Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Gustavoooo

[Arquivado] Lentidão Notebook.

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Gustavoooo    0

Gustavoooo
Postado

Segue o Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:53:47, on 15/07/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Gustavo\Downloads\New folder\zsnesw151\zsnesw.exe
C:\Users\Gustavo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gustavo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gustavo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gustavo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gustavo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gustavo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gustavo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gustavo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gustavo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gustavo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gustavo\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.sjp:6588
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Lyrics On - {73C1CE1A-2075-4350-A7B4-EBA78BA45FA8} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: (no name) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - (no file)
O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gustavo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - AutorunsDisabled - (no file) (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFC8C2A3-8415-4DCE-A3A1-CBFCE507E980}: NameServer = 192.168.100.248,192.168.100.247
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O20 - Winlogon Notify: iexplorer - iexplorer.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8331 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! J0e

 

|- Baixe: < adwcleaner_logo.jpg > ( ... par Xplode )

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg
|- Ps: Dê início ao scan,clicando em "Remover". < abpXmu2U.jpg >

acuDr4Nb.jpg

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

 

-/-

 

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < 51a612a8b27e2-Zoek.png zoek.exe >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

startupall;
autoclean;
filesrcm;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

Zoek_Reboot_zpscf60b3cf.jpg

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

Gustavoooo    0

Gustavoooo
Postado

AdwCleaner:

# AdwCleaner v2.305 - Logfile created 07/16/2013 at 17:32:22

# Updated 11/07/2013 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Gustavo - GUSTAVO-PC

# Boot Mode : Normal

# Running from : C:\Users\Gustavo\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

Stopped & Deleted : vToolbarUpdater14.2.0

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\Program Files (x86)\AVG Secure Search

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

Deleted on reboot : C:\ProgramData\AVG Secure Search

Deleted on reboot : C:\ProgramData\Tarma Installer

Deleted on reboot : C:\Users\Casa\AppData\Local\AVG Secure Search

Deleted on reboot : C:\Users\Casa\AppData\LocalLow\AVG Secure Search

Deleted on reboot : C:\Users\Gustavo\AppData\Local\AVG Secure Search

Deleted on reboot : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma

Deleted on reboot : C:\Users\Gustavo\AppData\LocalLow\AVG Secure Search

Deleted on reboot : C:\Users\Gustavo\AppData\Roaming\DealPly

Deleted on reboot : C:\Users\Gustavo\AppData\Roaming\DSite

Deleted on reboot : C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\699g7uh4.default\extensions\amo@dealplyshopping.com

Deleted on reboot : C:\Users\Gustavo\AppData\Roaming\Yontoo

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73C1CE1A-2075-4350-A7B4-EBA78BA45FA8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={06F646DC-88AE-414A-B2F3-D818C09F9437}&mid=a4212d9c281347d0a04f00dfc1cfb507-ac1ab6c078b520ecdfe005f5df8bad02cd615cc9〈=en&ds=is015&pr=sa&d=2012-09-03 18:44:03&pid=avg&sg=&v=14.2.0.1&sap=nt --> hxxp://www.google.com

 

-\\ Mozilla Firefox v21.0 (pt-BR)

 

File : C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\699g7uh4.default\prefs.js

 

C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\699g7uh4.default\user.js ... Deleted !

 

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");

Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={06F646DC-88AE-414A-B2F3-D818C09F9437}&m[...]

 

File : C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\yi9sf3lx.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.72

 

File : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [12944 octets] - [15/07/2013 23:32:22]

 

########## EOF - C:\AdwCleaner[s1].txt - [13005 octets] ##########

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

zoek:

 

Zoek.exe Version 4.0.0.4 Updated 14-July-2013

Tool run by Gustavo on 16/07/2013 at 17:52:17,19.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
==== System Restore Info ======================
16/07/2013 17:53:26 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\yi9sf3lx.default
user.js not found
---- Lines imbooster removed from prefs.js ----
---- Lines imbooster modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs_072013_1802_.backup
ProfilePath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\699g7uh4.default
user.js not found
---- Lines imbooster removed from prefs.js ----
user_pref("id_imbooster4web_v6.Var1", "0");
user_pref("id_imbooster4web_v6.Var10", "0");
user_pref("id_imbooster4web_v6.Var2", "0");
user_pref("id_imbooster4web_v6.Var3", "0");
user_pref("id_imbooster4web_v6.Var4", "0");
user_pref("id_imbooster4web_v6.Var5", "0");
user_pref("id_imbooster4web_v6.Var6", "0");
user_pref("id_imbooster4web_v6.Var7", "0");
user_pref("id_imbooster4web_v6.Var8", "0");
user_pref("id_imbooster4web_v6.Var9", "0");
user_pref("id_imbooster4web_v6.cache.tbs_include_xml_006938", "3/21/15/6/113");
user_pref("id_imbooster4web_v6.firstlaunch", "0");
user_pref("id_imbooster4web_v6.guid", "%7B76587166-588D-6EA9-27FA-8BDA1B94F28A%7D");
user_pref("id_imbooster4web_v6.userId", "%12");
user_pref("id_imbooster4web_v6_installed_version", "1.0.1018.0");
---- Lines imbooster modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs_072013_1802_.backup
==== Deleting Files \ Folders ======================
"C:\windows\SysNative\Tasks\DealPlyUpdate" deleted
"C:\Users\Gustavo\AppData\Roaming\baidu" deleted
"C:\Users\Gustavo\AppData\Roaming\YoudaGames" deleted
"C:\ProgramData\Tarma Installer" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-07-16 02:32:33 EA0220988BC7950FE029CFAD1119C3FF 939 ----a-w- C:\Windows\DeleteOnReboot.bat
====== C:\Users\Gustavo\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
2013-06-27 01:45:59 93A4E8D89C1BAEDF031F463DE2EF0800 936 ----a-w- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149555663-2878623597-472545894-1000UA.job
2013-06-27 01:45:59 8BA9BF7AD668218B70E21235BDF0CA7F 3916 ----a-w- C:\Windows\Sysnative\Tasks\FacebookUpdateTaskUserS-1-5-21-3149555663-2878623597-472545894-1000UA
2013-06-27 01:45:59 6E886EB7CC58C77871B89AECB8AB5B16 3548 ----a-w- C:\Windows\Sysnative\Tasks\FacebookUpdateTaskUserS-1-5-21-3149555663-2878623597-472545894-1000Core
2013-06-27 01:45:58 3E4CE13CC734921E33F38C76526B5005 914 ----a-w- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3149555663-2878623597-472545894-1000Core.job
2013-06-23 21:34:29 38966E40C4835254136FF3EBA3C16D05 3118 ----a-w- C:\Windows\Sysnative\Tasks\{3DDCA5EA-3CD8-4A94-BCF3-AA74665DFCAC}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-07-04 13:54:52 -------- d-----w- C:\Program Files (x86)\PacificPoker
======= C: =====
2013-07-16 02:32:22 089CC3A2EF8DFFFE22305E98AC836814 12977 ----a-w- C:\AdwCleaner[s1].txt
2013-07-08 22:00:35 5BFA75AF9051479541D5611534C1D6D5 524800 ----a-w- C:\Super Bomberman.smc
2013-07-08 21:54:55 C075A951A139CAE3C11A974A8F0F07C0 2097664 ----a-w- C:\Super Bomberman 4 (J).smc
2013-07-08 21:47:15 9B561BADD7464D5D104F91A2FB24827C 17975 ----a-w- C:\Super Bomberman 4 (J)
2013-07-08 21:19:06 C075A951A139CAE3C11A974A8F0F07C0 2097664 ----a-w- C:\Super Bomberman 4.smc
2013-07-07 22:22:13 13B9A5BD54D15C46104DED68EA57DA9C 2097664 ----a-w- C:\Super Bomberman 5.smc
2013-07-07 22:08:23 0B37D3B85B8D3DF7C7BC1B948576535D 4194816 ----a-w- C:\DONKEY_KONG_COUNTRY_3.SMC
====== C:\Users\Gustavo\AppData\Roaming ======
2013-07-04 13:56:24 -------- d-----w- C:\users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
2013-07-04 13:54:58 -------- d-----w- C:\users\Gustavo\AppData\Roaming\PacificPoker
2013-06-27 23:28:48 -------- d-----w- C:\users\Public\AppData\Local\temp
2013-06-27 23:28:48 -------- d-----w- C:\users\postgres\AppData\Local\temp
2013-06-27 23:28:48 -------- d-----w- C:\users\Default\AppData\Local\temp
2013-06-27 23:28:48 -------- d-----w- C:\users\Default User\AppData\Local\temp
2013-06-27 23:28:48 -------- d-----w- C:\users\Casa\AppData\Local\temp
2013-06-27 20:38:18 -------- d-----w- C:\users\Gustavo\AppData\Local\Noël Danjou
2013-06-27 01:45:54 -------- d-----w- C:\users\Gustavo\AppData\Local\Facebook
2013-06-23 03:48:44 -------- d-----w- C:\users\Casa\AppData\Local\Eraser 6
====== C:\Users\Gustavo ======
2013-07-16 02:31:05 CC198634BCAEF99C50277CC81B14AB27 662345 ----a-w- C:\Users\Gustavo\Downloads\adwcleaner.exe
2013-07-16 00:01:04 22C044C51A7B5E9D29354244218CC27A 645978 ----a-w- C:\Users\Gustavo\Downloads\mvregclean(01).exe
2013-07-15 23:59:52 193BBADA33AE1BD1C041842D77A092F3 1201760 ----a-w- C:\Users\Gustavo\Downloads\MV-RegClean_69.exe
2013-07-04 13:56:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
====== C: exe-files ==
2013-07-16 02:31:05 CC198634BCAEF99C50277CC81B14AB27 662345 ----a-w- C:\Users\Gustavo\Downloads\adwcleaner.exe
2013-07-16 00:01:04 22C044C51A7B5E9D29354244218CC27A 645978 ----a-w- C:\Users\Gustavo\Downloads\mvregclean(01).exe
2013-07-15 23:59:52 193BBADA33AE1BD1C041842D77A092F3 1201760 ----a-w- C:\Users\Gustavo\Downloads\MV-RegClean_69.exe
2013-07-13 21:36:05 735D60EFA430ADFC184CB419E666D1D5 2026848 ----a-w- C:\Users\Gustavo\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\28.0.1500.72\28.0.1500.72_28.0.1500.71_chrome_updater.exe
2013-07-13 06:21:39 6466C051022547489D3409205128881B 59784 ----atw- C:\Users\Gustavo\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateBroker.exe
2013-07-13 06:21:39 1CA3976D1B1FE826ADF339F90AC25C60 59784 ----atw- C:\Users\Gustavo\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe
2013-07-13 06:21:38 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Users\Gustavo\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateSetup.exe
2013-07-13 06:21:34 D9A08472D8D0218A0AE2C9D9F63EA531 290696 ----atw- C:\Users\Gustavo\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
2013-07-13 06:21:34 8726802EA4FBFFA3FD54FD2449BF51D4 217992 ----atw- C:\Users\Gustavo\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
2013-07-13 06:21:34 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Gustavo\AppData\Local\Google\Update\1.3.21.153\GoogleUpdate.exe
2013-07-13 06:21:33 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Users\Gustavo\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153\GoogleUpdateSetup.exe
=== C: other files ==
2013-07-16 02:32:33 EA0220988BC7950FE029CFAD1119C3FF 939 ----a-w- C:\Windows\DeleteOnReboot.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-3149555663-2878623597-472545894-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe /MINIMIZED"
"DriverMax"="C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe -agent"
"DriverMax_RESTART"="C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe -RESTART"
"Facebook Update"="C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Google Update"="C:\Users\Gustavo\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"DriverMax"="C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe -agent"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
[HKEY_USERS\S-1-5-21-3149555663-2878623597-472545894-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-3149555663-2878623597-472545894-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe /MINIMIZED"
"DriverMax"="C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe -agent"
"DriverMax_RESTART"="C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe -RESTART"
"Facebook Update"="C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Google Update"="C:\Users\Gustavo\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"DriverMax"="C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe -agent"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="C:\PROGRA~1\Eraser\Eraser.exe --atRestart"
"SpywareTerminatorUpdater"="C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "
==== Startup Registry Disabled ======================
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"msnmsgr"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
"DriverMax_RESTART"="\"C:\\Program Files (x86)\\Innovative Solutions\\DriverMax\\drivermax.exe\" -RESTART"
"DriverMax"="\"C:\\Program Files (x86)\\Innovative Solutions\\DriverMax\\drivermax.exe\" -agent"
"DAEMON Tools Lite"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"
"BitTorrent"="\"C:\\Program Files (x86)\\BitTorrent\\BitTorrent.exe\" /MINIMIZED"
"Advanced SystemCare 5"="\"C:\\Program Files (x86)\\IObit\\Advanced SystemCare 5\\ASCTray.exe\" /AutoStart"
"ares"="\"C:\\Program Files (x86)\\Ares\\Ares.exe\" -h"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"vProt"="\"C:\\Program Files (x86)\\AVG Secure Search\\vprot.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"SDTray"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\""
"iexplorer"="C:\\Windows\\system32\\iexplorer.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce-]
"SpybotDeletingF9437"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDDelFile.exe\" \"C:\\Program Files (x86)\\SC-KeyLog PRO DEMO\\klrmA\""
"SpybotDeletingF7618"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDDelFile.exe\" \"C:\\Program Files (x86)\\SC-KeyLog PRO DEMO\\klenA\""
"SpybotDeletingF562"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDDelFile.exe\" \"C:\\Program Files (x86)\\SC-KeyLog PRO DEMO\\kllnA\""
"SpybotDeletingF1547"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDDelFile.exe\" \"C:\\Program Files (x86)\\SC-KeyLog PRO DEMO\\klhpA\""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce-]
"SpybotDeletingE9055"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDDelFile.exe\" \"C:\\Program Files (x86)\\SC-KeyLog PRO DEMO\\klrmA\""
"SpybotDeletingE8569"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDDelFile.exe\" \"C:\\Program Files (x86)\\SC-KeyLog PRO DEMO\\klhpA\""
"SpybotDeletingE842"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDDelFile.exe\" \"C:\\Program Files (x86)\\SC-KeyLog PRO DEMO\\klenA\""
"SpybotDeletingE5135"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDDelFile.exe\" \"C:\\Program Files (x86)\\SC-KeyLog PRO DEMO\\kllnA\""
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ares"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Ares\\Ares.exe\" -h"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BitTorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\BitTorrent\\BitTorrent.exe\" /MINIMIZED"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriverMax]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DriverMax"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Innovative Solutions\\DriverMax\\drivermax.exe\" -agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriverMax_RESTART]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DriverMax_RESTART"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Innovative Solutions\\DriverMax\\drivermax.exe\" -RESTART"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Gustavo\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVBg"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /SF3 "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3149555663-2878623597-472545894-1000Core.job --a------ C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe [27/06/2013 17:29]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3149555663-2878623597-472545894-1000UA.job --a------ C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe [27/06/2013 17:29]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3149555663-2878623597-472545894-1000Core.job --a------ C:\Users\Gustavo\AppData\Local\Google\Update\GoogleUpdate.exe [20/06/2012 05:37]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3149555663-2878623597-472545894-1000UA.job --a------ C:\Users\Gustavo\AppData\Local\Google\Update\GoogleUpdate.exe [20/06/2012 05:37]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
Profilepath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\699g7uh4.default
3379F8AA08BB7ED76DE23E32A7DA1C9F - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U10
2F4781F84C92E8C4B1586E47A78E8A61 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.50.255
101700E93EB905992B518256CB441829 - C:\Users\Gustavo\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== shortcuts on Users Desktops ======================
C:\Users\Casa\Desktop\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe
C:\Users\Casa\Desktop\Free Image Editor.lnk - C:\Program Files (x86)\Free Image Editor\FreeImage.EXE
C:\Users\Casa\Desktop\Gadwin PrintScreen.lnk - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Users\Casa\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Casa\Desktop\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Users\Gustavo\Desktop\#Programas\Age of Empires III.lnk - C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
C:\Users\Gustavo\Desktop\#Programas\AVI To MPEG Encoder.lnk - C:\Program Files (x86)\AVI To MPEG Encoder\MpegEncoder.exe
C:\Users\Gustavo\Desktop\#Programas\BitTorrent.lnk - C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Users\Gustavo\Desktop\#Programas\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe
C:\Users\Gustavo\Desktop\#Programas\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\Users\Gustavo\Desktop\#Programas\D'Accord Afinador 3.0.lnk - C:\Program Files (x86)\D'Accord Music Software\D'Accord Afinador 3.0\Afinador.exe
C:\Users\Gustavo\Desktop\#Programas\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Gustavo\Desktop\#Programas\Debut Video Capture Software.lnk - C:\Program Files (x86)\NCH Software\Debut\debut.exe
C:\Users\Gustavo\Desktop\#Programas\DriverMax.lnk - C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
C:\Users\Gustavo\Desktop\#Programas\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Users\Gustavo\Desktop\#Programas\Free AVI to WMV Converter.lnk - C:\Program Files (x86)\ConvertVideoFiles.Net\Free AVI to WMV Converter\FreeAVIToWMVConverter.exe
C:\Users\Gustavo\Desktop\#Programas\Free Image Editor.lnk - C:\Program Files (x86)\Free Image Editor\FreeImage.EXE
C:\Users\Gustavo\Desktop\#Programas\Full Tilt Poker.lnk - C:\Program Files (x86)\Full Tilt Poker\FullTiltPoker.exe
C:\Users\Gustavo\Desktop\#Programas\Game Booster 3.lnk - C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe
C:\Users\Gustavo\Desktop\#Programas\GTA San Andreas.lnk - C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
C:\Users\Gustavo\Desktop\#Programas\Gustavo - Shortcut.lnk - C:\Users\Gustavo
C:\Users\Gustavo\Desktop\#Programas\Holdem Indicator.lnk - C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
C:\Users\Gustavo\Desktop\#Programas\HTTrack Website Copier.lnk - C:\Program Files (x86)\WinHTTrack\WinHTTrack.exe
C:\Users\Gustavo\Desktop\#Programas\MV RegClean 6.0.lnk - C:\Program Files (x86)\Marcos Velasco Security\MV RegClean 6.0\MVREGCLEAN.EXE
C:\Users\Gustavo\Desktop\#Programas\MV RegClean 6.9.lnk - C:\Program Files (x86)\Marcos Velasco Security\MV RegClean 6.9\MVREGCLEAN.EXE
C:\Users\Gustavo\Desktop\#Programas\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Gustavo\Desktop\#Programas\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Gustavo\Desktop\#Programas\PokerStove.lnk - C:\Program Files (x86)\PokerStove\PokerStove.exe
C:\Users\Gustavo\Desktop\#Programas\Prism Video File Converter.lnk - C:\Program Files (x86)\NCH Software\Prism\prism.exe
C:\Users\Gustavo\Desktop\#Programas\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Gustavo\Desktop\#Programas\Rox Poker.lnk - C:\Program Files (x86)\Rox Poker\ROXPOKERPoker.exe
C:\Users\Gustavo\Desktop\#Programas\San Andreas Mod Installer.lnk - C:\Program Files (x86)\San Andreas Mod Installer\sami.exe
C:\Users\Gustavo\Desktop\#Programas\Spyware Terminator 2012.lnk - C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
C:\Users\Gustavo\Desktop\#Programas\Switch to Gaming Mode.lnk - C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe -game
C:\Users\Gustavo\Desktop\#Programas\VideoPad Video Editor.lnk - C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe
C:\Users\Gustavo\Desktop\#Programas\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Gustavo\Desktop\#Programas\Waterfox.lnk - C:\Program Files\Waterfox\waterfox.exe
C:\Users\Gustavo\Desktop\#Programas\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\postgres\Desktop\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe
C:\Users\postgres\Desktop\Free Image Editor.lnk - C:\Program Files (x86)\Free Image Editor\FreeImage.EXE
C:\Users\postgres\Desktop\Gadwin PrintScreen.lnk - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Users\postgres\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\postgres\Desktop\PokerTracker 4.lnk - C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe
C:\Users\postgres\Desktop\RaidCall.lnk - C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Users\postgres\Desktop\Tibia Auto.lnk - C:\Program Files (x86)\Tibia Auto\tibiaauto.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\MegaJogos\MegaJogos.lnk - C:\Users\Gustavo\MegaJogos\starter.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\MegaJogos\uninstall.lnk - C:\Users\Gustavo\MegaJogos\starter.exe -DUNINSTALL_PREMIUM
C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Gustavo\AppData\Local\Google\Chrome\Application\chrome.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\MV RegClean 6.9.lnk - C:\Program Files (x86)\Marcos Velasco Security\MV RegClean 6.9\MVREGCLEAN.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker\Uninstall 888poker.lnk - C:\Program Files (x86)\PacificPoker\Unwise.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marcos Velasco Security\MV RegClean 6.9.lnk - C:\Program Files (x86)\Marcos Velasco Security\MV RegClean 6.9\MVREGCLEAN.EXE
==== shortcuts in Quick Launch ======================
C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Image Editor.lnk - C:\Program Files (x86)\Free Image Editor\FreeImage.EXE
C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk - C:\Program Files (x86)\Wireshark\wireshark.exe
C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free AVI to WMV Converter.lnk - C:\Program Files (x86)\ConvertVideoFiles.Net\Free AVI to WMV Converter\FreeAVIToWMVConverter.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Image Editor.lnk - C:\Program Files (x86)\Free Image Editor\FreeImage.EXE
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Holdem Indicator.lnk - C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://br.hao123.com/?tn=brosoft_hp_hao123_br
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Waterfox.lnk - C:\Program Files (x86)\Waterfox\waterfox.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WebZIP.lnk - C:\Program Files (x86)\WebZIP 7\WebZIP.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk - C:\Program Files (x86)\Wireshark\wireshark.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\25bb2cdfb96af2d6\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Age of Empires III.lnk - C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BitTorrent.lnk - C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Users\Gustavo\AppData\Local\Google\Chrome\Application\chrome.exe http://br.hao123.com/?tn=brosoft_hp_hao123_br
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Live Messenger .lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\DriverMax.lnk - C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Waterfox.lnk - C:\Program Files (x86)\Waterfox\waterfox.exe
C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Image Editor.lnk - C:\Program Files (x86)\Free Image Editor\FreeImage.EXE
C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk - C:\Program Files (x86)\Wireshark\wireshark.exe
==== shortcuts After Repair ======================
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Users\Gustavo\AppData\Local\Google\Chrome\Application\chrome.exe
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gustavo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gustavo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Casa\AppData\Local\Mozilla\Firefox\Profiles\yi9sf3lx.default\Cache emptied successfully
C:\users\Gustavo\AppData\Local\Mozilla\Firefox\Profiles\699g7uh4.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Gustavo\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Gustavo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on 16/07/2013 at 18:15:18,43 ======================

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! J0e

|- Desinstale:

|- <1> C:\Program Files (x86)\Spyware Terminator << Placebo!

|- <2> C:\Program Files (x86)\Spybot - Search & Destroy 2 << Ultrapassado!

-/-

|- Baixe: < ZHPDiag2 > ( ... de Nicolas Coolman )

|- Salve-o no desktop!

ZHPDiag2.jpg

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

ZHPDiag_Installation.jpg

|- Confirme todos os passos,ao instalar ZHPDiag.
|- Conclua a instalação,clicando em "Termine".

ZHPDiag_MBRCheck.jpg

|- Para Windows Vista,Windows 7 e 8,clique OK ao acionar ZHPDiag Setup.

zhpdia11.png

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

|- <1> MBRCheck
|- <2> ZHPDiag2
|- <3> ZHPFix

ZHPDiag_cones.jpg

|- Clique no ícone do pergaminho. ( ZHPScript )

ZHPDiag_Update.jpg

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )
|- Habilite todas as opções de diagnóstico,clicando em "Options".

ZHPDiag_All.jpg

|- Clique em All.
|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.

|- ZHPDiag_30days.jpg

|- Clique em "Calendar" e escolha 30 dias!

ZHPDiag_Lupa.jpg

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )
|- Ao concluir,clique em "Save Report".
|- Salve-o em um local conveniente! ( ZHPDiag.txt )

zhpdia14.png << Log

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Envie-o à Pjjoint.malekal,clicando na seta azul! < ZHPDiag_Pjjoint-1.jpg >

|- Ou acesse: Cjoint_Logo.jpg << Link!

|- Ou acesse: abmdaZsE.jpg << Link!

|- Maiores informações: < |Link| >

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Bom Dia! J0e


###

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.sjp:6588

###


|- Existe uma configuração Proxy. Ela é de seu conhecimento?

|- Estas entradas relacionadas ao Poker...posso remover?


-/-


[MD5.00000000000000000000000000000000] [APT] [{12CBFD5D-265B-485C-BFC9-B9BED256A655}] (...) -- C:\Users\Gustavo\AppData\Local\Temp\Shockwave_Installer_FF-1.exe (.not file.) [0]

G2 - GCE: Preference [user Data\Default] [fmfnfnpmhcllokmkepffndflpnadjmma] DealPly Shopping v.3.5.3.0 (Activé)

O2 - BHO: (no name) [64Bits] - AutorunsDisabled Orphean Key

O4 - GS\TaskBar: Waterfox.lnk . (...) -- C:\Program Files (x86)\Waterfox\waterfox.exe (.not file.)

O4 - GS\QuickLaunch: Waterfox.lnk . (...) -- C:\Program Files (x86)\Waterfox\waterfox.exe (.not file.)

O41 - Driver: (A2DDA) . (. - .) - C:\Users\Gustavo\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys (.not file.)

O42 - Logiciel: 888poker - (...) [HKLM][64Bits] -- 888poker => 888poker

O42 - Logiciel: PartyPoker - (.PartyGaming.) [HKLM][64Bits] -- PartyPoker => Casino.OnlineGames

O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars => PartyGaming PokerStars

O43 - CFD: 04/07/2013 - 10:56:24 - [16,502] ----D C:\Program Files (x86)\PacificPoker => Game

O43 - CFD: 27/06/2013 - 21:37:46 - [106,568] ----D C:\Program Files (x86)\PokerStars => PartyGaming PokerStars

O43 - CFD: 17/09/2012 - 17:23:33 - [0] ----D C:\Program Files (x86)\PokerStrategy.com => PokerStrategy.com

O43 - CFD: 04/07/2013 - 11:03:09 - [793,722] ----D C:\Users\Gustavo\AppData\Roaming\PacificPoker => Game

O43 - CFD: 13/07/2013 - 22:24:47 - [0] ----D C:\Users\Gustavo\AppData\Local\Ares

O43 - CFD: 23/03/2013 - 18:08:16 - [0,659] ----D C:\Users\Gustavo\AppData\Local\FullTiltPoker => FullTiltPoker

O43 - CFD: 24/07/2013 - 21:50:43 - [7,090] ----D C:\Users\Gustavo\AppData\Local\PokerStars => PartyGaming PokerStars

O43 - CFD: 17/09/2012 - 17:35:46 - [0,001] ----D C:\Users\Gustavo\AppData\Local\PokerStrategy.com => PokerStrategy.com

O43 - CFD: 04/07/2013 - 10:56:24 - [0] ----D C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker

O44 - LFC:[MD5.2FA3CA2C3C9C245891FBA5DEA9747061] - 16/07/2013 - 18:15:18 ---A- . (...) -- C:\zoek-results.log [34374]


[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1}] => Casino.OnlineGames

[HKCU\Software\PartyGaming] => Casino.OnlineGames

[HKCU\Software\PartyGaming] => Casino.OnlineGames

[HKCU\Software\pacificpoker] => Game

[HKCU\Software\pokerinstaller] => Game

[HKCU\Software\AppDataLow\Software\LyricsOn]


Abs!


Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! J0e

|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a UAC.

ZHPFix_silent_zps532d2db6.jpg

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

[MD5.00000000000000000000000000000000] [APT] [{12CBFD5D-265B-485C-BFC9-B9BED256A655}] (...) -- C:\Users\Gustavo\AppData\Local\Temp\Shockwave_Installer_FF-1.exe (.not file.) [0]
G2 - GCE: Preference [user Data\Default] [fmfnfnpmhcllokmkepffndflpnadjmma] DealPly Shopping v.3.5.3.0 (Activé)
O2 - BHO: (no name) [64Bits] - AutorunsDisabled Orphean Key
O4 - GS\TaskBar: Waterfox.lnk . (...) -- C:\Program Files (x86)\Waterfox\waterfox.exe (.not file.)
O4 - GS\QuickLaunch: Waterfox.lnk . (...) -- C:\Program Files (x86)\Waterfox\waterfox.exe (.not file.)
O41 - Driver: (A2DDA) . (. - .) - C:\Users\Gustavo\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys (.not file.)
O42 - Logiciel: 888poker - (...) [HKLM][64Bits] -- 888poker => 888poker
O42 - Logiciel: PartyPoker - (.PartyGaming.) [HKLM][64Bits] -- PartyPoker => Casino.OnlineGames
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars => PartyGaming PokerStars
O43 - CFD: 04/07/2013 - 10:56:24 - [16,502] ----D C:\Program Files (x86)\PacificPoker => Game
O43 - CFD: 27/06/2013 - 21:37:46 - [106,568] ----D C:\Program Files (x86)\PokerStars => PartyGaming PokerStars
O43 - CFD: 17/09/2012 - 17:23:33 - [0] ----D C:\Program Files (x86)\PokerStrategy.com => PokerStrategy.com
O43 - CFD: 04/07/2013 - 11:03:09 - [793,722] ----D C:\Users\Gustavo\AppData\Roaming\PacificPoker => Game
O43 - CFD: 13/07/2013 - 22:24:47 - [0] ----D C:\Users\Gustavo\AppData\Local\Ares
O43 - CFD: 23/03/2013 - 18:08:16 - [0,659] ----D C:\Users\Gustavo\AppData\Local\FullTiltPoker => FullTiltPoker
O43 - CFD: 24/07/2013 - 21:50:43 - [7,090] ----D C:\Users\Gustavo\AppData\Local\PokerStars => PartyGaming PokerStars
O43 - CFD: 17/09/2012 - 17:35:46 - [0,001] ----D C:\Users\Gustavo\AppData\Local\PokerStrategy.com => PokerStrategy.com
O43 - CFD: 04/07/2013 - 10:56:24 - [0] ----D C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
O44 - LFC:[MD5.2FA3CA2C3C9C245891FBA5DEA9747061] - 16/07/2013 - 18:15:18 ---A- . (...) -- C:\zoek-results.log [34374]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1}] => Casino.OnlineGames
[HKCU\Software\PartyGaming] => Casino.OnlineGames
[HKCU\Software\PartyGaming] => Casino.OnlineGames
[HKCU\Software\pacificpoker] => Game
[HKCU\Software\pokerinstaller] => Game
[HKCU\Software\AppDataLow\Software\LyricsOn]

emptytemp
emptyclsid
emptyflash
firewallraz
sysrestore


|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.

ZHPDiag_PasteClipboard.jpg

|- Clique no menu,"Paste ClipBoard".

acerMAbC.jpg

|- Clique "GO" -> Oui.

ZHPFix_GO.jpg

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

ZHPDiag_ReportSuppression_zps6b8f97d4.jp

|- Ps: Para obter o relatório,basta clicar no ícone "Report of suppression".

ZHPDiag_CopyClipboard_zps02f0cf87.jpg

|- À seguir,abra o Bloco de Notas e clique no ícone "Copy ClipBoard". << Colar!

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito