Command = G:\DirectX9\dxsetup.exe

Shell\setup\Command = G:\setup.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf967a5-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = H:\autorun.exe

Shell\directx\Command = H:\DirectX9\dxsetup.exe

Shell\setup\Command = H:\setup.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf967a9-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = I:\CDCheck.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf967ad-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = J:\CDCheck.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf967b0-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = K:\CDCheck.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf967cf-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = L:\CDCheck.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf967d6-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = L:\CDCheck.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf967da-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = M:\autorun.exe

Shell\directx\Command = M:\DirectX9\dxsetup.exe

Shell\setup\Command = M:\setup.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf967fc-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = M:\autorun.exe

Shell\directx\Command = M:\DirectX9\dxsetup.exe

Shell\setup\Command = M:\setup.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf96802-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = N:\CDCheck.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf96804-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = O:\CDCheck.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf96814-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = P:\autorun.exe

Shell\directx\Command = P:\DirectX9\dxsetup.exe

Shell\setup\Command = P:\setup.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf96816-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = Q:\CDCheck.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf96818-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = R:\CDCheck.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{6cf9681a-b614-11e0-9169-e0cb4e304d58}

Shell\AutoRun\Command = S:\autorun.exe

Shell\directx\Command = S:\DirectX9\dxsetup.exe

Shell\setup\Command = S:\setup.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{b878a000-0ea9-11e1-bd3e-e0cb4e304d58}

Shell\AutoRun\Command = G:\AutoRun.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{db635123-52a4-11df-816d-e0cb4e304d58}

Shell\AutoRun\Command = D:\LaunchU3.exe -a

 

HKCU\.\.\.\.\Explorer\MountPoints2\{fe58a58f-70e1-11e1-bbb5-e0cb4e304d58}

Shell\AutoRun\Command = G:\Autorun.exe

 

 

 

################## | Vaccin |

 

(!) Este computador não é vacinada!

 

################## | E.O.F |

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Conecte novamente o pen drive no PC

 

*Execute o UsbFix e clique [Opções]

 

*Desmarque Desativar Autorun/AutoPlay automaticamente e clique [OK]

 

*Clique [supressão]

 

*Ao finalizar, desconecte o pen drive e cole o relatório apresentado

 

 

 

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Selecione Verificar All Users

 

*Clique [Nenhum]

 

*Em Exame Extra do Registro, selecione Usar SafeList

 

*Clique [Verificar]

 

*Cole o relatório Extras.txt criado no Desktop (Área de Trabalho)

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Execute o USBFix e clique [uninstall]

 

 

:seta: Execute o OTL e clique [Limpeza]

 

*O PC será reiniciado

 

 

Informe como está o PC

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.