Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

RafaeL Icassati 2

[Arquivado] notebook com muita lentidão

Recommended Posts

note está muito lento, segue scan:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:51:42, on 15/07/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Users\My\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Users\My\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\Desk 365\desk365.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\My\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.cga.com.cn
O15 - Trusted Zone: http://*.ogdev.net
O15 - Trusted Zone: http://*.sdo.com
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browserprotect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Desk 365 service (desksvc) - 337 Technology Limited. - C:\Program Files (x86)\Desk 365\deskSvc.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wsys Service (WsysSvc) - Wsys Co., Ltd. - C:\ProgramData\eSafe\eGdpSvc.exe

--
End of file - 21342 bytes

obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom Dia! RafaeL Icassati 2
|- Baixe: < adwcleaner_logo.jpg > ( ... par Xplode )
|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >
|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg
|- Ps: Dê início ao scan,clicando em "Remover". < abpXmu2U.jpg >
acuDr4Nb.jpg
|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt
-/-
|- Baixe: < 1268r49.png > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Para Windows 7,clique direito em JRT.exe e execute-o ... Executar_Administrador.jpg
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )
-/-
|- Baixe: < zoek > ( ... by Smeenk )
|- Ou aqui! < 51a612a8b27e2-Zoek.png zoek.exe >
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.
startupall;
autoclean;
filesrcm;
emptyalltemp;
|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

 

Zoek.exe is running now.

Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.
Zoek_Reboot_zpscf60b3cf.jpg
|- Aceite e/ou confirme o reboot!

 

zoek.hta failed by unknown error.

 

Restart computer, and try again.
|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v2.305 - Relatório criado em 15/07/2013 às 20:15:34
# Atualizado em 11/07/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : My - MY-PC
# Modo de Boot : Normal
# Executado de : C:\Users\My\Desktop\adwcleaner.exe
# Opção [Remover]


***** [serviços] *****

Encerrado & Removido : BrowserProtect
Encerrado & Removido : CltMngSvc
Encerrado & Removido : desksvc
Encerrado & Removido : DvmMDES
Encerrado & Removido : Yontoo Desktop Updater

***** [Arquivos/Pastas] *****

Arquivo Désinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Arquivo Désinfected : C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Arquivo Désinfected : C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
Arquivo Désinfected : C:\Users\My\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\firefox - Atalho.lnk
Arquivo Désinfected : C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Arquivo Désinfected : C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Arquivo Removido : C:\END
Arquivo Removido : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Arquivo Removido : C:\user.js
Arquivo Removido : C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Arquivo Removido : C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Arquivo Removido : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\bprotector_extensions.sqlite
Arquivo Removido : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\bprotector_prefs.js
Arquivo Removido : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\searchplugins\Askcom.xml
Arquivo Removido : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\searchplugins\babylon1.xml
Arquivo Removido : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\searchplugins\browsemngr.xml
Arquivo Removido : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\searchplugins\MyStart Search.xml
Pasta Removido : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Pasta Removido : C:\Program Files (x86)\Common Files\Wondershare
Pasta Removido : C:\Program Files (x86)\Complitly
Pasta Removido : C:\Program Files (x86)\Conduit
Pasta Removido : C:\Program Files (x86)\DealPly
Pasta Removido : C:\Program Files (x86)\Desk 365
Pasta Removido : C:\Program Files (x86)\FindLyrics
Pasta Removido : C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1
Pasta Removido : C:\Program Files (x86)\LyricsOn
Pasta Removido : C:\Program Files (x86)\LyricsPod
Pasta Removido : C:\Program Files (x86)\SearchProtect
Pasta Removido : C:\Program Files (x86)\Wajam
Pasta Removido : C:\Program Files (x86)\Yontoo
Pasta Removido : C:\ProgramData\BrowserProtect
Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365
Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Pasta Removido : C:\ProgramData\Tarma Installer
Pasta Removido : C:\Users\My\AppData\Local\Conduit
Pasta Removido : C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Pasta Removido : C:\Users\My\AppData\Local\Temp\boost_interprocess
Pasta Removido : C:\Users\My\AppData\Local\Wajam
Pasta Removido : C:\Users\My\AppData\Local\Wondershare
Pasta Removido : C:\Users\My\AppData\LocalLow\BabylonToolbar
Pasta Removido : C:\Users\My\AppData\LocalLow\Conduit
Pasta Removido : C:\Users\My\AppData\LocalLow\FreeOnlineRadioPlayerRecorder_V1
Pasta Removido : C:\Users\My\AppData\LocalLow\PriceGong
Pasta Removido : C:\Users\My\AppData\Roaming\Babylon
Pasta Removido : C:\Users\My\AppData\Roaming\Complitly
Pasta Removido : C:\Users\My\AppData\Roaming\DealPly
Pasta Removido : C:\Users\My\AppData\Roaming\Desk 365
Pasta Removido : C:\Users\My\AppData\Roaming\dvdvideosoftiehelpers
Pasta Removido : C:\Users\My\AppData\Roaming\eIntaller
Pasta Removido : C:\Users\My\AppData\Roaming\eType
Pasta Removido : C:\Users\My\AppData\Roaming\Media Finder
Pasta Removido : C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Pasta Removido : C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Pasta Removido : C:\Users\My\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Pasta Removido : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\jetpack
Pasta Removido : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\Smartbar
Pasta Removido : C:\Users\My\AppData\Roaming\OpenCandy
Pasta Removido : C:\Users\My\AppData\Roaming\PerformerSoft
Pasta Removido : C:\Users\My\AppData\Roaming\registry mechanic
Pasta Removido : C:\Users\My\AppData\Roaming\SearchProtect
Pasta Removido : C:\Users\My\AppData\Roaming\Wondershare
Pasta Removido : C:\Users\My\AppData\Roaming\Yontoo
Removido Durante o reboot : C:\ProgramData\eSafe

***** [Registro] *****

Chave Removida : HKCU\Software\1ClickDownload
Chave Removida : HKCU\Software\APN PIP
Chave Removida : HKCU\Software\AppDataLow\Software\Conduit
Chave Removida : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Removida : HKCU\Software\AppDataLow\Software\Crossrider
Chave Removida : HKCU\Software\AppDataLow\Software\FreeOnlineRadioPlayerRecorder_V1
Chave Removida : HKCU\Software\AppDataLow\Software\PriceGong
Chave Removida : HKCU\Software\AppDataLow\Software\SmartBar
Chave Removida : HKCU\Software\AppDataLow\Toolbar
Chave Removida : HKCU\Software\Complitly
Chave Removida : HKCU\Software\Conduit
Chave Removida : HKCU\Software\DataMngr
Chave Removida : HKCU\Software\DealPly
Chave Removida : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Removida : HKCU\Software\Headlight
Chave Removida : HKCU\Software\IM
Chave Removida : HKCU\Software\ImInstaller
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\MediaFinder
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{79B8E308-95A2-4044-932D-80E833A863CC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79B8E308-95A2-4044-932D-80E833A863CC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7EF0E692-B7E1-4BA8-8587-3DE4610FF0FC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKCU\Software\SearchProtect
Chave Removida : HKCU\Software\Softonic
Chave Removida : HKCU\Software\StartSearch
Chave Removida : HKCU\Software\Wajam
Chave Removida : HKCU\Software\59edadebd3cbe13
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Chave Removida : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Chave Removida : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Chave Removida : HKLM\SOFTWARE\Classes\Toolbar.CT3282722
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Chave Removida : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Chave Removida : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Chave Removida : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Chave Removida : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Chave Removida : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Chave Removida : HKLM\Software\Conduit
Chave Removida : HKLM\Software\DataMngr
Chave Removida : HKLM\Software\DealPly
Chave Removida : HKLM\Software\delta-homesSoftware
Chave Removida : HKLM\Software\Desksvc
Chave Removida : HKLM\Software\DeviceVM
Chave Removida : HKLM\Software\eSafeSecControl
Chave Removida : HKLM\Software\FreeOnlineRadioPlayerRecorder_V1
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7EF0E692-B7E1-4BA8-8587-3DE4610FF0FC}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKLM\Software\PIP
Chave Removida : HKLM\Software\portaldositesSoftware
Chave Removida : HKLM\Software\SearchProtect
Chave Removida : HKLM\Software\SimplyGen
Chave Removida : HKLM\Software\systweak
Chave Removida : HKLM\Software\V9
Chave Removida : HKLM\Software\Wajam
Chave Removida : HKLM\SOFTWARE\Wow6432Node\59edadebd3cbe13
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79B8E308-95A2-4044-932D-80E833A863CC}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7EF0E692-B7E1-4BA8-8587-3DE4610FF0FC}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D8643D7-A150-46E7-85FA-018E44041966}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5ED4B3-20B1-4D74-A4A0-DD96BC16B0AF}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79B8E308-95A2-4044-932D-80E833A863CC}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FreeOnlineRadioPlayerRecorder_V1 Toolbar
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Chave Removida : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Chave Removida : HKLM\SOFTWARE\Tarma Installer
Dados Removida : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD5000BEKT-60KA9T0_WD-WXA1E51AVM26AVM26&ts=1372898076
Dados Removida : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD5000BEKT-60KA9T0_WD-WXA1E51AVM26AVM26&ts=1372898076
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{79B8E308-95A2-4044-932D-80E833A863CC}]
Valor Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Desk 365]
Valor Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Valor Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Valor Removida : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{79B8E308-95A2-4044-932D-80E833A863CC}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]
Valor Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{79B8E308-95A2-4044-932D-80E833A863CC}]

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16635

Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD5000BEKT-60KA9T0_WD-WXA1E51AVM26AVM26&ts=1372898076 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD5000BEKT-60KA9T0_WD-WXA1E51AVM26AVM26&ts=1372898076 --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD5000BEKT-60KA9T0_WD-WXA1E51AVM26AVM26&ts=1372898076 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (pt-BR)

Arquivo : C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\prefs.js

C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\user.js ... Removido !

Removida : user_pref("CT3219432.1000234.TWC_TMP_city", "SAO PAULO");
Removida : user_pref("CT3219432.1000234.TWC_TMP_country", "BR");
Removida : user_pref("CT3219432.3219432a129924590188005123000000paramsGK3.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzU4Nj[...]
Removida : user_pref("CT3219432.3219432a129924591369106534000000paramsGK1.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzU4Nj[...]
Removida : user_pref("CT3219432.3219432a129925506711278657000000paramsGK1.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzU4Nj[...]
Removida : user_pref("CT3219432.3219432a129925506711278657000000twitterTemplate_notify_followers.enc", "MHgwMDM[...]
Removida : user_pref("CT3219432.3219432a129925506711278657000000twitterTemplate_notify_followers_count.enc", "M[...]
Removida : user_pref("CT3219432.3219432a129925506711278657000000twitterTemplate_notify_following.enc", "MHgwMDM[...]
Removida : user_pref("CT3219432.3219432a129925506711278657000000twitterTemplate_notify_following_count.enc", "M[...]
Removida : user_pref("CT3219432.3219432a129925506711278657000000twitterTemplate_notify_home.enc", "MHgwMDMyLDB4[...]
Removida : user_pref("CT3219432.3219432a129925506711278657000000twitterTemplate_notify_home_count.enc", "MTU=")[...]
Removida : user_pref("CT3219432.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Removida : user_pref("CT3219432.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Removida : user_pref("CT3219432.FirstTime", "true");
Removida : user_pref("CT3219432.FirstTimeFF3", "true");
Removida : user_pref("CT3219432.LoginRevertSettingsEnabled", true);
Removida : user_pref("CT3219432.RevertSettingsEnabled", true);
Removida : user_pref("CT3219432.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT321[...]
Removida : user_pref("CT3219432.UserID", "UN80905930767544115");
Removida : user_pref("CT3219432.addressBarTakeOverEnabledInHidden", "true");
Removida : user_pref("CT3219432.browser.search.defaultthis.engineName", true);
Removida : user_pref("CT3219432.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Removida : user_pref("CT3219432.enableAlerts", "always");
Removida : user_pref("CT3219432.firstTimeDialogOpened", "true");
Removida : user_pref("CT3219432.fixPageNotFoundErrorInHidden", "true");
Removida : user_pref("CT3219432.fixUrls", true);
Removida : user_pref("CT3219432.installType", "Unknown");
Removida : user_pref("CT3219432.isCheckedStartAsHidden", true);
Removida : user_pref("CT3219432.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Removida : user_pref("CT3219432.isFirstTimeToolbarLoading", "false");
Removida : user_pref("CT3219432.isNewTabEnabled", true);
Removida : user_pref("CT3219432.isPerformedSmartBarTransition", "true");
Removida : user_pref("CT3219432.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Removida : user_pref("CT3219432.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Removida : user_pref("CT3219432.keyword", true);
Removida : user_pref("CT3219432.migrateAppsAndComponents", true);
Removida : user_pref("CT3219432.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.co[...]
Removida : user_pref("CT3219432.search.searchAppId", "10000002");
Removida : user_pref("CT3219432.search.searchCount", "0");
Removida : user_pref("CT3219432.searchInNewTabEnabledInHidden", "true");
Removida : user_pref("CT3219432.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Removida : user_pref("CT3219432.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Removida : user_pref("CT3219432.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Removida : user_pref("CT3219432.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Removida : user_pref("CT3219432.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Removida : user_pref("CT3219432.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Removida : user_pref("CT3219432.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Removida : user_pref("CT3219432.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1358548864299");
Removida : user_pref("CT3219432.serviceLayer_services_appsMetadata_lastUpdate", "1358698432118");
Removida : user_pref("CT3219432.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1358548864863");
Removida : user_pref("CT3219432.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358697318499");
Removida : user_pref("CT3219432.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1358548864913");
Removida : user_pref("CT3219432.serviceLayer_services_searchAPI_lastUpdate", "1358655920428");
Removida : user_pref("CT3219432.serviceLayer_services_serviceMap_lastUpdate", "1358655919608");
Removida : user_pref("CT3219432.serviceLayer_services_toolbarContextMenu_lastUpdate", "1358548864752");
Removida : user_pref("CT3219432.serviceLayer_services_toolbarSettings_lastUpdate", "1358698431626");
Removida : user_pref("CT3219432.serviceLayer_services_translation_lastUpdate", "1358655919874");
Removida : user_pref("CT3219432.settingsINI", true);
Removida : user_pref("CT3219432.smartbar.CTID", "CT3219432");
Removida : user_pref("CT3219432.smartbar.Uninstall", "0");
Removida : user_pref("CT3219432.smartbar.homepage", true);
Removida : user_pref("CT3219432.smartbar.toolbarName", "PSafe ClikSeguro ");
Removida : user_pref("CT3219432.toolbarBornServerTime", "19-1-2013");
Removida : user_pref("CT3219432.toolbarCurrentServerTime", "20-1-2013");
Removida : user_pref("CT3219432.twitterTemplate_3219432a129925506711278657000000_DailyActivity.enc", "MTM1ODY1N[...]
Removida : user_pref("CT3219432.twitterTemplate_3219432a129925506711278657000000_LifetimeSent.enc", "VFJVRQ==")[...]
Removida : user_pref("CT3219432_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Removida : user_pref("CT3282722.1000082.isPlayDisplay", "true");
Removida : user_pref("CT3282722.1000082.state", "{\"state\":\"stopped\",\"text\":\"Classic R...\",\"description[...]
Removida : user_pref("CT3282722.3282722a130039643157408893000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzY0Nz[...]
Removida : user_pref("CT3282722.CT3282722ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyNzkyNTUlMj[...]
Removida : user_pref("CT3282722.CT3282722current_term.enc", "Zm9ybWF0byt2aWRlbytzdXBvcnRhZG8raXBhZA==");
Removida : user_pref("CT3282722.CT3282722sdate.enc", "MzE=");
Removida : user_pref("CT3282722.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Removida : user_pref("CT3282722.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Removida : user_pref("CT3282722.FF19Solved", "true");
Removida : user_pref("CT3282722.FirstTime", "true");
Removida : user_pref("CT3282722.FirstTimeFF3", "true");
Removida : user_pref("CT3282722.PG_ENABLE", "dHJ1ZQ==");
Removida : user_pref("CT3282722.RSS_Pub_Config.enc", "eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpd[...]
Removida : user_pref("CT3282722.RSSapp3282722a130039643157408893000000embeddedVersion.enc", "Mi40LjA=");
Removida : user_pref("CT3282722.RSSapp3282722a130039643157408893000000lastReportTime.enc", "MTM2NDc0NTU5Nzg3NiA[...]
Removida : user_pref("CT3282722.RSSapp3282722a130039643157408893000000newFeeds.enc", "bmV3RmVlZHM=");
Removida : user_pref("CT3282722.UserID", "UN34789276227651111");
Removida : user_pref("CT3282722.addressBarTakeOverEnabledInHidden", "true");
Removida : user_pref("CT3282722.addressUrlXPETakeover", "true");
Removida : user_pref("CT3282722.autoDisableScopes", -1);
Removida : user_pref("CT3282722.defaultSearch", "false");
Removida : user_pref("CT3282722.embeddedsData", "[{\"appId\":\"130039643153976796\",\"apiPermissions\":{\"cross[...]
Removida : user_pref("CT3282722.enableAlerts", "true");
Removida : user_pref("CT3282722.enableFix404ByUser", "FALSE");
Removida : user_pref("CT3282722.enableSearchFromAddressBar", "true");
Removida : user_pref("CT3282722.firstTimeDialogOpened", "true");
Removida : user_pref("CT3282722.fixPageNotFoundError", "true");
Removida : user_pref("CT3282722.fixPageNotFoundErrorByUser", "true");
Removida : user_pref("CT3282722.fixPageNotFoundErrorInHidden", "true");
Removida : user_pref("CT3282722.fixUrls", true);
Removida : user_pref("CT3282722.installDate", "31/3/2013 12:56:02");
Removida : user_pref("CT3282722.installId", "conduitinstaller.exe");
Removida : user_pref("CT3282722.installType", "conduitnsisintegration");
Removida : user_pref("CT3282722.installUsage", "2013-03-31T18:59:33.7769939+03:00");
Removida : user_pref("CT3282722.installUsageEarly", "2013-03-31T18:59:19.3943471+03:00");
Removida : user_pref("CT3282722.installerVersion", "1.3.7.3");
Removida : user_pref("CT3282722.isCheckedStartAsHidden", true);
Removida : user_pref("CT3282722.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Removida : user_pref("CT3282722.isFirstTimeToolbarLoading", "false");
Removida : user_pref("CT3282722.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Removida : user_pref("CT3282722.keyword", "true");
Removida : user_pref("CT3282722.lastVersion", "10.15.0.62");
Removida : user_pref("CT3282722.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Removida : user_pref("CT3282722.migrateAppsAndComponents", true);
Removida : user_pref("CT3282722.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Removida : user_pref("CT3282722.openThankYouPage", "false");
Removida : user_pref("CT3282722.openUninstallPage", "true");
Removida : user_pref("CT3282722.price-gong.isManagedApp", "true");
Removida : user_pref("CT3282722.revertSettingsEnabled", "FALSE");
Removida : user_pref("CT3282722.search.searchAppId", "130039643153976796");
Removida : user_pref("CT3282722.search.searchCount", "0");
Removida : user_pref("CT3282722.searchInNewTabEnabledByUser", "false");
Removida : user_pref("CT3282722.searchInNewTabEnabledInHidden", "true");
Removida : user_pref("CT3282722.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Removida : user_pref("CT3282722.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Removida : user_pref("CT3282722.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Removida : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Removida : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Removida : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Removida : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1364745564865");
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1364745564802");
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "13647455653[...]
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1364745564819"[...]
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-google_lastUpdate", "1364745564781");
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1364745565280")[...]
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-time_lastUpdate", "1364745564849");
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1364745564835");
Removida : user_pref("CT3282722.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364745560953");
Removida : user_pref("CT3282722.serviceLayer_services_appsMetadata_lastUpdate", "1364745560409");
Removida : user_pref("CT3282722.serviceLayer_services_getTwitterExtraInfo_lastUpdate", "1364745566741");
Removida : user_pref("CT3282722.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364745560513");
Removida : user_pref("CT3282722.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1364745559[...]
Removida : user_pref("CT3282722.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1364745574667")[...]
Removida : user_pref("CT3282722.serviceLayer_services_location_lastUpdate", "1364745559566");
Removida : user_pref("CT3282722.serviceLayer_services_login_10.15.0.62_lastUpdate", "1364745574674");
Removida : user_pref("CT3282722.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364745560626");
Removida : user_pref("CT3282722.serviceLayer_services_searchAPI_lastUpdate", "1364745559577");
Removida : user_pref("CT3282722.serviceLayer_services_serviceMap_lastUpdate", "1364745556766");
Removida : user_pref("CT3282722.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364745560425");
Removida : user_pref("CT3282722.serviceLayer_services_toolbarSettings_lastUpdate", "1364745559103");
Removida : user_pref("CT3282722.serviceLayer_services_translation_lastUpdate", "1364745560705");
Removida : user_pref("CT3282722.settingsINI", true);
Removida : user_pref("CT3282722.shouldFirstTimeDialog", "true");
Removida : user_pref("CT3282722.showToolbarPermission", "false");
Removida : user_pref("CT3282722.smartbar.CTID", "CT3282722");
Removida : user_pref("CT3282722.smartbar.Uninstall", "0");
Removida : user_pref("CT3282722.smartbar.toolbarName", "FreeOnlineRadioPlayerRecorder V1 ");
Removida : user_pref("CT3282722.startPage", "false");
Removida : user_pref("CT3282722.toolbarBornServerTime", "31-3-2013");
Removida : user_pref("CT3282722.toolbarCurrentServerTime", "31-3-2013");
Removida : user_pref("CT3282722.toolbarDisabled", "true");
Removida : user_pref("CT3282722.toolbarLoginClientTime", "Sun Mar 31 2013 12:59:34 GMT-0300 (Hora oficial do Br[...]
Removida : user_pref("CT3282722.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEz[...]
Removida : user_pref("CT3282722_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Removida : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3219432&SearchSource=1[...]
Removida : user_pref("Smartbar.ConduitSearchEngineList", "PSafe ClikSeguro Customized Web Search");
Removida : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3219432[...]
Removida : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Removida : user_pref("Smartbar.keywordURLSelectedCTID", "CT3219432");
Removida : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=117223&tt=0313_5&babsrc=NT_ss&mntr[...]
Removida : user_pref("browser.search.defaultenginename", "portaldosites");
Removida : user_pref("browser.search.order.1", "portaldosites");
Removida : user_pref("extensions.BabylonToolbar.admin", false);
Removida : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Removida : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Removida : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Removida : user_pref("extensions.BabylonToolbar.bbDpng", "21");
Removida : user_pref("extensions.BabylonToolbar.cntry", "BR");
Removida : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Removida : user_pref("extensions.BabylonToolbar.dpkLst", "");
Removida : user_pref("extensions.BabylonToolbar.excTlbr", false);
Removida : user_pref("extensions.BabylonToolbar.hdrMd5", "18C56557C473F850767214EE0F3DC3E9");
Removida : user_pref("extensions.BabylonToolbar.id", "284790bb000000000000705ab68ec19e");
Removida : user_pref("extensions.BabylonToolbar.instlDay", "15723");
Removida : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Removida : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.220:38:20");
Removida : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"60\",\"lastVrsn\":\"60\",\"vrsnLoad\[...]
Removida : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Removida : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Removida : user_pref("extensions.BabylonToolbar.rvrt", "false");
Removida : user_pref("extensions.BabylonToolbar.sg", "azb");
Removida : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Removida : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Removida : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Removida : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Removida : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Removida : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Removida : user_pref("extensions.BabylonToolbar_i.babExt", "");
Removida : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117223&tt=0313_5");
Removida : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Removida : user_pref("extensions.BabylonToolbar_i.hardId", "284790bb000000000000705ab68ec19e");
Removida : user_pref("extensions.BabylonToolbar_i.id", "284790bb000000000000705ab68ec19e");
Removida : user_pref("extensions.BabylonToolbar_i.instlDay", "15521");
Removida : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Removida : user_pref("extensions.BabylonToolbar_i.newTab", false);
Removida : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Removida : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Removida : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Removida : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Removida : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Removida : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Removida : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.220:38:21");
Removida : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Removida : user_pref("extensions.wajam.affiliate_id", "1555");
Removida : user_pref("extensions.wajam.firstrun", "false");
Removida : user_pref("extensions.wajam.log_send_info", "false");
Removida : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\[...]
Removida : user_pref("extensions.wajam.no_trace", "false");
Removida : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
Removida : user_pref("extensions.wajam.supported_sites.bing.wajam_yahoo_se_js", "try {window['APP_LABEL_NAME'] [...]
Removida : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABE[...]
Removida : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]
Removida : user_pref("extensions.wajam.trace_log", "1358548857353 - processInstallationUpgrade - version set to[...]
Removida : user_pref("extensions.wajam.unique_id", "898D31C112FD0024A86F48B533A43FAC");
Removida : user_pref("extensions.wajam.user_current_mapping_version", "0");
Removida : user_pref("extensions.wajam.version", "1.26");
Removida : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Removida : user_pref("extentions.y2layers.installId", "12c7ad5c-1c0b-4f97-bc82-b3b7ff28e5b6");
Removida : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&SearchSource=2&CU[...]
Removida : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3219432&SearchSource=13[...]
Removida : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Removida : user_pref("smartbar.machineId", "WFGVXPH4RPXXTQOCGCOXAE5XCYLIC787EVR2G8ZB/X9+AGWF2DU76BZGVQHOE4QRBEW[...]
Removida : user_pref("smartbar.originalHomepage", "hxxp://search.babylon.com/?affID=117223&tt=0313_5&babsrc=HP_[...]
Removida : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT321[...]
Removida : user_pref("smartbar.originalSearchEngine", "Search the web (Babylon)");

-\\ Google Chrome v [impossível ler a versão]

Arquivo : C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[s1].txt - [42885 octets] - [15/07/2013 20:15:34]

########## EOF - C:\AdwCleaner[s1].txt - [42946 octets] ##########

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.0 (07.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by My on 15/07/2013 at 20:31:06,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\etype_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\etype_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\etypesetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\etypesetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\etypeuninstall_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\etypeuninstall_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\etypeupdate_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\etypeupdate_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\privitizevpn_1_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D1D6A7E6-44E6-4652-9EBB-E4E851B6FE90}



~~~ Files

Successfully deleted: [File] C:\Windows\tasks\LyricsPod Update.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{012B750E-6549-4D6D-A621-08BCA27463B3}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{01A4FE5D-AFE8-4FDE-9FA2-C665D5801172}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{01C2050D-7564-4096-8116-8BA7D7EF0B53}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{032CA852-DF54-4622-B9A8-F41221127D96}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{03729DC3-811F-402F-AA35-A7E3A61B1FC3}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0444E914-7B81-4846-8A1B-70B5535BC2EB}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{04473984-A446-4AD1-9FC4-87E9FA0134B7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0485E594-E82A-4672-9DBE-F5526D5A16BC}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{04A84630-C73B-49E1-B626-B193F27E37F2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{04EBBAE0-E465-4724-8EBD-312E2DC95252}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{05F5763A-0B3D-4CFB-AA94-59ACABE817C4}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{060D92F4-8DFB-4FB5-9113-5091506486C0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0668024D-3616-419B-AC3F-EC5AB8D273DE}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{06685A8D-4EFD-4137-8FA2-827891F949E2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{068B0213-E52E-4D7C-9B9A-12F3D936A26B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{06AF2F95-C7BD-454D-889B-D9F7FFE3FDFA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{07186B87-287F-4A40-8E34-A9776B1A0E27}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{07655524-2EFB-4F69-9352-AECDBC5AF652}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{07EC1C21-076C-4431-87FC-9679F4D3C496}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0880C19A-75BD-41CF-9BB7-4598C315EA6A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{08E07727-AD00-4964-BA56-818DAC87637D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0AA82E9A-0099-4707-BD2F-9DC3C2A22E9D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0AAB5F17-0236-4BB5-BF26-4946A2AB023E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0ADB70A7-51D2-442F-9CE1-AA1D6BC0AD81}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0B06C4A2-B85E-4434-BB50-4243C1AAB1C2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0B24D560-97CF-4E01-9959-8F6FA73BC954}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0B33B4DA-B598-4615-A776-3A92CF9B214D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0C94064E-EE1E-4FD7-88EA-4A1096EE701A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0CA27C5C-DA0C-43ED-B788-44A465720770}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0E2D7E1D-596D-4D3A-9A27-DAC6E5CB9BF0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0EA2C5FC-D299-4939-B6B8-BC4C41E2023C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{0F636BB9-DB4C-4332-BEE1-009D214AE95B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{107B6C0A-2032-48E4-B576-B63C90B6508E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{10B56E51-F1E8-42C0-BCC2-B56414F76685}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{117E0823-68C0-4DAC-BA44-5A8393942960}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1224F551-AB15-4137-A519-64D3FEFA9309}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{127DD86A-46EC-43A6-8B3B-8010B4DD3BEC}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{135BCA5F-33AE-4D5C-BA62-DDF730DAC81B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{13CFEFDB-286F-4C74-8AB7-0778FB0A737B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{13EA3D29-80C6-4B05-9CF7-F053DE1852BC}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1449B135-DB49-40E6-9AF3-B8D1950FF8FB}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{15126129-1BAE-4410-9031-CF664EB6C9F4}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1517D600-FB2E-4580-B6D0-EE850FB10CAC}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{159BBCF1-2197-4768-BBD9-B8264BA67CAB}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{160005B9-1811-4865-961D-FD3F3128225A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{16691F67-D056-43B2-A16F-DF9DFB6BBBD6}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1679D76E-B1E7-4049-A6B7-E9D5ED47F7AD}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{171BD607-4457-4D6C-91D2-F60107DEB724}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{177E867A-5AA2-410F-9E1E-B59799273DB2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{17D37EB6-670D-4D24-93D7-E4D24232F1FB}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{17F0D486-5A53-42CC-B8AF-5CC19F0110FD}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{181EA084-B59C-4EC1-87FB-388795D7212D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{189623BA-6AFD-40EF-9873-5AC67F8B8FFC}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1982E155-275F-49CD-AB55-0B00FAB19753}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{19A7A5F2-482B-4D52-9AE9-E0544E4206B7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{19BACEEA-1709-4C44-AE81-12196F0F7C25}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{19C9176F-5B00-4732-9B71-477B281B97FE}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1A2A52B0-8F6F-4D4C-B50F-98ACE459348A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1B06D6A4-FD7F-4842-863B-66B60492608C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1B286C77-73D8-4207-81AE-873D5B6391CB}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1B4FC6D5-C015-4285-B3C0-4CD70F300A47}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1B53E21C-D3DE-4207-84F8-B0F60E7C30CE}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1B548A3E-E693-4475-BC95-7DEA6CA7DD53}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1B639969-767E-42D9-BD78-6BAD8D262B1C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1B944666-8F02-4A7C-A988-820C78600F39}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1BCE64D9-EF91-420F-84BB-38C9A852AF06}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1C47A81A-0798-4809-9D42-7699FBD93F03}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1C86E7C1-DBDF-43BA-9C41-986B8D71E3A0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1D941235-82FE-40CC-B53F-58CB14C32ACE}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1DD40C56-3D43-4D03-9C89-8752920903C0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1EA57088-2F32-430D-AE91-46B51ACB0199}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1EBE1819-8F07-464D-AB43-F793B1C2E95D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1F141550-7C29-41D1-A70D-24A619644F32}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1F2D0924-0C25-4018-85E6-8D19DB2D3D4F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{1FC7506A-EBDC-4D7C-B733-BFDB265FA01C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{20228FB4-2569-4CD5-B0D7-28EBDA7BFB49}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{20BC0CB0-DF1F-47EE-9572-406B4D1DA253}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{20C85B2E-EA80-4B5A-AA9D-4D31AE418FDD}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{20D8DB10-FB26-432E-BFF1-522F42E51BF2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{20F4EDDA-1E6F-474C-BF6F-566573C891FF}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{20F94160-487B-4E9F-9A67-DA0E489A4039}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{21267B9E-7086-4193-8F44-D550A8BF6E46}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{21354D43-E5A0-457A-A55C-78EBC0D7707C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{21D5FA0D-31D3-4708-95D3-CD44985983F3}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{22103144-617C-42C2-9B75-85B07EA1DF1F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{22FD447C-5449-49F2-A515-7690C3F5F718}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{23CF5ADE-C788-42F1-BF4C-0CA2F816EBDA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{23EB7D33-576C-4146-8DAF-F6CBEAF5E5F8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{2461F245-FA14-4679-ADAB-B8F0B4B1FBB1}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{24F381C4-B83E-4784-A6B0-389AA0E0793F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{25198903-B2D2-4985-8F43-FF0960F1A3B2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{25D6BF3D-80F6-4086-AFAC-4E6542467BEC}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{27903B73-1021-4D0E-A391-5C2ADAE53C0A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{27ACD576-782C-4C7C-9914-0A3694F6C3AF}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{27CF0209-461A-43AD-854A-8D78EBF0EE0B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{294E683D-FB0B-4B24-8FBD-6BE3D0D65767}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{29787120-8532-4F4F-BFCB-487234359AA3}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{2BA4F7FE-D629-4063-848C-C65640E984E8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{2BAB90FE-B5EF-480C-B4D5-4AA25A1F9D55}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{2C22E9E1-EFF5-4294-B198-D1A3732A435A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{2CE5841F-4945-4A5D-8069-84E8782A4736}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{2D036C83-5AC6-4F56-84DE-D02F057A37AE}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{2D537672-4107-44EC-A13A-DC05250E721F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{2E204F14-6621-4178-A72A-D8C4359698D9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{2F693BF4-46D4-4082-AF37-0014B61284E0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{2FC02430-4112-4EEA-A9AC-998DD8F0FCA7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{2FC3DFFE-AF4A-4BB4-8FBE-33383C2CC976}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{30A8AD0B-4258-4F1C-9176-A6D880833F79}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{30DA5E9D-3FA9-4FCC-B9E7-4B5EE6D12C96}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{30E1CD58-98E9-4407-B6DC-0652D9FAC6B2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{30FA1283-AFB6-424C-A144-5B4BE2968FE5}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3101BA54-C17F-499A-9B75-0FDB4013D371}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{311CA1E1-736C-4A36-8B3F-7DE7DD556170}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3146D3D8-5AD6-4F9A-8DDF-8CBB7A6F9D36}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{314BC783-3B2E-46C5-BAEF-48A05347706F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{315A7208-4A2E-40DF-8F7D-DACF594960AA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{321F747F-6F21-4E3E-B72D-299945ED3206}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{32421AA8-26B0-4AD2-956C-7D3414A3167F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{32FA771F-B96B-428A-A70F-7DB8CD7E70D3}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{32FD8463-805B-4137-8C7F-03A0E1404DBA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{33585CE1-DFA5-4BA6-9657-70BE01621E12}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3430B7E4-4CCE-4039-B6FC-3D081AA6B836}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3433CA65-5E62-4B5F-B932-9056819B07E0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{350F6B63-4347-44F9-9B43-37AADC40261E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3746FC74-DB53-4B5D-9F53-E2C58B9A672C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{376D1ED3-8B2D-4090-8E39-BF6F402923A9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{37A2F55D-5BF1-467A-9840-0DFF2DB4585D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{37AAA6F6-E30B-4508-AA64-654618ABC93E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{37AEAB2C-8190-4CF8-82E0-06E56D7E0D0A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{382A9E6A-EC16-44A4-8E2A-CD6B8B7D34C9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{386919C1-123D-48F6-9E65-B7166EEC319A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{38E9CA2D-D4EB-4A92-9B7E-4F0301FBD447}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3959122F-0ED6-423D-93D6-B9B6DD94108E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3B1B5ADE-70F3-463B-9316-347E774EC0C0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3C2F27E0-27BE-4E42-ABFB-B6EFA1D0F308}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3C734441-FD1E-452F-955D-2A069355927E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3EA62722-D399-4DF7-A793-E3752338DC72}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3FA62112-A476-40B4-AEB7-143C088EDD23}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3FBDEFDB-920B-4F35-A607-F92E8518D77B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3FD1ACE8-E156-41BD-8A42-847393325AA7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{3FF6B1F3-604E-47AA-A2B3-841371CFB748}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{403BF9DB-B6E3-481B-BBCC-26CCD8EB3029}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{404ED87F-719C-49DD-9192-4A5667546FE4}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{40A4ACC9-28EC-4F0F-A68D-07F38B6957DA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{40FFCEE8-BCB4-4764-B677-817DD03DA199}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{41713BFA-D9CE-4C96-9300-91CBE737E8CF}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{419137B7-85CE-46AE-A9E0-A3120E8A97CD}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{41C47AEF-D3B9-4CD0-9C3A-825DDD5E4142}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{41D6D46E-080C-4E26-96DE-EA4DFD9E1A50}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{42849966-D567-45FA-8143-D78219C8789D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{429E7877-E3D7-4D78-A4D3-59F6F8847BC3}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{43455920-FAED-4C61-9C1E-378EE272C7E9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{43B0DE41-1F51-4775-90FE-180DD1703359}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4489890D-D321-4C63-AC1B-961C95D11C2D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{44916443-DE27-4CD3-A807-B2F943CD39C0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{451EEF6A-F6CE-4BC4-81B7-2F7F99185F25}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{473C16F6-7C6F-47EA-B654-C7BC60D7A57D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{473E8B7A-B04C-4650-A8AE-3BDB843D519C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4769CD82-8C3B-4151-87C0-CFA888D78941}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{476F6DCD-F4EC-4C0E-B7B6-C1F803C1DD1A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4909373E-E031-4898-B381-583FD1687F93}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{49305D31-ED8D-4CC8-BB70-D6B2127F038F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4A83291D-8FB2-4F2F-B867-746AA15D7C67}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4AE7B108-6FAD-48CC-8547-3CC165433717}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4B32219A-ED74-452E-B187-D791140BA2D4}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4B6BDD02-DE9C-4BBC-AC20-EC0839F3A4EA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4B7A6D99-657B-45C3-BF68-DE124A6F1A55}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4BBD3452-81A1-4DD9-99A5-45F9751FC2DA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4D391693-3A37-459F-9E55-9A4D6E6B4AAC}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4D42D9B3-8812-4B22-945C-771BBD785054}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4DC933A4-03E8-45E8-AD74-FCDBCC16D6D5}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4DEECE97-1CEB-4D36-98E9-C9A8DFA32B2F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4E50B325-E1FC-4444-9870-002E4469A231}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4F2BE514-EFC5-429D-BD42-BD7178E55584}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{4FB70152-1E36-45C9-9671-DF1435DF1BB5}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{50339199-7D2D-4A03-A20F-DB5D1EF91BAA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5158DDE3-20BE-4962-9C99-FA7B27D5F809}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{51AD0FCA-3E79-4037-A807-000A8441634E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{51BCDC1F-41F0-43CF-9222-789F8C22AF2B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5266116F-1F36-4CE0-8A46-4FA713B333B8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{53071615-56B1-4071-B31B-3FD09AA4E258}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{54FEAC55-4D48-44F2-9C65-B8C479A4C0B2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5520B510-3A8F-416D-9263-22BA9CFEC1CF}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{553EC74A-EA61-4FEC-A3E3-05D771067238}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5675E463-C569-4207-B166-9908426D6894}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{56DB60E9-9BDC-4D80-9F02-88306396A578}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{56EF83EB-F89E-430C-BE27-8CAABB47D07C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5754CB71-4442-4303-82AD-CEE7A0E7D260}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{576167D1-2C83-4C2A-A53E-272B5BC91FB7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{576C3B30-37EF-40C3-8CA3-90336E56C644}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{57908630-86CA-4193-B139-64AB1E472FA2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{57DC6C7A-E1C5-457B-BFC5-BC207DF6B08F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{57EB6725-6DF1-446E-AEE9-6F5AE8B8FB7B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{58E7630A-C37D-43E6-9A1D-9A6F2F09856A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{58F940E8-89CD-4715-ACBC-E7BAFFF68134}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{59F70A73-5BCB-4DA0-BB43-7802ACDE6F94}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5A642E1E-6808-4D57-8A2A-D5CEE0B3B288}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5A791BDC-6260-4DB3-9E06-892D615A2ECA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5AFB5E48-D40D-46D1-B7C2-18301D288058}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5B4C1C6C-FD8B-46DC-A018-AA22D0C498F9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5B7CD0AB-B5CE-41DD-BD44-CE8D871EE0C7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5BC0D96A-83D2-4DF1-83A9-CFA7AA77B527}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5BC29703-EE5C-4C18-B6F9-D14F26B44B41}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5BDF6FCB-8B5D-42C6-AD58-51D7915AD72F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5C81A807-E605-47E9-A58E-150BE35D9258}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5CFC2454-000A-48AB-A5D8-44E4A56B9475}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5D6371BA-BBBD-443E-BF27-9DE2ACAC0572}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5DC5B6A2-7032-4246-B1D1-98323F584898}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5DE3CFA8-573B-402C-B6F4-759C2DD5269B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5E91F78B-6B61-4046-BFBC-BFB571E0F859}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5EC3A086-7AAE-4F3B-9FA1-F5E046B2CE47}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5F063C7D-5DAA-4FC7-97AE-AD24937C3684}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5F779D0F-900B-454B-8BD6-EECF7665E9D6}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{5FB7F236-610A-4B47-A404-8F56EAEC8031}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{60408C24-D1C8-44D0-99BD-4673068C793E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6042F445-A1BB-4BA5-808A-DA34869AEA29}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{60EF8A0E-88DD-476F-B930-CFBDAF462DAA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{61AE7A33-654A-4C0D-97AF-438DB3103D0F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{62BAE0CC-72E6-41F2-9AF9-12E9DA923D05}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{63299D67-00D1-448D-B78E-6617D34F283B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{63FA8C40-3D67-4A05-8EFB-314FE26854E0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{648F3563-8118-4401-A150-0C81C1DA4D75}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{64950880-F110-4CF3-AA8B-CC9A66CAF5F0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{64B3CAD8-5ADB-4419-84A8-3FED5B34CEA8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{65338511-193E-4063-A3CE-FE1B87ED863A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{65A12516-1805-4E89-A5C2-82BC6851BD36}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{65F61C14-F3AC-402F-AD9B-E4261AAF8212}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{66028ADB-F748-47ED-B8F1-5DA2CAD068E2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{66706DB5-747D-4CF9-9F86-7FE2696F35BE}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{66841844-1106-4C26-9EF9-6A10928CAA9E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{671F9624-B9C4-4AA9-AB4D-6102A097D357}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{67967AD6-663E-4AB3-981B-2EEBF7135488}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{67B09EA7-1962-4569-A567-AA8951CF946B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{67DE7A81-6DB3-4A61-8AEF-63B31EA96225}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{683E9265-111D-44A8-AA29-4FFCB077B85D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{68DE201A-04E8-4026-9209-F495D7B0D469}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{69366BB6-9452-4829-ACD3-84F0DA04612D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{69F164A0-8C36-44E3-9357-857B07C0B213}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6A821712-06FE-43D1-A11D-4309EC4C5DF5}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6A865473-1F00-418A-889F-C6FFCA069AF6}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6A9263DC-AC15-4ADA-BAEA-56719832C64D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6B2BDC23-349C-4F29-B68B-92D9D36C5802}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6B7D6F57-305D-492E-8C0B-C164C3C52F02}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6BD8AE1C-27EE-4614-B3A9-8C947507FDB8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6BDDC072-1F78-47E7-8666-F7FAFF975010}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6C18551A-9372-4F09-8C23-8F28256C9EFF}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6C258C7D-7091-441D-81DD-2363721D3B4B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6C9DA83F-33FD-401E-8AEB-5398D02309F2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6D392205-A5B5-4405-9E91-7FD08B8E3A21}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6D8DE01F-3302-4305-9B8E-807D454A542A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6DBCD5EF-49C8-415A-A3B2-D9A5C44AE72E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6E1D782C-22B8-4497-B8A5-42FBD0B4ADF2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6E5D2BC3-AFE4-43FB-AEC1-6CC25E5251F5}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6E60302E-BE19-443B-9BB1-E4439AE80831}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6E7A4B9C-8095-413D-A359-696685D18703}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6E8C06A2-984E-4217-8E8A-7568D85C2D9E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6EA530D6-5E52-49D9-A604-9F26B086D0D0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6F496272-2161-44E0-9C33-5025395EFFBA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6F7AD9AE-087B-4262-94AE-0EDC64DD6F34}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{6F84B4AE-3D8C-4CCC-B199-D9737D5869B9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7037DB93-EA2F-4967-9F3F-66E7FA7298AB}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{70DB1857-7C98-4911-BFBC-55B19AA08C50}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{70EB0B36-0C47-4FC3-8367-99DA5E258AD7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{71D16AD2-9C91-4ABB-B616-2A370D0DE173}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{71DCE7B5-5679-41F9-BA60-7120D4148F82}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{721487ED-4FE0-4F4A-BDA3-E547C319836E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{732C3602-1E5A-41DB-947D-DEE74881A69A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7373B3D0-49E5-468E-8680-2B6B64B6BC7D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{73C6117F-20A3-4137-B758-98A31D0379E0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{73E09F8B-2DE6-42D9-BA46-0806FEF9B21E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{73E1312B-7F35-4F7E-9E1D-61C5548FE962}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{747FC56C-F3F5-4364-8D06-57187B6FCDF9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{75B723C5-1225-476B-A878-BB6BBA85E0B2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{75E7BFF4-1437-482D-BDEE-EC4D30FED3AF}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{75F628C5-A77F-4622-B51B-7E6258880841}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{765526AE-33BE-48BB-91E8-686A07CDED8E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{76703924-7E53-4B0E-AEE0-07E5D2ED1E7A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{77535EA4-C9FC-40BA-BAFA-E965ADB8335B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{783723DF-E830-41DA-A205-8598253C874F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{78C856E1-5A09-404B-B583-2196D79A093D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{78E24E1D-076F-4A01-BCCB-00203C537919}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{79A9E50C-6C13-4563-B9BF-CD85AC3089BD}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{79F56197-A308-4F3B-8481-D8855960675F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7BE599AB-748D-46AB-A794-8A8449CA9170}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7C4046C3-02A7-4697-A9DA-4050D408595A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7C72ECD4-B9B5-4436-AE89-6B2F76BF9F15}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7D920B95-A320-40C4-9906-9153028040F6}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7DAF4276-EF63-4F92-91FB-70BDF79DAFC7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7E1A1CAD-E23C-4F79-BF95-33342A3C1186}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7E47B468-F5DD-426D-8E73-369079FF02F9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7E8C15CA-65CD-49A6-BBED-EF773463435C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7EB19B36-68BD-46AA-BC18-4DD61F0D407A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7F138B4B-CF0C-4845-9B6D-BC740B95BB95}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7F1F0C50-39E4-429E-8FC9-96FCFCC9CFF7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7F756F18-C7B8-4E3C-86FE-073491121065}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7FCCC9A6-8175-4FA3-83BE-72376CAF92E1}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{7FE2AAEB-C3AE-4336-B80B-CE8B56FA146F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{80364A85-A4AE-4271-BB6B-CE6D40B5C655}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8053B77B-6365-4AB7-BA13-A7446012EE1A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{80A3E0B4-21CC-4E55-866A-506E7EED7E1F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{80B96F00-0FF4-4F34-8B33-01C5062E64EC}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{80DDA3D8-A7FE-4DC0-9E96-D652D3134389}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{80E240ED-A6FC-4C2F-AD6D-5C6B5BB7DD9A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{80F39FE1-5F8B-4BA8-9710-6D6F8E9F5E50}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8150DE11-454F-4FAF-AB21-30E95A0A4A84}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{81CAB0CC-F985-4D9E-A304-5C9E0E51CC6D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{81F23771-C82B-41EF-BB83-24203B25FD4E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{820CE286-B1DD-4CE5-B568-0A7D866220FD}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{823149D6-87AC-4817-9CE7-F31E7C92CEBD}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{82BB5A11-32AE-4FB8-9F69-F16308DBD9D8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{83188554-8DC1-4151-8C57-AB97087FBD61}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{837278D2-9596-47C8-B1AF-9AE88AA177E5}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{839A3A2C-0525-4997-87D2-10A6734B31E8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{83BC30A6-6218-4BBF-ACFD-830A53B419A0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{83F78863-43B4-4DA6-8FA3-910F862E1390}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{84535480-B97C-4A62-8C53-C263099FE28F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{84826885-DE06-42D1-9971-97D2B959E132}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8564699C-33DE-49C5-9D1B-6C2100EAF8BC}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{857F1028-D7BD-491B-83F2-6015E3E33A38}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{85904DDC-370F-4822-9967-F9E14801D349}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8625994C-BDA9-4BA6-AE2B-79AFC49FD4B0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{86331F09-8E8D-4198-8C0F-3B8893C55948}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{86845980-3412-4D68-809D-7C3881522D13}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{875EAE2D-EEA9-46E9-AF53-254E44542006}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{878D51C8-95E8-4F41-AC44-6CB56B2F0059}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{87C8DF4E-14A9-404D-ABC0-1F5068962453}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{885BEC8C-EDCD-4626-917A-79C14917EEB1}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{885E6CCC-B458-459B-9C5D-C3CE8DDE8B0D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{89727388-584B-4121-8311-470EAD62EA96}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{899C733F-2743-4D57-8035-0D2F366B5E62}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{89BFC89F-30F4-4053-B71F-E06A28F8DFF8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{89C69A87-A8C6-49EF-B78F-494C49A762B1}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8A4882B5-F2AB-429E-8988-163824962934}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8A5C01CB-FC90-4BE5-8A7C-17AA30849D9C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8A6A29CB-297B-4CCF-A51F-C72BFC2364A0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8A92AFA7-139C-4605-9DBE-B76F9190AC26}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8B6E454B-DF35-4D25-9D84-429590027B76}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8C36B209-959F-40D1-9EB6-19A983D2F835}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8C40AD3D-3EFC-411B-B87C-03F6EED2F651}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8C7520AC-4802-4ACA-A06E-4E29A481D57F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8D1EEF85-A45F-46AA-B05D-B6F53187FBDA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8D33E1C8-E0A2-4FA9-B919-AEFF3F622892}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8D832CD3-9D74-4341-9250-FA0F2D87741F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8D8DA1DC-CAB9-4F6B-9997-2041545C82C9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8E041BEC-941A-48B1-AB51-0907F5373D14}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8E11CCBA-0E28-480C-A586-3FA32DB00F3C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8E90F35C-88B3-4491-B925-29EB7D22E167}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8F63B4E7-705C-480D-BD96-C6AE7964B119}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8F8D2551-F903-43DA-ACA3-97FF2A260214}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{8FC4A6E3-D879-4AAF-A620-5D725E93C539}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9011094A-A17C-43A8-A210-69509AFEB83A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{907447DA-05F8-4B8A-897A-118B0AA55CAF}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{92376FBB-A1C9-4AE4-8FCE-5DB0ECC63029}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{92E54E33-009A-449D-B656-BCEE8FE0D9C1}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{932BE688-F711-4725-B8D0-2CA5E9AC813E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{934C532B-3FEF-4188-B11B-9FC3B6FF0CF6}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{937EEC4F-9328-43F4-A5BC-75935D54E932}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9387007C-AE3A-4FEA-86B6-334C5198E711}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9430C9AD-E2A1-4202-983A-30300683D36A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{94CC4D69-FE63-437F-A602-80765C0CFFE9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{954A55E5-3FB7-4DF5-B080-D0A211C65EBD}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{958C2372-4DC3-44D0-93AD-5C68844D400E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{95CF7362-244E-48B0-9C25-2F86FDDA1FED}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{95E78FAD-C01A-44A6-B1E4-5AFC32024322}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9617C513-ABCB-4387-8F1E-DD9CA9A1C2AF}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{963DB997-6D44-4488-96E5-47B0C4D5A67D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{965133A0-474C-45C3-81A7-89FAAD63276D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9667B53E-2FD4-44CF-8351-ED10B58BBCD6}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{96D9C90A-5D9C-453B-A80B-9ACB57BDBBB5}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{96DCCFBE-F6A9-4D7B-95DB-6D87DB008661}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{972D33C2-AE07-4D5F-9732-0881403EE087}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9761078D-1119-4413-A342-A53FA28CCF53}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9884732C-725B-4326-9564-57B31772F996}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{98990D97-6079-49FC-BB51-99B04882CDB9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{99A30C4D-4DC2-4F37-BF55-8003F1A06F87}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{99A90DBD-DB0B-4F25-8BFA-F15BA9ED90CA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{99DBD17E-C333-4B0C-8015-973C72CD13F0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9AA617DF-6BA8-450D-AE9D-9CC99DDF792C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9AC80DCF-82AD-4D95-A11B-A9B69E63F029}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9ACCBCAD-514E-4FD2-A5FE-B8B187269AE4}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9ACEC9F0-F16B-41C5-992C-88900E233DD3}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9ADBCD08-628A-408C-9B7C-EA6B49949AFF}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9B24BD2F-ABFE-47B5-9B65-2C162FB239F1}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9C6DF918-C9E4-4713-9DB7-4D740B140A09}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9D860A24-067C-4EB0-8467-E7D3A9584EB2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9DCE1699-80CE-42F1-BCD2-64BA8550D819}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9E11C5FD-B688-460D-9248-3CE61653093B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9F3EE838-3AFD-4247-9862-7794009BFD6C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{9F877621-D2D6-4A04-B275-BF6F9D0D3C41}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A00A0177-AAD9-4157-B007-50C08F2ED25A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A02AEDC6-E133-4AF8-86FC-93AEEAB9E5D2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A05663AB-62AB-4C1B-B06E-79B5F3D6F732}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A09A9F0A-4E6C-452A-A171-3D863F6BAA63}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A0F1400C-F3F8-45ED-8B94-1792FDD9A8EF}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A1B54424-B7B2-45DB-85C4-48978B233A50}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A2151418-F730-4AE3-B05B-4C3F0F58E4B7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A258E6DA-5DF7-4BE9-80ED-3F94F64687DC}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A28A88EB-47E0-424E-B6DB-16BF2CFEC5F2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A2AB9AA6-240F-4C6E-A0E9-90BC8E893115}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A2F08B8F-599A-4E46-9B46-555FE19525EC}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A37561AE-BD5E-4066-A82E-C01A03821D3B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A39CBC42-57EF-4400-860B-4968D8BC18C5}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A3C60BCF-2795-4D58-B98D-E192A3E7ADED}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A467733E-39B7-45D2-B37F-0B818B3FC2DD}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A4CCD1A5-39E1-4E1A-B884-AB91E3C4068D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A4F26995-7F03-41DE-B7E3-B6161C2EAF8F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A5C314B6-74D0-433D-95A7-502D224D7C2A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A5F3C8FA-326B-40C3-9CD6-D83E991B7144}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A6CCBC37-B713-4C86-97B5-2E32535CC7B6}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A6D40A72-3B53-4813-B72B-7353962CF7BA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A737A760-E807-46FA-87E0-EB59F005DEC2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A7981960-D742-448F-BB14-B55477D4D761}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A7DDF8E0-094C-4D7A-B36D-66CF913D5DE3}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A88F904F-E569-4665-A30C-F521E65CD4E4}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A8B19EF7-4892-4D77-9AEB-70E9DC1D0585}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A983C181-71A0-4B67-918F-726D1EBDE41F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A99AEB49-E187-43BD-B2D8-4797A56981C1}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{A9B06DE7-0CD0-4218-8047-EF8BCCD04B62}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{AA77B673-A3C7-4ACD-B944-9F44CD6CE50B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{AACC6EDA-845C-4EAF-9613-2F65C78F1862}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{AAFE83DA-6A18-47F4-AFAA-C23A2BDDC567}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{AB3116CD-BEB8-44CE-989A-B01CC84BD781}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{ACCAC28A-3742-4820-9359-F562263A8A27}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{ACD45E88-45BE-446A-B765-6126198940B6}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{ADDD2F01-FDDA-432C-AE72-485A21239D8F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{AE1C5B7B-67F6-46E6-8813-6CD0BC51A6ED}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{AE81D0C3-4647-4568-938F-B2D46F906159}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{AEEDFB0E-3E71-4C8B-A3C1-866694BCA049}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B06AC858-2C81-44E7-A571-1F4CCE5E36FE}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B168A286-01BA-45A1-AE2E-68A7B1849B93}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B2136E2E-0DA0-4703-9493-81D41FBF64BA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B2735A60-8841-47C2-9480-DB800E042447}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B27E6A5E-1B70-4E11-A8CD-CEDD4DE7E2A8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B2803417-8624-4013-AD61-6BC2FA7B8A45}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B2AC5463-4136-473B-9B66-495E680E1D51}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B2D72738-4DB3-42DB-8C82-5103F4B74F4A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B3335687-410C-48F2-9756-EEE2B8669FC8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B3366735-B448-4C02-B044-8D8D1B32EC2B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B3B2BB7A-DA56-4114-B584-6E5FCCEBB9A0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B46FF90A-C1B0-49AD-ABC8-88CFE2E46049}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B4B6D421-7985-4F7D-996A-0578AC95DDE5}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B519A283-C624-4118-806F-92862322801D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B5355BE3-5FA8-4414-AD9D-8E4779692651}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B62BF188-927B-4453-AFF0-B0352CAFA58D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B717670D-0B5A-436E-874D-75DBC64A1271}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B7CE30E5-4F16-4B5B-BFFD-6EA65FCE3067}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B8228DA5-2013-452D-B2CB-E744EC42187A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B88DD6BE-66F8-4DC6-B372-C5479F203937}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B8E09932-EE65-4C09-965A-DC5E5ADE2663}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B8EC500E-EFC9-42F0-9C87-FAE2EE621506}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B95BEE9E-9607-4766-8830-BD4432F034D8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B9A06A05-537E-44EB-B628-39B85C7958C1}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B9A7A19F-2738-401E-A95B-A084657E3073}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{B9B3609B-71DD-4271-A1C1-73E3959FF7FB}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BA25F9FE-DB26-4C0E-9ADE-B89EF5FA321C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BA295644-C056-4A18-846A-8CD343ECFF78}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BA61D227-277B-4595-B97A-BE963D933587}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BA9D6195-F291-44BF-B727-6B0EAF7C42B9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BAB441A1-37DE-4B85-8321-A49060384A51}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BAB735E2-1813-4B77-8E27-012831360616}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BBB9CD3F-0EDF-4FC5-96B2-66F51E0D242C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BBEC428A-558F-4B66-B7C2-9B54E5AD3C83}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BC60BDBD-5E25-4EF0-BD92-F94FAC41567C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BCF10DF1-3F91-4A4F-8B88-6D338FDCE257}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BCF1EC6C-0923-413A-B26D-06208563DC22}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BCF42E9D-5C8E-4DCA-8760-2921D40CFFB1}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BD2068C1-427D-48EB-9382-5B4E1BF0A172}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BD597F4B-0DDA-43BB-A113-6586B13B3685}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BDBEF79F-C1B8-4DCC-B796-FD40AB4AD60B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BDE392F6-5FD4-4B2C-9F52-5998134D52E7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BE5B7F54-443F-4DA6-8C24-0D939D8C7DA2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BF5480CC-74E0-408F-9AB5-ED6872775C81}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BFB2E93A-588A-4E7F-AB5F-D08061364B89}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{BFC4BE7A-F49A-4130-BD41-3812789C424B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C0AEB673-C23E-4591-8DA8-4857C847C3CA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C1090959-B0CE-4DA2-89C9-240146EDDF35}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C11DBA18-9F91-4D70-B842-4DC6058D692C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C1748470-1065-473A-981B-216CF81C596F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C17FACF4-C946-4DB7-A21F-88EE038E7952}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C1BD3986-E1F9-4C7D-8F68-88293FAFD7C8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C1CDBCE4-F8CA-4C99-AA52-68635651559A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C207F076-37A2-4FD6-B9F3-495D669177BB}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C306928E-B4EC-4CE6-8210-69BD05B0BCA2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C3D45163-5E8B-49EF-A098-D60988373958}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C405EBEE-A0D4-4AC6-9AC7-73BE7988FC40}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C4F5076D-582F-4754-A29D-B2F48B16860C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C59CC546-2C33-45E3-9532-C3F30353EF6E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C5B4148F-632A-4732-B1EB-8019468ADF49}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C5BD6590-4848-4583-B42B-589A27C80887}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C5DF10B6-1E58-4A09-9C50-5E9B875849E2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C6472F3D-3066-43EB-BD90-0F15262C33D2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C6907281-D67C-47E2-B58E-FD964C3F09CD}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C6DE6B29-22F7-4D3C-AEA3-58DF7DD7A5E3}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C8079861-D9F8-4783-A181-35A1FB362838}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C80ED244-49B8-46D7-BFD0-8DCC55EC993B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C818250E-A9A6-4160-9CED-9CF16BA5F532}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C87FCA9B-10B2-43E9-9AE6-6EFC0ACC99F1}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C8C293C8-28C6-4A11-98DA-9092523FFC9A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C8D737E7-BF74-4ED0-A92B-EBC0E2890839}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C95BF6C2-680C-49C6-B838-3AC3285FAAAD}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C9B9A103-39E4-4AA6-99D4-1E5F21B0CFC5}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{C9CE867D-D4F8-41C2-A1AF-C2674CF134AE}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{CAEAB21F-D538-4B8F-8922-C4EF4E433032}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{CB01B660-4D8F-4761-BED8-5E3FAED1466E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{CB92542E-9FF2-4E3A-8920-3D0278EFE016}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{CC31080A-5785-4983-9119-7FCE52411187}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{CC54BC7A-5836-4025-A6AD-92858EB8D371}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{CCE27DD9-BDF9-403C-B55E-4C294FBE6762}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{CD3735EC-6785-4B08-A766-52AC07B0FE38}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{CD90BD4C-4448-4D47-BE7F-2CDEA1F39BA8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{CE2FBBBF-3DEB-4964-B27D-E59DEA8C8451}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{CE36AB67-D288-4C79-A939-6B37037A6277}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{CE48A11B-C8A7-41DF-AA6B-A104F447D682}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{CFD52A59-D5A0-41A1-92E5-96608968974E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D061998F-A9E5-4517-96C1-1B419A6B5BA7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D1359AA0-3CAC-4DC1-BD4C-DF058B1EA301}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D197F1DB-AA79-4024-A509-372633D3EACA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D1A6D19D-E3B4-4B2D-A412-EB465F7AA449}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D2EACC6A-2354-4B0F-B0D7-AA7572525F38}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D2F5C8F8-ED91-4270-80CD-0CA15CFDF0F9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D388647A-7206-4F05-8E5D-25EB8ED304C7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D3E1FDB6-4FAF-4DBA-8FEC-495294738E0D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D3F82456-22C0-4E11-AD3D-C68D0233EC84}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D3FC9C72-01FA-483F-A669-57B7BB084A1E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D48A7830-29EE-4293-9750-17157D8E4AF2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D4C92E45-55F1-45EA-A0F7-E317E8671A9F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D4DF22AF-9827-410D-B4AA-5340669C1397}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D568DBDF-2470-438F-A455-47AC9F2B93F7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D5A05C36-C90D-46CC-9101-9F2984640F97}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D61AF38C-C10C-4953-A3B9-F68C6ECD5130}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D63BF20A-7D4F-4CF3-BB9D-CF9CFB98ADBF}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D65DA36E-2F88-4B0A-B3BC-6752320A02E1}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D6BDD874-9ADB-44AD-9F75-BFFC713CC698}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D6E3DC40-61DC-4D4F-B101-A916EBE4A3B0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D7AEDEF6-5143-452C-ABC9-15B80F49DD9D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D8652AFD-F3D4-49ED-8798-66A002CA7F60}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D8BC6F86-E32F-42F8-858A-8777FDEC6DEB}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D9036AD4-D4E3-48F0-A2D1-562A1851AFAB}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D94F041D-B957-4ED8-BFD9-A2DB2D1625B0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{D9F8547F-901F-46B6-B9B8-033AF541C6E5}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DA0198D1-E1EA-459A-9AA6-A2135ADB0C12}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DA2AB736-3910-4862-8272-DD4074F77303}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DAA65AB3-F699-40E1-87CB-97BD476E0A8E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DAE02EE3-9314-4E3C-A0B6-839E4CED9B1A}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DB1F8B28-6FD9-4F6A-88C5-4F03A60CCF90}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DB202563-5FF9-418C-95E2-1FF0EE18385E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DB30237F-0F72-44D3-898B-88B84D2B495B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DB429F36-3EF2-406A-BBDF-CA07EE85DD22}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DB473DC2-8650-4AAA-81B2-BCB5CBB4EABB}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DBC31117-599A-43B3-B688-6D2AEF2FAC58}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DC93CD15-7362-45E3-BD4D-07D551E0E9BE}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DCD59006-6516-4DFC-AE76-3E64796D0E58}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DDF34947-2E58-46FE-A4FE-400A2D922219}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DE4D45A7-C97E-4B6F-9CCF-6BFCE1BBA171}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DE60C484-6F87-46A2-8734-233B77E16662}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DEF79F55-A557-40FD-B64F-A1A838657213}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{DF245C15-B8A9-4D6B-B439-57517F7F28FC}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E02B1A23-F04E-4A86-8617-CBEF1E193BF5}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E127E24B-E74B-4BCD-88DB-B182EF0EC507}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E2619F4B-4D9D-4860-BB12-A3A542541518}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E2A79904-579A-48D4-8ABB-E4BDBC66B30F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E3445A6D-ADC3-437E-9A50-E56BDF5C5301}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E3821666-1A1F-47F2-A47E-31FBAAC0DC00}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E4286816-AAA0-48DE-9AFC-DC7AFEDCBC5D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E487ED7D-4AAB-4913-8FFE-D1DB1A9BD4A4}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E4F41DDA-F135-4A1C-B37D-75A954BA27B4}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E5145A37-BA09-4948-9E91-7F4032C66B76}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E531E60E-8F12-4E91-B545-B63F31246BAA}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E57DF2B2-9587-47B6-967A-E1F1B6C3CC1C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E59B4F27-A243-4829-9178-C396FD7BEB4E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E61D3451-CDF8-4FCB-B1FD-F94324F904BC}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E721C407-8FC0-4BEA-9CFB-B167904B3E1B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{E7511584-CBAF-43C9-8D2E-37BDECDA961C}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{EA5388E6-2F7B-42C4-BA96-75CA7409D419}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{EC02F084-A8E5-4628-9F91-62740EBCB2DD}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{EC3B26AB-E9CF-4DB8-8AD3-F999ED657592}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{EDF899CD-F542-4975-A301-90DEEB0ADC65}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{EE13BC9B-2D1D-488C-A3C0-DFD27D1CA140}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{EE21FF79-5211-4C2D-A7C7-CA353174CEAF}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{EED60986-AD0A-401E-9B3E-17A8805328C2}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F04D14BA-CAD7-422C-87FF-8DC4693F4454}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F0DBB88C-9447-4480-8B7D-11444D432AF7}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F1077109-5998-410E-AD82-2654FAA34FCE}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F13167F8-39EF-463E-AB4C-9DE2EC00A23F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F2BD442B-1BAC-45D2-AC4B-55DF7B1CC238}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F2FD9DC0-978F-4061-990B-67E79685DC95}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F35184A8-AD28-48DD-B579-3838AECD34E9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F5ADB830-9146-4362-8E78-1C5CFC3729E9}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F625FE65-47A2-43CD-B0E4-667AA42EE9E8}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F64884D1-2F0C-4EB5-8644-4F7B045F002F}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F67978FE-BC0A-49C0-9CC9-AA5743838A8E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F67D8E34-DDBC-4871-A3F5-78B7EEE625B0}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F74DA3FC-76B5-40A4-A995-C1C840CE2C25}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F75C2D24-41C7-40DE-9592-0E84AB1C36D6}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F833A605-0F06-412F-8D99-9C57DE1B6703}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F85A554A-8F66-4E4C-96AE-F6CEA340B337}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F864FE53-C9F4-4107-8930-2631A5C98B6E}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F9478689-33FE-4294-BE22-17EF194E9B69}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{F9690068-1044-4908-A82E-716460C4A265}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FA1FA7A2-0C45-4E28-B2E8-7D8B03759005}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FAB397CB-E69F-419F-8C3E-F28DBD071661}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FB0970D1-9B3F-42C2-8D6B-AD50ABAE143D}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FB4600EA-B795-49B9-94DF-23AA719E7416}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FBABB4D8-C9E9-4140-8291-8E9FEF125C77}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FC9EDC00-3E42-4CAA-9CD3-7B2D66EE0A3B}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FD33918C-C1EC-4C80-AE52-D205A3BBB961}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FD592122-07F0-4EC9-A57A-F7EE70DE2248}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FEEEB3D9-B8D5-40D9-BD84-1E8208EB5062}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FEF4DD52-C9FD-49A8-9CC5-55F900344989}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FF3482B7-273E-4C2C-AE00-4E0C78772E15}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FF4ACCCE-AB80-4DEF-AD55-8122EFC34CFB}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FF891C07-28E4-4325-A69C-6D9028C5E678}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FFDE537E-D737-411E-93B9-DA88E43D03C4}
Successfully deleted: [Empty Folder] C:\Users\My\appdata\local\{FFFB383E-DD5C-435E-9960-D285AD633099}



~~~ FireFox

Emptied folder: C:\Users\My\AppData\Roaming\mozilla\firefox\profiles\1q6lsz8d.default\minidumps [416 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/07/2013 at 20:50:49,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 


Zoek.exe Version 4.0.0.4 Updated 14-July-2013
Tool run by My on 15/07/2013 at 20:57:35,73.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

==== Possible Rootkit Infection ======================

C:\Windows\system32\services.exe Possible Infected!

==== EOF on 15/07/2013 at 20:58:00,06 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Noite! RafaeL Icassati 2


|- Baixe: < RogueKiller > ( ... par tigzy ) ( 32 bits version )


|- Ou: < ablsEVeT.jpg > ( ... par tigzy ) ( 64 bits version )


|- Salve-o no desktop! RogueKiller_Logo.jpg

|- Feche aplicativos que estejam abertos!

|- Execute RogueKiller.exe e aceite a Eula.


abeo9i3V.jpg


|- Aguarde a finalização de seu Pre-scan.


RogueKiller_Scan2.jpg


|- Dê início ao diagnóstico,clicando no botão "Verificar".

|- Exemplo: Mode: Verificar -- Date: mm/dd/2013 00:52:24

|- Poste o relatório: RKreport[1].txt


A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia DigRam!

 

RogueKiller V8.6.2 _x64_ [Jul 2 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Site : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado em : Modo Normal
Usuario : My [Privilegios de Admnistrador]
Modo : Verificar -- Data : 07/16/2013 07:59:49
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 6 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

¤¤¤ As tarefas agendadas : 4 ¤¤¤
[V2][sUSP PATH] DealPly : C:\Users\My\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe - /Check [x] -> ENCONTRADO
[V2][sUSP PATH] Parker : wscript.exe - /B "C:\Users\My\AppData\Roaming\msddn.vbs" [x][x] -> ENCONTRADO
[V2][sUSP PATH] Tasker : wscript.exe - /B "C:\Users\My\sec.vbe" [x][x] -> ENCONTRADO
[V2][sUSP PATH] Wisker : wscript.exe - /B "C:\Users\My\nebp.vbe" [x][-] -> ENCONTRADO

¤¤¤ entradas de inicialização : 0 ¤¤¤

¤¤¤ Os navegadores da Web : 1 ¤¤¤
[FF][PROXY] 1q6lsz8d.default : user_pref("network.proxy.type", 2); -> ENCONTRADO

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado 0x0] ¤¤¤

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Infecção : ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEKT-60KA9T0 +++++
--- User ---
[MBR] a7299bc90d59f63d2a7953972b5cb9e2
[bSP] 72af755d83eed470540442895deb84b0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 458953 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940345344 | Size: 17683 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[0]_S_07162013_075949.txt >>



Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! RafaeL Icassati 2

|- Abra,novamente,a ferramenta RogueKiller.
|- Clique em Verificar.

RogueKiller_Registry_zps168e7585.jpg

|- Clique na guia "Registro".

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

|- Marque as checkbox destas entradas!
|- Clique "Deletar" e aguarde a conclusão!
|- Poste o relatório!
|- Faça o mesmo para a guia "Proxy" >> "Consertar Proxy".
|- Poste os relatórios!

-/-

|- Desabilite seu antivírus!
|- Vá ao Gerenciador de Tarefas e pare o processo wscript.exe.
|- Abra a ferramenta zoek.
|- Para Windows 7,execute zoek.exe como administrador.

C:\Users\My\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe;f
C:\Users\My\AppData\Roaming\msddn.vbs;f
C:\Users\My\AppData\Roaming\DealPly;fs
C:\Users\My\sec.vbe;f
C:\Users\My\nebp.vbe;f
firefoxlook;
autoclean;
emptyalltemp;


|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

 

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

Zoek_Reboot_zpscf60b3cf.jpg

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite DigRam!

 

 

RogueKiller V8.6.2 _x64_ [Jul 2 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Site : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado em : Modo Normal
Usuario : My [Privilegios de Admnistrador]
Modo : Verificar -- Data : 07/17/2013 08:04:16
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 0 ¤¤¤

¤¤¤ As tarefas agendadas : 4 ¤¤¤
[V2][sUSP PATH] DealPly : C:\Users\My\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe - /Check [x] -> ENCONTRADO
[V2][sUSP PATH] Parker : wscript.exe - /B "C:\Users\My\AppData\Roaming\msddn.vbs" [x][x] -> ENCONTRADO
[V2][sUSP PATH] Tasker : wscript.exe - /B "C:\Users\My\sec.vbe" [x][x] -> ENCONTRADO
[V2][sUSP PATH] Wisker : wscript.exe - /B "C:\Users\My\nebp.vbe" [x][-] -> ENCONTRADO

¤¤¤ entradas de inicialização : 0 ¤¤¤

¤¤¤ Os navegadores da Web : 1 ¤¤¤
[FF][PROXY] 1q6lsz8d.default : user_pref("network.proxy.type", 2); -> ENCONTRADO

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado 0x0] ¤¤¤

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Infecção : ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEKT-60KA9T0 +++++
--- User ---
[MBR] a7299bc90d59f63d2a7953972b5cb9e2
[bSP] 72af755d83eed470540442895deb84b0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 458953 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940345344 | Size: 17683 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[0]_S_07172013_080416.txt >>
RKreport[0]_D_07172013_080127.txt;RKreport[0]_S_07172013_075954.txt

 

 

 

 

 

RogueKiller V8.6.2 _x64_ [Jul 2 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Site : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado em : Modo Normal
Usuario : My [Privilegios de Admnistrador]
Modo : ProxyFix -- Data : 07/17/2013 08:04:36
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 0 ¤¤¤

¤¤¤ Os navegadores da Web : 1 ¤¤¤
[FF][PROXY] 1q6lsz8d.default : user_pref("network.proxy.type", 2); -> ERROR DELETING FF LINE

¤¤¤ Driver : [Não Carregado 0x0] ¤¤¤

¤¤¤ Hives externas: ¤¤¤

¤¤¤ Infecção : ¤¤¤

Concluido : << RKreport[0]_PR_07172013_080436.txt >>
RKreport[0]_D_07172013_080127.txt;RKreport[0]_S_07172013_075954.txt;RKreport[0]_S_07172013_080416.txt

 

 

 

 

 

 

 


Zoek.exe Version 4.0.0.4 Updated 17-July-2013
Tool run by My on 17/07/2013 at 20:02:53,11.

Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default

user.js not found
---- Lines CT2851643 removed from prefs.js ----


---- Lines CT2851643 modified from prefs.js ----


---- Lines CT3219432 removed from prefs.js ----


---- Lines CT3219432 modified from prefs.js ----


---- Lines CT3282722 removed from prefs.js ----


---- Lines CT3282722 modified from prefs.js ----


---- Lines Lyric removed from prefs.js ----


---- Lines Lyric modified from prefs.js ----

user_pref("extensions.enabledAddons", "ascsurfingprotection%40iobit.com:1.0,lyrics%40LampFit.co:1.116,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0");

---- FireFox user.js and prefs.js backups ----

prefs_072013_0848_.backup
prefs_072013_2006_.backup

==== Deleting Files \ Folders ======================

"C:\Users\My\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe" not found
"C:\Users\My\AppData\Roaming\msddn.vbs" not found
"C:\Users\My\sec.vbe" not found
"C:\Users\My\AppData\Roaming\DealPly" not found
"C:\Users\My\nebp.vbe" deleted
"C:\ProgramData\0" deleted
"C:\ProgramData\6" deleted
"C:\ProgramData\idt" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\portaldosites.xml" deleted
"C:\Users\My\nebp.vbe" deleted
"C:\Windows\SysNative\roboot64.exe" deleted
"C:\windows\SysNative\Tasks\DealPly" deleted
"C:\windows\SysNative\Tasks\DealPlyUpdate" deleted
"C:\ProgramData\HPWALog.txt" deleted
"C:\windows\SysNative\tasks\Desk 365 RunAsStdUser" deleted
"C:\windows\SysNative\tasks\LyricsPod Update" deleted
"C:\Windows\tasks\LyricsPod Update.job" deleted
"C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\searchplugins\psafe-clikseguro-customized-web-search.xml" deleted
"C:\Program Files (x86)\Uninstall Information\ib_uninst_0" deleted
"C:\Program Files (x86)\Uninstall Information\ib_uninst_312" deleted
"C:\Program Files (x86)\Uninstall Information\ib_uninst_396" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted
"C:\found.000" deleted
"C:\Users\My\AppData\Local\CRE" deleted
"C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\CT2851643" deleted
"C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\CT3219432" deleted
"C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\CT3282722" deleted
"C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\CT2851643" deleted
"C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\CT3219432" deleted
"C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\CT3282722" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF
- Undetermined - %ProfilePath%\extensions\data
- Modulo de Seguranca - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
- Guardiao Itau Unibanco - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==== Firefox Plugins ======================

Profilepath: C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
C899B98999270821EDFFA56044DE2377 - C:\Users\My\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin
2C82D753EF779945977C82A3908DA20A - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.90.5
CD375F6297DFD24BAA250C7E62FA1216 - C:\Users\My\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
DAD55CEF682EAE6FA7B4C9487563A496 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll - Shockwave for Director / Shockwave for Director
F7E675EBDE6DA3A1665F2DCFA683322F - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blefcpkldpjpbapgmoemkmdibidpiojd - C:\Program Files (x86)\LyricsPod\116.crx[]
fpknlgclcjbgepbagcobhdainldkgggl - No path found[]
hbifadahmagjcomobfcdldkkcipemlah - C:\Users\My\AppData\Local\CRE\hbifadahmagjcomobfcdldkkcipemlah.crx[]
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
kkkeikdkpjenmoiicggnnodbkebafgpc - C:\Program Files (x86)\Internet Explorer\cr_addon.crx[18/01/2013 19:37]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02/10/2012 11:14]
mdebcffgnijbblbinknkbefciofebcda - No path found[]
nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePluginFor6.crx[22/04/2013 19:02]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
hbifadahmagjcomobfcdldkkcipemlah - C:\Users\My\AppData\Local\CRE\hbifadahmagjcomobfcdldkkcipemlah.crx[]
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\My\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx[06/11/2012 20:03]

Browser Helper Object - My - Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc
Skype Click to Call - My - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Advanced SystemCare Surfing Protection - My - Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd

==== Chrome Fix ======================

C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage deleted successfully
C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{1B399743-BC9C-419A-B03A-1C401BC72208} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1825749246-3439649273-815915689-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1B399743-BC9C-419A-B03A-1C401BC72208} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blefcpkldpjpbapgmoemkmdibidpiojd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fpknlgclcjbgepbagcobhdainldkgggl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hbifadahmagjcomobfcdldkkcipemlah deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\hbifadahmagjcomobfcdldkkcipemlah deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\My\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\My\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\My\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\My\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\My\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\My\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\My\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\My\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 17/07/2013 at 20:10:16,15 ======================


Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! RafaeL Icassati 2

 

|- Instale o MBAM: < adeWcUUs.jpg >
|- Atualize o programa!
adtCRpOM.jpg
|- Desmarque a caixa: "Ativar trial gratuito do Malwarebytes Anti-Malware PRO"
|- Clique "Concluir".
|- Escolha o escaneamento Rápido! >> Verificar!
|- Desabilite programas de proteção,ao executar o malwarebytes.
|- Para Windows Vista ou 7,clique direito no arquivo e execute-o como administrador.
|- Ps: Para determinadas infecções,o programa pedirá reboot. << Confirme!
MBAN_Remover.jpg
|- Ao concluir,clique em "Ok" >> "Ver Resultados" >> "Remover Selecionados".
|- Poste,o relatório: mbam-log-2013-xx-xx (00-00-00).txt
|- Indo à janela principal do MBAM,clique na aba Logs para obter o relatório.
|- Poste,também,HijackThis atualizado!
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite DigRam!

 


Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Versão da Base de Dados: v2013.07.18.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
My :: MY-PC [administrador]

Proteção: Não permitir

18/07/2013 19:18:09
mbam-log-2013-07-18 (19-18-09).txt

Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 216049
Tempo decorrido: 4 minuto(s), 45 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)

(fim)

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:45:43, on 18/07/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Users\My\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.cga.com.cn
O15 - Trusted Zone: http://*.ogdev.net
O15 - Trusted Zone: http://*.sdo.com
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: /f
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18051 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! RafaeL Icassati 2

 

|- Desinstale o Malwarebytes.

 

|- Baixe: < desktopicon.png > ( ... by Swearware )
|- Salve-o no desktop! ( Área de trabalho! )
|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )
|- Feche algum programa/arquivo que esteja aberto.
|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )
|- Ps: Esteja conectado(a) à Internet. <- Importante!
|- É preciso estar logado no sistema com privilégios de administrador.
|- Execute ComboFix.exe,com um duplo clique.
|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!
|- Ps: Ficará,portanto,à seu critério optar por sua instalação.
Safe-Mode.jpg
|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.
|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.
|- Abrir-se-á a janela Auto Scan.
etapas.jpg
|- Aguarde a finalização de todas as Etapas.
|- Durante o scan,evite utilizar o mouse ou teclado!
|- Concluindo,poste: C:\ComboFix.txt

"Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."

|- Ao ocorrer este erro,basta reiniciar o computador!
"ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."
Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia DigRam!

 

ComboFix 13-07-20.01 - My 20/07/2013 9:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.3895.2232 [GMT -3:00]
Executando de: c:\users\My\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Internet Explorer\IEADdon.dll
c:\programdata\Microsoft\Thunder.dll
c:\windows\SysWow64\drivers\ctl_w32.sys
c:\windows\SysWow64\drivers\lojlig.sys
c:\windows\SysWow64\drivers\mgcscrd.sys
c:\windows\SysWow64\ijl11.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-06-20 to 2013-07-20 ))))))))))))))))))))))))))))
.
.
2013-07-20 12:45 . 2013-07-20 12:45 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59183200-33C3-4175-9C73-3F96E8870FAC}\offreg.dll
2013-07-20 12:43 . 2013-07-20 12:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-20 12:35 . 2013-07-20 12:35 0 ----a-w- c:\windows\SysWow64\drivers\clbdriver.sys
2013-07-20 10:22 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59183200-33C3-4175-9C73-3F96E8870FAC}\mpengine.dll
2013-07-18 21:34 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-17 23:08 . 2013-07-20 12:46 -------- d-----w- c:\users\My\AppData\Local\Temp
2013-07-17 23:08 . 2013-07-17 23:02 24064 ----a-w- c:\windows\zoek-delete.exe
2013-07-17 20:44 . 2013-07-17 20:44 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{096D383F-E09C-4E34-A9EC-205817BD1043}\gapaengine.dll
2013-07-17 20:44 . 2013-07-04 01:06 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-15 23:25 . 2013-07-15 23:25 -------- d-----w- c:\windows\ERUNT
2013-07-15 23:16 . 2013-07-15 23:16 88 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-13 01:55 . 2013-07-13 01:55 -------- d-----w- c:\users\My\AppData\Roaming\raidcall
2013-07-13 01:54 . 2013-07-13 01:56 -------- d-----w- c:\program files (x86)\RaidCall
2013-07-10 21:06 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-04 00:47 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-07-04 00:40 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-04 00:40 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-04 00:40 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-07-04 00:40 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-04 00:40 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-07-04 00:40 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-07-04 00:40 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-07-04 00:10 . 2012-10-11 03:08 44928 ----a-w- c:\windows\system32\drivers\mcvidrv_x64.sys
2013-07-02 10:49 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F93D2E7-9EB2-48E1-9027-46CC73FC763C}\mpengine.dll
2013-06-26 23:48 . 2013-06-26 23:48 -------- d-----w- C:\Level Up! Games
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-20 12:45 . 2013-05-15 10:26 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys
2013-07-11 02:41 . 2011-10-06 14:33 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-04 00:34 . 2011-06-11 04:58 773712 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-07-04 00:34 . 2011-06-11 04:58 420944 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-06-12 01:00 . 2012-05-24 11:27 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 01:00 . 2011-09-27 14:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-07 14:30 . 2013-06-07 14:30 799232 ----a-w- c:\windows\system32\NETwNc64.dll
2013-06-07 14:30 . 2013-06-07 14:30 2750464 ----a-w- c:\windows\system32\NETwNr64.dll
2013-06-07 14:30 . 2013-06-07 14:30 7821312 ----a-w- c:\windows\system32\drivers\NETwNs64.sys
2013-06-07 14:26 . 2013-06-07 14:26 7680512 ----a-w- c:\windows\system32\drivers\NETw5s64.sys
2013-05-13 05:51 . 2013-06-12 10:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 10:15 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 10:15 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 10:15 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 10:15 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 10:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-12 10:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-12 10:15 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 10:15 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 10:15 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 19:06 . 2011-10-28 13:43 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 05:49 . 2013-06-12 10:15 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 10:15 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 10:18 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2011-11-22 18:29 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 02:47 . 2013-05-01 02:47 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 02:47 . 2013-05-01 02:47 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-01 02:47 . 2013-05-01 02:47 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-01 02:47 . 2013-05-01 02:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-01 02:47 . 2013-05-01 02:47 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-01 02:47 . 2013-05-01 02:47 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-01 02:47 . 2013-05-01 02:47 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-01 02:47 . 2013-05-01 02:47 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-01 02:47 . 2013-05-01 02:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-01 02:47 . 2013-05-01 02:47 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-01 02:47 . 2013-05-01 02:47 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-01 02:47 . 2013-05-01 02:47 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-01 02:47 . 2013-05-01 02:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-01 02:47 . 2013-05-01 02:47 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 02:47 . 2013-05-01 02:47 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-01 02:47 . 2013-05-01 02:47 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 02:47 . 2013-05-01 02:47 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-01 02:47 . 2013-05-01 02:47 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-01 02:47 . 2013-05-01 02:47 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-01 02:47 . 2013-05-01 02:47 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-01 02:47 . 2013-05-01 02:47 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-01 02:47 . 2013-05-01 02:47 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-01 02:47 . 2013-05-01 02:47 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-01 02:47 . 2013-05-01 02:47 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-01 02:47 . 2013-05-01 02:47 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-01 02:47 . 2013-05-01 02:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-01 02:47 . 2013-05-01 02:47 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-01 02:47 . 2013-05-01 02:47 441856 ----a-w- c:\windows\system32\html.iec
2013-05-01 02:47 . 2013-05-01 02:47 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-01 02:47 . 2013-05-01 02:47 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-01 02:47 . 2013-05-01 02:47 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-01 02:47 . 2013-05-01 02:47 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-01 02:47 . 2013-05-01 02:47 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-01 02:47 . 2013-05-01 02:47 235008 ----a-w- c:\windows\system32\url.dll
2013-05-01 02:47 . 2013-05-01 02:47 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-01 02:47 . 2013-05-01 02:47 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-01 02:47 . 2013-05-01 02:47 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-01 02:47 . 2013-05-01 02:47 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-01 02:47 . 2013-05-01 02:47 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-01 02:47 . 2013-05-01 02:47 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-01 02:47 . 2013-05-01 02:47 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-01 02:47 . 2013-05-01 02:47 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-01 02:47 . 2013-05-01 02:47 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-01 02:47 . 2013-05-01 02:47 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-01 02:47 . 2013-05-01 02:47 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-01 02:47 . 2013-05-01 02:47 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-01 02:47 . 2013-05-01 02:47 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-01 02:47 . 2013-05-01 02:47 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-01 02:47 . 2013-05-01 02:47 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-26 05:51 . 2013-06-12 10:16 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 10:16 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 10:15 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-03-17 15:06 . 2013-03-17 15:14 505690112 ----a-w- c:\program files (x86)\LogoDesignStudio.msi
2012-07-30 15:46 . 2012-07-30 15:31 7 ----a-w- c:\program files\infosapi.DLL
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-13 1088424]
"NitroPC"="c:\program files (x86)\NitroPC\NitroPC.exe" [2008-08-19 3477504]
"Facebook Update"="c:\users\My\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-14 138096]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~2\GBPLUGIN\gbiehuni.dll" [2013-02-18 1364304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-01-22 13:31 1684520 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2013-02-18 13:57 1364304 ----a-w- c:\progra~2\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 NETw5s64;Driver do adaptador Intel® Wireless WiFi Link Série 5000 para Windows 7 64 bits;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Pcouffin64;Low level access layer for CD devices;c:\windows\system32\Drivers\pcouffin64a.sys;c:\windows\SYSNATIVE\Drivers\pcouffin64a.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va011;X6va011; [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys;c:\splash.sys\config\dvmio.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 15:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 01:00]
.
2013-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1825749246-3439649273-815915689-1001Core.job
- c:\users\My\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 23:04]
.
2013-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1825749246-3439649273-815915689-1001UA.job
- c:\users\My\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 23:04]
.
2013-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04 13:45]
.
2013-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04 13:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-10 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-10 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-10 408600]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Free YouTube to MP3 Converter - c:\users\My\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: com.cn\*.cga
Trusted Zone: ogdev.net
Trusted Zone: sdo.com
TCP: DhcpNameServer = 201.6.2.165 201.6.2.45 201.6.4.116
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab
FF - ProfilePath - c:\users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: !HIDDEN! 2011-09-22 14:37; otis@digitalpersona.com; c:\program files (x86)\DigitalPersona\Bin\FirefoxExt
FF - ExtSQL: !HIDDEN! 2013-03-16 19:05; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORFÃOS REMOVIDOS - - - -
.
URLSearchHooks-{4c503398-e82e-4e74-b777-cc43aa56492f} - (no file)
BHO-{47B614AF-B4CC-485B-B331-BE26F02ED4CC} - c:\program files (x86)\Internet Explorer\IEAddon.dll
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
.
**************************************************************************
.
Tempo para conclusão: 2013-07-20 10:01:59 - Máquina reiniciou
ComboFix-quarantined-files.txt 2013-07-20 13:01
.
Pré-execução: 363.522.695.168 bytes disponíveis
Pós execução: 362.762.956.800 bytes disponíveis
.
- - End Of File - - 3C42D9555158314379AC268B282C9221
B0B221F1618F306AA360734727BE6BB2

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Tarde! RafaeL Icassati 2


|- Alem de adwares,vc possui um rootkit ( clbdriver.sys )que setou link malicioso na URL de configuração automática,que impedia alterações individualizadas no IE ou arquivo ".ins" central ao utilizar grupo empresarial.

A intenção é o furto de senha bancária ou cartão de crédito,já que esta infecção é comum em PCs com acesso à Bancos.

A mesma pode estabelecer setor oculto em seu HD,mantendo o bootkit ou "TDSS",que possui carga prioritária em relação ao SO.

Ps: Normalmente,existem tarefas suspeitas associadas ao malware,sendo que no seu caso,não encontrei a(s) mesma(s).


-/-


"Siga,na ordem proposta,estes procedimentos!"


|- Baixe: < Kenco > ( ... by jpshortstuff )

|- Salve-o no desktop!

|- Para Windows 7,execute Kenco.exe como administrador.

|- Ps: Aparecerá uma tela preta e,à seguir,o relatório. <- Poste-o!


-/-


|- Baixe: |TDSSKiller.zip|

|- Salve-o no disco local e descompacte-o,direcionando-o ao desktop. ( Área de trabalho! )

|- Feche aplicações que estejam abertas! <- Importante!

|- Desabilite seu antivírus e/ou antispyware. <- Importante!

|- Execute-o com um duplo clique em TDSSKiller.exe


"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt


|- Caso prefira executá-lo por linha de comando,digite ou cole a linha,em destaque,no executar.

|- Vá em Iniciar -> Executar -> Digite a LC -> Clique OK.

|- Ps: Essa modalidade na execução,somente funcionará se TDSSKiller.exe estiver no desktop.

|- Ps: Para Windows Vista ou 7,clique direito no arquivo e execute-o como administrador.


TDSSKiller.jpg


|- Na tela principal,siga a ordem numérica até a obtenção do relatório.


TDSSKiller_Settings.jpg


|- Em "Change parameters",marque todas as caixinhas.

|- Á seguir,clique em "Start scan"


TDSSKiller_Skip.jpg


|- Ao concluir,clique em "Skip" para detecções suspeitas.


|- Clique em "Continue". < TDSSKiller-continue.png >


|- Ao concluir,clique em "Report".


|- Poste-o em: < cjoint.com >


|- Ou... < myfile.tk >


|- Ou... < 1fichier.com >


-/-


|- Selecione e copie,o conteúdo que está no "Code",para o Bloco de Notas.

|- Salve-o,no desktop,com o nome: CFScript <-- Texto!




KillAll::
Registry::
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"=""

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Rootkit::
c:\windows\SysWow64\drivers\clbdriver.sys

Driver::
clbdriver

ClearJavaCache::


|- Ps: Desabilite,temporariamente,seu antivírus.

|- Ps: Não utilizem este script em outra máquina!

|- Arraste,o CFScript.txt para o ícone/interior do ComboFix.

|- Veja a demonstração!


2872959479_997d4500c4_o.gif


|- Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

|- Ps: Faça o arraste,até surgir essa solicitação! ( janela )

|- Caso apareça alguma mensagem para atualizar a ferramenta,clique Sim!

|- Concluindo,poste: C:\ComboFix.txt <<


A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite DigRam!

 

 

 

END USER LICENSE AGREEMENT

Kaspersky Lab ZAO (the “Rightholder”) is an owner of all rights, whether exclusive or otherwise to the Software.

By using the Software You consent to be bound by the terms and conditions of this agreement.

The Rightholder hereby grants You a non-exclusive perpetual license to store, load, install, execute, and display (to “use”) the free of charge Software that will substantially perform within the scope of functionality set forth on http://support.kaspersky.com/viruses. The Software should be used as an auxiliary tool for removing threats from Your computer as described on http://support.kaspersky.com/viruses. The Rightholder doesn’t guarantee complete removal of threats and fixing issues caused by these threats.

No technical support for the Software is available.

You shall not emulate, modify, decompile, or reverse engineer the Software or disassemble or create derivative works based on the Software or any portion thereof with the sole exception of a non-waivable right granted to You by applicable legislation.

THE SOFTWARE IS PROVIDED "AS IS" AND THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY AS TO ITS USE OR PERFORMANCE. EXCEPT FOR ANY WARRANTY, CONDITION, REPRESENTATION OR TERM THE EXTENT TO WHICH CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW THE RIGHTHOLDER AND ITS PARTNERS MAKE NO WARRANTY, CONDITION, REPRESENTATION, OR TERM (EXPRESS OR IMPLIED, WHETHER BY STATUTE, COMMON LAW, CUSTOM, USAGE OR OTHERWISE) AS TO ANY MATTER INCLUDING, WITHOUT LIMITATION, NONINFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY, SATISFACTORY QUALITY, INTEGRATION, OR APPLICABILITY FOR A PARTICULAR PURPOSE. YOU ASSUME ALL FAULTS, AND THE ENTIRE RISK AS TO PERFORMANCE AND RESPONSIBILITY FOR SELECTING THE SOFTWARE TO ACHIEVE YOUR INTENDED RESULTS, AND FOR THE INSTALLATION OF, USE OF, AND RESULTS OBTAINED FROM THE SOFTWARE. WITHOUT LIMITING THE FOREGOING PROVISIONS, THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY THAT THE SOFTWARE WILL BE ERROR-FREE OR FREE FROM INTERRUPTIONS OR OTHER FAILURES OR THAT THE SOFTWARE WILL MEET ANY OR ALL YOUR REQUIREMENTS WHETHER OR NOT DICLOSED TO THE RIGHTHOLDER.

© 1997-2011 Kaspersky Lab ZAO. All Rights Reserved.

 

 

 

|TDSSKiller.zip| relatorio:

http://cjoint.com/?CGvdIZsUlrR

 

 

 

 

ComboFix 13-07-20.03 - My 20/07/2013 22:39:45.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.3895.2487 [GMT -3:00]
Executando de: c:\users\My\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\My\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-06-21 to 2013-07-21 ))))))))))))))))))))))))))))
.
.
2013-07-21 01:47 . 2013-07-21 01:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-21 01:43 . 2013-07-21 01:43 0 ----a-w- c:\windows\SysWow64\drivers\mrxdavv.sys
2013-07-21 01:43 . 2013-07-21 01:43 0 ----a-w- c:\windows\SysWow64\drivers\grande48.sys
2013-07-20 12:35 . 2013-07-20 12:35 0 ----a-w- c:\windows\SysWow64\drivers\clbdriver.sys
2013-07-17 23:08 . 2013-07-21 01:48 -------- d-----w- c:\users\My\AppData\Local\Temp
2013-07-17 23:08 . 2013-07-17 23:02 24064 ----a-w- c:\windows\zoek-delete.exe
2013-07-15 23:25 . 2013-07-15 23:25 -------- d-----w- c:\windows\ERUNT
2013-07-15 23:16 . 2013-07-15 23:16 88 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-13 01:55 . 2013-07-13 01:55 -------- d-----w- c:\users\My\AppData\Roaming\raidcall
2013-07-13 01:54 . 2013-07-13 01:56 -------- d-----w- c:\program files (x86)\RaidCall
2013-07-10 21:06 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-04 00:47 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-07-04 00:40 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-04 00:40 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-04 00:40 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-07-04 00:40 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-04 00:40 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-07-04 00:40 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-07-04 00:40 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-07-04 00:10 . 2012-10-11 03:08 44928 ----a-w- c:\windows\system32\drivers\mcvidrv_x64.sys
2013-07-02 10:49 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F93D2E7-9EB2-48E1-9027-46CC73FC763C}\mpengine.dll
2013-06-26 23:48 . 2013-06-26 23:48 -------- d-----w- C:\Level Up! Games
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 01:48 . 2013-05-15 10:26 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys
2013-07-11 02:41 . 2011-10-06 14:33 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-04 00:34 . 2011-06-11 04:58 773712 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-07-04 00:34 . 2011-06-11 04:58 420944 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-06-12 01:00 . 2012-05-24 11:27 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 01:00 . 2011-09-27 14:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-07 14:30 . 2013-06-07 14:30 799232 ----a-w- c:\windows\system32\NETwNc64.dll
2013-06-07 14:30 . 2013-06-07 14:30 2750464 ----a-w- c:\windows\system32\NETwNr64.dll
2013-06-07 14:30 . 2013-06-07 14:30 7821312 ----a-w- c:\windows\system32\drivers\NETwNs64.sys
2013-06-07 14:26 . 2013-06-07 14:26 7680512 ----a-w- c:\windows\system32\drivers\NETw5s64.sys
2013-05-13 05:51 . 2013-06-12 10:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 10:15 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 10:15 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 10:15 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 10:15 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 10:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-12 10:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-12 10:15 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 10:15 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 10:15 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 19:06 . 2011-10-28 13:43 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 05:49 . 2013-06-12 10:15 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 10:15 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 10:18 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2011-11-22 18:29 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 02:47 . 2013-05-01 02:47 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 02:47 . 2013-05-01 02:47 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-01 02:47 . 2013-05-01 02:47 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-01 02:47 . 2013-05-01 02:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-01 02:47 . 2013-05-01 02:47 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-01 02:47 . 2013-05-01 02:47 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-01 02:47 . 2013-05-01 02:47 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-01 02:47 . 2013-05-01 02:47 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-01 02:47 . 2013-05-01 02:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-01 02:47 . 2013-05-01 02:47 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-01 02:47 . 2013-05-01 02:47 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-01 02:47 . 2013-05-01 02:47 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-01 02:47 . 2013-05-01 02:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-01 02:47 . 2013-05-01 02:47 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 02:47 . 2013-05-01 02:47 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-01 02:47 . 2013-05-01 02:47 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 02:47 . 2013-05-01 02:47 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-01 02:47 . 2013-05-01 02:47 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-01 02:47 . 2013-05-01 02:47 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-01 02:47 . 2013-05-01 02:47 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-01 02:47 . 2013-05-01 02:47 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-01 02:47 . 2013-05-01 02:47 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-01 02:47 . 2013-05-01 02:47 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-01 02:47 . 2013-05-01 02:47 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-01 02:47 . 2013-05-01 02:47 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-01 02:47 . 2013-05-01 02:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-01 02:47 . 2013-05-01 02:47 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-01 02:47 . 2013-05-01 02:47 441856 ----a-w- c:\windows\system32\html.iec
2013-05-01 02:47 . 2013-05-01 02:47 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-01 02:47 . 2013-05-01 02:47 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-01 02:47 . 2013-05-01 02:47 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-01 02:47 . 2013-05-01 02:47 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-01 02:47 . 2013-05-01 02:47 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-01 02:47 . 2013-05-01 02:47 235008 ----a-w- c:\windows\system32\url.dll
2013-05-01 02:47 . 2013-05-01 02:47 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-01 02:47 . 2013-05-01 02:47 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-01 02:47 . 2013-05-01 02:47 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-01 02:47 . 2013-05-01 02:47 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-01 02:47 . 2013-05-01 02:47 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-01 02:47 . 2013-05-01 02:47 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-01 02:47 . 2013-05-01 02:47 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-01 02:47 . 2013-05-01 02:47 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-01 02:47 . 2013-05-01 02:47 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-01 02:47 . 2013-05-01 02:47 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-01 02:47 . 2013-05-01 02:47 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-01 02:47 . 2013-05-01 02:47 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-01 02:47 . 2013-05-01 02:47 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-01 02:47 . 2013-05-01 02:47 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-01 02:47 . 2013-05-01 02:47 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-26 05:51 . 2013-06-12 10:16 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 10:16 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 10:15 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-03-17 15:06 . 2013-03-17 15:14 505690112 ----a-w- c:\program files (x86)\LogoDesignStudio.msi
2012-07-30 15:46 . 2012-07-30 15:31 7 ----a-w- c:\program files\infosapi.DLL
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-13 1088424]
"NitroPC"="c:\program files (x86)\NitroPC\NitroPC.exe" [2008-08-19 3477504]
"Facebook Update"="c:\users\My\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-14 138096]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~2\GBPLUGIN\gbiehuni.dll" [2013-02-18 1364304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-01-22 13:31 1684520 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2013-02-18 13:57 1364304 ----a-w- c:\progra~2\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 NETw5s64;Driver do adaptador Intel® Wireless WiFi Link Série 5000 para Windows 7 64 bits;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Pcouffin64;Low level access layer for CD devices;c:\windows\system32\Drivers\pcouffin64a.sys;c:\windows\SYSNATIVE\Drivers\pcouffin64a.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va011;X6va011; [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys;c:\splash.sys\config\dvmio.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 15:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 01:00]
.
2013-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1825749246-3439649273-815915689-1001Core.job
- c:\users\My\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 23:04]
.
2013-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1825749246-3439649273-815915689-1001UA.job
- c:\users\My\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 23:04]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04 13:45]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04 13:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-10 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-10 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-10 408600]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Free YouTube to MP3 Converter - c:\users\My\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: com.cn\*.cga
Trusted Zone: ogdev.net
Trusted Zone: sdo.com
TCP: DhcpNameServer = 201.6.2.165 201.6.2.45 201.6.4.116
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab
FF - ProfilePath - c:\users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: !HIDDEN! 2011-09-22 14:37; otis@digitalpersona.com; c:\program files (x86)\DigitalPersona\Bin\FirefoxExt
FF - ExtSQL: !HIDDEN! 2013-03-16 19:05; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORFÃOS REMOVIDOS - - - -
.
BHO-{47B614AF-B4CC-485B-B331-BE26F02ED4CC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
.
**************************************************************************
.
Tempo para conclusão: 2013-07-20 22:53:18 - Máquina reiniciou
ComboFix-quarantined-files.txt 2013-07-21 01:53
ComboFix2.txt 2013-07-20 13:02
.
Pré-execução: 362.635.513.856 bytes disponíveis
Pós execução: 362.323.922.944 bytes disponíveis
.
- - End Of File - - 04F10CBCE795C7E4B5674D45F9762572
B0B221F1618F306AA360734727BE6BB2

Compartilhar este post


Link para o post
Compartilhar em outros sites

Kenco by jpshortstuff (31.12.09.1)
Log created at 23:11 on 20/07/2013 (My)

========== Task Unlocker ==========

========== KencoScan ==========
C:\Windows\system32\shacct.dll -> Error setting security information [5]!

========== C:\Windows\Tasks ==========
Adobe Flash Player Updater.job -> [11:27 24/05/2012] 902 bytes
FacebookUpdateTaskUserS-1-5-21-1825749246-3439649273-815915689-1001Core.job -> [01:21 04/01/2013] 894 bytes
FacebookUpdateTaskUserS-1-5-21-1825749246-3439649273-815915689-1001UA.job -> [01:21 04/01/2013] 916 bytes
GoogleUpdateTaskMachineCore.job -> [13:45 04/05/2013] 1056 bytes
GoogleUpdateTaskMachineUA.job -> [13:45 04/05/2013] 1060 bytes

-=E.O.F=-








|TDSSKiller.zip| relatorio:

http://cjoint.com/?CGvdIZsUlrR









ComboFix 13-07-20.03 - My 20/07/2013 22:39:45.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.3895.2487 [GMT -3:00]
Executando de: c:\users\My\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\My\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-06-21 to 2013-07-21 ))))))))))))))))))))))))))))
.
.
2013-07-21 01:47 . 2013-07-21 01:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-21 01:43 . 2013-07-21 01:43 0 ----a-w- c:\windows\SysWow64\drivers\mrxdavv.sys
2013-07-21 01:43 . 2013-07-21 01:43 0 ----a-w- c:\windows\SysWow64\drivers\grande48.sys
2013-07-20 12:35 . 2013-07-20 12:35 0 ----a-w- c:\windows\SysWow64\drivers\clbdriver.sys
2013-07-17 23:08 . 2013-07-21 01:48 -------- d-----w- c:\users\My\AppData\Local\Temp
2013-07-17 23:08 . 2013-07-17 23:02 24064 ----a-w- c:\windows\zoek-delete.exe
2013-07-15 23:25 . 2013-07-15 23:25 -------- d-----w- c:\windows\ERUNT
2013-07-15 23:16 . 2013-07-15 23:16 88 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-13 01:55 . 2013-07-13 01:55 -------- d-----w- c:\users\My\AppData\Roaming\raidcall
2013-07-13 01:54 . 2013-07-13 01:56 -------- d-----w- c:\program files (x86)\RaidCall
2013-07-10 21:06 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-04 00:47 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-07-04 00:40 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-07-04 00:40 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-07-04 00:40 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-07-04 00:40 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-07-04 00:40 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-07-04 00:40 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-07-04 00:40 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-07-04 00:10 . 2012-10-11 03:08 44928 ----a-w- c:\windows\system32\drivers\mcvidrv_x64.sys
2013-07-02 10:49 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F93D2E7-9EB2-48E1-9027-46CC73FC763C}\mpengine.dll
2013-06-26 23:48 . 2013-06-26 23:48 -------- d-----w- C:\Level Up! Games
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 01:48 . 2013-05-15 10:26 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys
2013-07-11 02:41 . 2011-10-06 14:33 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-04 00:34 . 2011-06-11 04:58 773712 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-07-04 00:34 . 2011-06-11 04:58 420944 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-06-12 01:00 . 2012-05-24 11:27 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 01:00 . 2011-09-27 14:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-07 14:30 . 2013-06-07 14:30 799232 ----a-w- c:\windows\system32\NETwNc64.dll
2013-06-07 14:30 . 2013-06-07 14:30 2750464 ----a-w- c:\windows\system32\NETwNr64.dll
2013-06-07 14:30 . 2013-06-07 14:30 7821312 ----a-w- c:\windows\system32\drivers\NETwNs64.sys
2013-06-07 14:26 . 2013-06-07 14:26 7680512 ----a-w- c:\windows\system32\drivers\NETw5s64.sys
2013-05-13 05:51 . 2013-06-12 10:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 10:15 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 10:15 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 10:15 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 10:15 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 10:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-12 10:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-12 10:15 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 10:15 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 10:15 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 19:06 . 2011-10-28 13:43 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 05:49 . 2013-06-12 10:15 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 10:15 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 10:18 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2011-11-22 18:29 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 02:47 . 2013-05-01 02:47 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 02:47 . 2013-05-01 02:47 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-01 02:47 . 2013-05-01 02:47 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-01 02:47 . 2013-05-01 02:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-01 02:47 . 2013-05-01 02:47 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-01 02:47 . 2013-05-01 02:47 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-01 02:47 . 2013-05-01 02:47 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-01 02:47 . 2013-05-01 02:47 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-01 02:47 . 2013-05-01 02:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-01 02:47 . 2013-05-01 02:47 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-01 02:47 . 2013-05-01 02:47 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-01 02:47 . 2013-05-01 02:47 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-01 02:47 . 2013-05-01 02:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-01 02:47 . 2013-05-01 02:47 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 02:47 . 2013-05-01 02:47 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-01 02:47 . 2013-05-01 02:47 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 02:47 . 2013-05-01 02:47 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-01 02:47 . 2013-05-01 02:47 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-01 02:47 . 2013-05-01 02:47 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-01 02:47 . 2013-05-01 02:47 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-01 02:47 . 2013-05-01 02:47 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-01 02:47 . 2013-05-01 02:47 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-01 02:47 . 2013-05-01 02:47 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-01 02:47 . 2013-05-01 02:47 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-01 02:47 . 2013-05-01 02:47 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-01 02:47 . 2013-05-01 02:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-01 02:47 . 2013-05-01 02:47 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-01 02:47 . 2013-05-01 02:47 441856 ----a-w- c:\windows\system32\html.iec
2013-05-01 02:47 . 2013-05-01 02:47 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-01 02:47 . 2013-05-01 02:47 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-01 02:47 . 2013-05-01 02:47 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-01 02:47 . 2013-05-01 02:47 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-01 02:47 . 2013-05-01 02:47 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-01 02:47 . 2013-05-01 02:47 235008 ----a-w- c:\windows\system32\url.dll
2013-05-01 02:47 . 2013-05-01 02:47 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-01 02:47 . 2013-05-01 02:47 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-01 02:47 . 2013-05-01 02:47 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-01 02:47 . 2013-05-01 02:47 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-01 02:47 . 2013-05-01 02:47 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-01 02:47 . 2013-05-01 02:47 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-01 02:47 . 2013-05-01 02:47 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-01 02:47 . 2013-05-01 02:47 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-01 02:47 . 2013-05-01 02:47 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-01 02:47 . 2013-05-01 02:47 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-01 02:47 . 2013-05-01 02:47 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-01 02:47 . 2013-05-01 02:47 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-01 02:47 . 2013-05-01 02:47 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-01 02:47 . 2013-05-01 02:47 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-01 02:47 . 2013-05-01 02:47 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-26 05:51 . 2013-06-12 10:16 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 10:16 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 10:15 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-03-17 15:06 . 2013-03-17 15:14 505690112 ----a-w- c:\program files (x86)\LogoDesignStudio.msi
2012-07-30 15:46 . 2012-07-30 15:31 7 ----a-w- c:\program files\infosapi.DLL
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-13 1088424]
"NitroPC"="c:\program files (x86)\NitroPC\NitroPC.exe" [2008-08-19 3477504]
"Facebook Update"="c:\users\My\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-14 138096]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\progra~2\GBPLUGIN\gbiehuni.dll" [2013-02-18 1364304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-01-22 13:31 1684520 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2013-02-18 13:57 1364304 ----a-w- c:\progra~2\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 NETw5s64;Driver do adaptador Intel® Wireless WiFi Link Série 5000 para Windows 7 64 bits;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Pcouffin64;Low level access layer for CD devices;c:\windows\system32\Drivers\pcouffin64a.sys;c:\windows\SYSNATIVE\Drivers\pcouffin64a.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va011;X6va011; [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys;c:\splash.sys\config\dvmio.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 15:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 01:00]
.
2013-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1825749246-3439649273-815915689-1001Core.job
- c:\users\My\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 23:04]
.
2013-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1825749246-3439649273-815915689-1001UA.job
- c:\users\My\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 23:04]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04 13:45]
.
2013-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-04 13:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-10 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-10 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-10 408600]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Free YouTube to MP3 Converter - c:\users\My\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: com.cn\*.cga
Trusted Zone: ogdev.net
Trusted Zone: sdo.com
TCP: DhcpNameServer = 201.6.2.165 201.6.2.45 201.6.4.116
DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab
FF - ProfilePath - c:\users\My\AppData\Roaming\Mozilla\Firefox\Profiles\1q6lsz8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: !HIDDEN! 2011-09-22 14:37; otis@digitalpersona.com; c:\program files (x86)\DigitalPersona\Bin\FirefoxExt
FF - ExtSQL: !HIDDEN! 2013-03-16 19:05; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORFÃOS REMOVIDOS - - - -
.
BHO-{47B614AF-B4CC-485B-B331-BE26F02ED4CC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
.
**************************************************************************
.
Tempo para conclusão: 2013-07-20 22:53:18 - Máquina reiniciou
ComboFix-quarantined-files.txt 2013-07-21 01:53
ComboFix2.txt 2013-07-20 13:02
.
Pré-execução: 362.635.513.856 bytes disponíveis
Pós execução: 362.323.922.944 bytes disponíveis
.
- - End Of File - - 04F10CBCE795C7E4B5674D45F9762572
B0B221F1618F306AA360734727BE6BB2

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom Dia! RafaeL Icassati 2


######

2013-07-21 01:43 . 2013-07-21 01:43 0 ----a-w- c:\windows\SysWow64\drivers\mrxdavv.sys

2013-07-21 01:43 . 2013-07-21 01:43 0 ----a-w- c:\windows\SysWow64\drivers\grande48.sys

######


|- O CFSCrit não funcionou,como era de se esperar.

|- Ps: Mais 2 Troj/RKAgen-E foram detectados!


Safe-Mode.jpg


|- Faça o arraste,novamente,mas em Modo de Segurança com Rede.


######


Rootkit::

c:\windows\SysWow64\drivers\mrxdavv.sys

c:\windows\SysWow64\drivers\grande48.sys

c:\windows\SysWow64\drivers\clbdriver.sys


Driver::

mrxdavv

grande48

clbdriver


######


|- Copie ao Bloco de Notas estas linhas que estão em vermelho.

|- Salve estas informações,no desktop,com o nome: CFSCript <- Texto!

|- Faça o arraste,conforme instruções anteriores.

|- Poste o relatório!



|- Vá à este endereço e baixe esta ferramenta! MBAR

|- Siga as instruções e poste o relatório!


A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.