[Arquivado] Avast não consegue eliminar vírus

[Nigel 0]

O computador está normal, mas a internet às vezes fica muuuito lenta.

O avast acusa vários virus, No último scan que fiz ao reiniciar ele recuperou alguns mas outros não conseguiu fazer nada, apenas ignorar.

Segue o log do avast e do hijackthis

 

AVAST: https://www.dropbox.com/s/nb4kvbjzgmxprg2/avast.jpg

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:28:02, on 05/02/2014

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16476)

Boot mode: Normal

Running processes:

C:\Users\Ricardo Queiroz\AppData\Roaming\uTorrent\uTorrent.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Users\Ricardo Queiroz\Downloads\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/redirectdomain?brand=LGEL&bmod=LGEL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119816&tt=gc_190513_lnkry&babsrc=HP_ss&mntrId=2E32C80AA9F9E52C

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=smt_hp_hao123_br

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.97.1:3128;https=192.168.97.1:3128;socks=192.168.97.1:1080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files (x86)\Minibar\Minibar.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: 74.208.10.249 gs.apple.com

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll (file missing)

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files (x86)\lg_swupdate\giljabistart.exe" Gilautouc

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sidebar] "C:\Program Files (x86)\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Ricardo Queiroz\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - Startup: Dropbox.lnk = Ricardo Queiroz\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ricardo Queiroz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Search - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\Minibar.dll

O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: www.secureweb.com.br

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://cob.bancovw.com.br/viewer9/activeXViewer/activexviewer.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: pcdservice - Phantombility, Inc - C:\Program Files\Phantombility\Phantom CD\pcdservice.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14939 bytes

[Power Max 54]

:) Olá Nigel.

 

:seta: Siga, por gentileza, as dicas dos tutoriais abaixo:

 

Remova adwares e toolbars maliciosas com o Adwcleaner

 

Tutorial do Junkware Removal Tool

 

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt e o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt e nos diga como está seu PC depois destes procedimentos.

 

Ficamos na espera.

[DigRam 144]

Boa Noite! Nigel

 

|- O Power Max me solicitou dar prosseguimento ao seu caso,pois saiu da Moderação do iMasters,onde faço votos que seja por curto período.

 

-/-

 

|- Ps: Pode postar os relatórios das ferramentas que ele indicou.

 

Abs!

[Nigel 0]

Fiz tudo como dizia os tutoriais, realmente a internet esta bem mais rapida!

Seguem os logs (não sabia se era necessário, mas fiz tbm um do hijackthis)

 

# AdwCleaner v3.018 - Relatório criado 06/02/2014 às 19:53:21

# Atualizado 28/01/2014 por Xplode

# Sistema Operacional : Windows 7 Home Premium (64 bits)

# Usuário : Ricardo Queiroz - TRITÃO

# Executando de : C:\Users\Ricardo Queiroz\Desktop\AdwCleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : Browser Manager

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn

Pasta Deletada : C:\ProgramData\Babylon

Pasta Deletada : C:\ProgramData\boost_interprocess

Pasta Deletada : C:\ProgramData\Browser Manager

Pasta Deletada : C:\ProgramData\BrowserProtect

Pasta Deletada : C:\ProgramData\Partner

Pasta Deletada : C:\ProgramData\PC Optimizer Pro

Pasta Deletada : C:\Program Files (x86)\Ask.com

Pasta Deletada : C:\Program Files (x86)\Conduit

Pasta Deletada : C:\Program Files (x86)\Minibar

Pasta Deletada : C:\Program Files (x86)\software4u

Pasta Deletada : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\Local\apn

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\Local\Conduit

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\Local\Minibar

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\Local\OpenCandy

Pasta Deletada : C:\Users\RICARD~1\AppData\Local\Temp\Iminent

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\LocalLow\AskToolbar

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\LocalLow\BabylonToolbar

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\LocalLow\boost_interprocess

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\LocalLow\Conduit

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\LocalLow\Minibar

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\LocalLow\PriceGong

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\BabSolution

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\Babylon

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\DealPly

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\dvdvideosoftiehelpers

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\OpenCandy

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\software4u

Pasta Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\Mozilla\Firefox\Profiles\z2bhl97v.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}

Arquivo Deletada : C:\END

Arquivo Deletada : C:\Users\Ricardo Queiroz\AppData\Local\funmoods.crx

Arquivo Deletada : C:\Users\Ricardo Queiroz\AppData\Local\funmoods-speeddial.crx

Arquivo Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\Mozilla\Firefox\Profiles\z2bhl97v.default\bProtector_extensions.rdf

Arquivo Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\Mozilla\Firefox\Profiles\z2bhl97v.default\bprotector_prefs.js

Arquivo Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\Mozilla\Firefox\Profiles\z2bhl97v.default\searchplugins\Babylon.xml

Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml

Arquivo Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\Mozilla\Firefox\Profiles\z2bhl97v.default\searchplugins\BabylonMngr.xml

Arquivo Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\Mozilla\Firefox\Profiles\z2bhl97v.default\searchplugins\Conduit.xml

Arquivo Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\Mozilla\Firefox\Profiles\z2bhl97v.default\searchplugins\MyStart Search.xml

Arquivo Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\Mozilla\Firefox\Profiles\z2bhl97v.default\searchplugins\search.xml

Arquivo Deletada : C:\Users\Ricardo Queiroz\AppData\Roaming\Mozilla\Firefox\Profiles\z2bhl97v.default\user.js

Arquivo Deletada : C:\Users\Ricardo Queiroz\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

Arquivo Deletada : C:\Users\Ricardo Queiroz\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

Arquivo Deletada : C:\Windows\System32\Tasks\Browser Manager

Arquivo Deletada : C:\Windows\System32\Tasks\Dealply

Arquivo Deletada : C:\Windows\System32\Tasks\EPUpdater

***** [ Atalhos ] *****

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]

Valor Deletedo : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]

Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]

Valor Deletedo : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj

Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [browserMngr Start Page]

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [browserMngrDefaultScope]

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL

Chave Deletedo : HKLM\SOFTWARE\Classes\f

Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.dskBnd

Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1

Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr

Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1

Chave Deletedo : HKLM\SOFTWARE\Classes\funmoodsApp.appCore

Chave Deletedo : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1

Chave Deletedo : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Chave Deletedo : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Chave Deletedo : HKCU\Software\5953dddbb63db946

Chave Deletedo : HKLM\SOFTWARE\5953dddbb63db946

Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2737658

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_libreoffice_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_libreoffice_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_msn-messenger-polygamy_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_msn-messenger-polygamy_RASMANCS

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}

Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{539F76FD-084E-4858-86D5-62F02F54AE86}]

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Valor Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Chave Deletedo : HKCU\Software\APN PIP

Chave Deletedo : HKCU\Software\APN

Chave Deletedo : HKCU\Software\BabSolution

Chave Deletedo : HKCU\Software\BabylonToolbar

Chave Deletedo : HKCU\Software\BI

Chave Deletedo : HKCU\Software\BrowserMngr

Chave Deletedo : HKCU\Software\Conduit

Chave Deletedo : HKCU\Software\DataMngr

[#] Chave Deletedo : HKCU\Software\DataMngr_Toolbar

Chave Deletedo : HKCU\Software\IM

Chave Deletedo : HKCU\Software\ImInstaller

Chave Deletedo : HKCU\Software\InstallCore

Chave Deletedo : HKCU\Software\Minibar

Chave Deletedo : HKCU\Software\pc optimizer pro

Chave Deletedo : HKCU\Software\smartbar

Chave Deletedo : HKCU\Software\Softonic

Chave Deletedo : HKCU\Software\AppDataLow\Software\AskToolbar

Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit

Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong

Chave Deletedo : HKCU\Software\AppDataLow\Software\smartbar

Chave Deletedo : HKLM\Software\APN

Chave Deletedo : HKLM\Software\AskToolbar

Chave Deletedo : HKLM\Software\Babylon

Chave Deletedo : HKLM\Software\BrowserMngr

Chave Deletedo : HKLM\Software\Conduit

Chave Deletedo : HKLM\Software\DataMngr

Chave Deletedo : HKLM\Software\IB Updater

Chave Deletedo : HKLM\Software\Iminent

Chave Deletedo : HKLM\Software\InstallIQ

Chave Deletedo : HKLM\Software\Minibar

Chave Deletedo : HKLM\Software\PIP

Chave Deletedo : HKLM\Software\systweak

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Chave Deletedo : [x64] HKLM\SOFTWARE\IB Updater

Chave Deletedo : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Chave Deletedo : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16476

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [browserMngr Start Page]

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [backup.Old.Start Page]

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v23.0.1 (pt-BR)

[ Arquivo : C:\Users\Ricardo Queiroz\AppData\Roaming\Mozilla\Firefox\Profiles\z2bhl97v.default\prefs.js ]

Linha deletada : user_pref("CT2737658.UserID", "UN36949427892971218");

Linha deletada : user_pref("CT2737658.addressUrlXPETakeover", "true");

Linha deletada : user_pref("CT2737658.autoDisableScopes", 0);

Linha deletada : user_pref("CT2737658.browser.search.defaultthis.engineName", "true");

Linha deletada : user_pref("CT2737658.defaultSearchXPETakeover", "true");

Linha deletada : user_pref("CT2737658.installDate", "29/1/2013 8:07:00");

Linha deletada : user_pref("CT2737658.keyword", "true");

Linha deletada : user_pref("CT2737658.smartbar.homepage", "true");

Linha deletada : user_pref("CT2737658.startPageXPETakeover", "true");

Linha deletada : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6Oz0XFkDN5&&i=26&search=");

Linha deletada : user_pref("backup.old.browser.search.defaultenginename", "Search the web (Babylon)");

Linha deletada : user_pref("backup.old.browser.search.selectedEngine", "Search the web (Babylon)");

Linha deletada : user_pref("backup.old.browser.startup.homepage", "hxxp://search.babylon.com/?affID=44444&tt=120912_ccp_3712_3&babsrc=HP_ss&mntrId=2e3221e7000000000000207c8f2970e5");

Linha deletada : user_pref("browser.search.defaultengine", "Ask.com");

Linha deletada : user_pref("browser.search.defaultenginename", "MyStart Search");

Linha deletada : user_pref("browser.search.defaultthis.engineName", "FreeOnlineRadioPlayerRecorder Customized Web Search");

Linha deletada : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}&CUI=UN36949427892971218");

Linha deletada : user_pref("browser.search.order.1", "Search the web (Babylon)");

Linha deletada : user_pref("browser.search.selectedEngine", "MyStart Search");

Linha deletada : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb203?a=6Oz0XFkDN5&i=26|hxxp://www.google.com.br/");

Linha deletada : user_pref("ct2737658.UserID", "UN36949427892971218");

Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);

Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Linha deletada : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Linha deletada : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);

Linha deletada : user_pref("extensions.BabylonToolbar.id", "2e3221e7000000000000207c8f2970e5");

Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15598");

Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=2e3221e7000000000000207c8f2970e5&q=");

Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");

Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");

Linha deletada : user_pref("extensions.BabylonToolbar_i.babExt", "");

Linha deletada : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=44444&tt=120912_ccp_3712_3");

Linha deletada : user_pref("extensions.BabylonToolbar_i.newTab", false);

Linha deletada : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Linha deletada : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1221:58:56");

Linha deletada : user_pref("extensions.asktb.ff-original-keyword-url", "");

Linha deletada : user_pref("extensions.enabledItems", "helperbar@helperbar.com:1.0,{040101e6-a672-4c0f-84a6-1e0b3616c289}:1.0,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94,{6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.[...]

Linha deletada : user_pref("extensions.funmoods.aflt", "ironpub");

Linha deletada : user_pref("extensions.funmoods.autoRvrt", false);

Linha deletada : user_pref("extensions.funmoods.dfltLng", "");

Linha deletada : user_pref("extensions.funmoods.dfltSrch", true);

Linha deletada : user_pref("extensions.funmoods.dnsErr", true);

Linha deletada : user_pref("extensions.funmoods.envrmnt", "production");

Linha deletada : user_pref("extensions.funmoods.excTlbr", false);

Linha deletada : user_pref("extensions.funmoods.hmpg", true);

Linha deletada : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Fzy0EyDtB0CtBtC0EyBtN0D0Tzu0StByDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1761651[...]

Linha deletada : user_pref("extensions.funmoods.id", "C80AA9F9E52C21E7");

Linha deletada : user_pref("extensions.funmoods.instlDay", "15597");

Linha deletada : user_pref("extensions.funmoods.instlRef", "ironpub");

Linha deletada : user_pref("extensions.funmoods.isdcmntcmplt", true);

Linha deletada : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Linha deletada : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Fzy0EyDtB0CtBtC0EyBtN0D0Tzu0StByDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=17616[...]

Linha deletada : user_pref("extensions.funmoods.prdct", "funmoods");

Linha deletada : user_pref("extensions.funmoods.prtnrId", "funmoods");

Linha deletada : user_pref("extensions.funmoods.srchPrvdr", "Search");

Linha deletada : user_pref("extensions.funmoods.tlbrId", "base");

Linha deletada : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Fzy0EyDtB0CtBtC0EyBtN0D0Tzu0StByDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=176[...]

Linha deletada : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Linha deletada : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Linha deletada : user_pref("extensions.funmoods_i.newTab", true);

Linha deletada : user_pref("extensions.funmoods_i.smplGrp", "none");

Linha deletada : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2222:20:14");

Linha deletada : user_pref("extensions.incredibar_i.aflt", "orgnl");

Linha deletada : user_pref("extensions.incredibar_i.dfltLng", "");

Linha deletada : user_pref("extensions.incredibar_i.did", "10643");

Linha deletada : user_pref("extensions.incredibar_i.excTlbr", false);

Linha deletada : user_pref("extensions.incredibar_i.id", "2e3221e7000000000000207c8f2970e5");

Linha deletada : user_pref("extensions.incredibar_i.installerproductid", "26");

Linha deletada : user_pref("extensions.incredibar_i.instlDay", "15726");

Linha deletada : user_pref("extensions.incredibar_i.instlRef", "");

Linha deletada : user_pref("extensions.incredibar_i.ms_url_id", "");

Linha deletada : user_pref("extensions.incredibar_i.newTab", false);

Linha deletada : user_pref("extensions.incredibar_i.ppd", "1");

Linha deletada : user_pref("extensions.incredibar_i.prdct", "incredibar");

Linha deletada : user_pref("extensions.incredibar_i.productid", "26");

Linha deletada : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

Linha deletada : user_pref("extensions.incredibar_i.smplGrp", "none");

Linha deletada : user_pref("extensions.incredibar_i.tlbrId", "base");

Linha deletada : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6Oz0XFkDN5&loc=IB_TB&i=26&search=");

Linha deletada : user_pref("extensions.incredibar_i.upn2", "6Oz0XFkDN5");

Linha deletada : user_pref("extensions.incredibar_i.upn2n", "92262835730629775");

Linha deletada : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

Linha deletada : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:11:30");

Linha deletada : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

Linha deletada : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb203?a=6Oz0XFkDN5&i=26&search=");

Linha deletada : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2737658&SearchSource=13&CUI=UN36949427892971218");

Linha deletada : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=2&CUI=UN36949427892971218&q=");

Linha deletada : user_pref("smartbar.originalHomepage", "hxxp://mystart.incredibar.com/mb201?a=6Oz0XFkDN5&i=26");

Linha deletada : user_pref("smartbar.originalSearchAddressUrl", "hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6Oz0XFkDN5&&i=26&search=");

Linha deletada : user_pref("smartbar.originalSearchEngine", "MyStart Search");

-\\ Google Chrome v32.0.1700.107

[ Arquivo : C:\Users\Ricardo Queiroz\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo : homepage

*************************

AdwCleaner[R0].txt - [34464 octets] - [06/02/2014 19:51:27]

AdwCleaner[s0].txt - [32080 octets] - [06/02/2014 19:53:21]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [32141 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Windows 7 Home Premium x64

Ran by Ricardo Queiroz on 06/02/2014 at 20:07:05,48

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-913290968-81056970-628956243-1001\Software\ib updater

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-913290968-81056970-628956243-1001\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho73D7.tmp

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\browser manager"

Successfully deleted: [Folder] "C:\Program Files (x86)\hao123.com"

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{013B008F-8670-4969-B56E-B8834393F17E}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{03815D75-EAF3-4201-B883-14CCB22C3A7C}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{063D6EB7-A679-46F5-B445-8532DE31D493}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{0B69ECB1-15DA-4CFB-BE0D-EB3F2FA075F2}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{0D6FA3E3-11EA-43ED-BC2B-D56F7556189D}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{0E2E0C4E-46B8-4CF6-8F9F-C61D57940B18}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{1484ED86-733C-450D-9D72-16BBBC2BE7B1}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{19DC3D23-B626-4D66-B6E2-E87FF894FC8C}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{1A854ED5-4C62-47B3-8710-64615570F1E6}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{1A96DE2D-A556-44ED-89B1-1E44FFA86EA7}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{22061D94-893D-4C1D-BF00-7A2C9D4EE33A}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{23128CF0-49D9-4504-AC1D-B5B84CE5C780}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{26BC4B01-EF8E-4C70-874A-EB0A26FBECF9}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{278AEAFA-8A5B-478D-9C28-26B86CF47D9C}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{293532A3-E2D9-4DEE-88AA-0096575F743E}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{2A7A12E7-F4D7-4D08-9C98-4ACCE014FB5E}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{2B403EC1-C049-4BCC-B638-CDE863958DA0}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{2C5479F9-B52F-4193-B240-FB7894A9F247}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{319A690D-15B6-4DE7-9220-3EF3F7E4440F}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{341D2ADC-BD4E-4CAC-857C-DE8E38771D06}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{3AFAF466-7B93-4DCD-8458-7E9FEFB5C291}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{3BC27C8F-4272-441C-B81C-BAF63818A2E9}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{3BC8BA6C-305D-460A-BE03-1883C432D6A5}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{3C4C1963-4A95-4567-883A-FB5BAAF803A9}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{3C6BF2E1-CE66-4CB3-96C3-F5652117C40F}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{3FBCD249-F22D-4129-BB22-D5918F986AF4}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{425D27CD-B4BB-46B8-9C39-3C67AAD7F86C}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{47D65542-9380-44DC-A639-B9DEA618B5B9}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{48E07CD1-14E2-4B76-93B4-4204D4C9A483}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{4AFEB9D1-BF86-4F3D-9817-616321EE8107}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{4D2A717A-DA1F-4942-BCB9-150C61BB4709}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{4F65733B-BD89-48A5-AB92-EC7CCB1ABA4F}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{53DA5594-BFFF-4E00-BF60-1D7EB04707BF}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{554193CE-D950-4697-BB15-2BF662CF960D}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{5750E92B-CFF6-4900-AC8A-5B3F6FF89705}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{57701FC3-B5D4-4D9A-916B-C82D6408CB7B}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{5A0912AC-5EF0-463F-ADAC-2260A72EE606}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{5A26E196-FC66-4D67-8DA6-D8FEA9004694}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{5B8AD369-08CC-4A0C-A41A-BC1D040BAE59}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{5CD3D27A-E5B2-40D1-9F13-C1BBD6CD30F3}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{5F7D5EF0-5AC5-49FD-BBE8-207A5B57709E}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{62AA8921-8441-4BA0-AF39-3201B03C4AA8}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{64DDD8B1-BDAA-4C2E-A037-03F530ECB9D6}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{662A97AE-EDBA-4B22-9862-465C082CA377}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{6A74CF76-4F2D-4FC2-B743-1D23B07DA500}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{6B31F470-1673-469C-92F1-95F0087CA212}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{6D6989BE-824F-4993-9DF0-754881C255BA}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{6DD9C69B-091A-4052-A828-A74C954009F8}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{6F8DF9CC-6BCB-4F26-A14D-6202C0E72E35}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{706CECBC-529B-406B-B6FB-6E9E5D05EBD0}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{73C64C8A-F2C2-4565-A954-D39E5FB356EA}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{74B3335F-21DC-47DA-BDC5-97C591DA94EC}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{7677B555-3A7F-4253-825D-A42508F70690}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{777DCA05-CB13-4ED5-A7EC-A97612E0FE9F}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{777F4859-FB6A-4466-B75A-42BC4E3DA6B3}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{7A2D59D5-F311-4016-899E-EB480137731A}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{7B53E101-3DE4-43CE-81F8-1AEA5A073FB0}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{7B9B7F70-804A-436A-9F0E-3F398180F04C}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{7C971D21-D861-4E1D-91C4-24D3A936B607}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{7FCD797C-6143-4360-ACBB-8670FE2E1974}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{816DFD08-D708-43E1-85A3-5EA94764F8D3}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{81A0651C-DF1E-465B-AFA6-028E1D1BBF16}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{833322F1-3155-48B5-9957-3EADCE13CF52}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{84788534-0A91-4F01-B078-F7BB07F35A25}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{856B726B-D119-463B-9E77-DE9925BAC64E}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{85E9B1CE-9CF8-4402-A2BD-10FB4A17581E}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{8621531A-EFC2-4F45-86FD-46AF8C154400}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{862E14CB-D76E-4281-8EDB-CE8BECBE3670}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{894788AD-5D01-45B2-AF68-1B2AC829B13D}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{8A72AF0B-974B-40A7-9C93-503683F824CB}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{8AE6627F-FEE7-4D64-AB3E-93464DF62E1B}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{8BBC81FD-7513-4FED-8B6B-9EEE06F927F2}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{907AC11A-7108-42E0-B4C6-BE2C80CDCD76}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{90D5FE8F-4328-4603-82A7-1FC493CDC7D8}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{91745CD4-9B5A-492D-AE66-87943BCFA233}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{92E38946-3648-462D-9234-DF90758BDE0F}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{9383534F-FB06-482E-9792-F19C0E3FC452}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{9BB4C38A-1BF5-4EB4-800A-6AB5AD2AD1AC}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{9D893B36-EAA3-4620-9EA2-FCCF16651F5F}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{A1F69D44-FAE8-4B73-9061-0282EC83035E}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{A308FEA3-7046-4021-B98B-C1ABF2855609}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{A3A82896-83A8-44DD-8AD9-67896460400C}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{AAA8C396-CEF9-4738-AC39-48E816D40AFC}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{ABE55D39-FCAF-4278-8B81-7D76932BA289}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{ABF6661F-8D4B-47B0-8BD5-793FC725A64C}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{B450A3A6-9443-4663-A638-AD5529BF8950}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{C22D843F-5261-4A96-93D5-2989063F95D9}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{C43D22BC-7A56-463A-8794-71BACEA2447F}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{C470212C-34D0-4102-A41D-C953834E384F}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{C9C8968F-2156-4CBE-9B9C-B636F1F117F3}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{CD8CBCC2-87E2-447D-8D4C-614C33CF1D81}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{D2331072-24D1-42AD-A965-3874270529E0}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{D323CD2F-754B-406B-B65E-9F67E76018DF}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{D493EA8A-CE2D-4F34-A8BC-780E1F389FFA}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{D56FD2F3-3044-4A65-8AF2-704C6E3A3045}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{D5E075FB-0444-4ED7-B554-1428934EC944}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{DC0D03CE-97A9-48CB-A442-56E7D654C8A7}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{DCD64FB9-6990-484E-AEA3-FE9EA4ADF390}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{DD92BEFE-24CE-4B11-8891-A4C40CA4E13F}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{DF343ACC-875C-4566-B643-CE829864C209}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{DF95024F-AFF8-4D85-AB4A-28DB2A9034A1}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{E472E026-AADE-4E5D-92F6-22AF8502235C}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{E68FC01D-DA20-4215-A500-C31587F464DA}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{EC3605F1-DAB5-410D-9C35-A7FE709DBEC5}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{EF5E1352-DA46-4FC1-AF17-DB5BF88A905B}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{F3B3E605-94B4-4D7B-8124-8059DF2A0527}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{F4B30A2C-5282-4F6F-BD58-6C8444F33149}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{F69B2BF7-41BF-4C18-BCF1-8381C886A6A3}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{FAEA7BC9-7688-4C72-ADD9-75369A9041D3}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{FB7B07B2-F34A-4A48-83C8-870934717F9F}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{FB94309A-CEE9-4760-B078-0E7EF22F3086}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{FD3176E4-99C6-4E6A-86DB-B12393CF7138}

Successfully deleted: [Empty Folder] C:\Users\Ricardo Queiroz\appdata\local\{FF1F10C2-B919-42A2-BD05-16B7283DAD1B}

~~~ FireFox

Successfully deleted: [File] C:\user.js

Emptied folder: C:\Users\Ricardo Queiroz\AppData\Roaming\mozilla\firefox\profiles\z2bhl97v.default\minidumps [3 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 06/02/2014 at 20:19:10,86

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:22:37, on 06/02/2014

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16476)

Boot mode: Normal

Running processes:

C:\Users\Ricardo Queiroz\AppData\Roaming\uTorrent\uTorrent.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Users\Ricardo Queiroz\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/redirectdomain?brand=LGEL&bmod=LGEL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.97.1:3128;https=192.168.97.1:3128;socks=192.168.97.1:1080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: 74.208.10.249 gs.apple.com

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files (x86)\lg_swupdate\giljabistart.exe" Gilautouc

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sidebar] "C:\Program Files (x86)\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Ricardo Queiroz\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: Dropbox.lnk = Ricardo Queiroz\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ricardo Queiroz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: www.secureweb.com.br

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://cob.bancovw.com.br/viewer9/activeXViewer/activexviewer.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: pcdservice - Phantombility, Inc - C:\Program Files\Phantombility\Phantom CD\pcdservice.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13233 bytes

[DigRam 144]

Boa Noite! Nigel

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < zoek.exe >

|- Salve-o e descompacte-o para o desktop!
|- Estarão disponíveis: zoek.com, zoek.scr, zoek.pif e zoek.exe
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;
iedefaults;
shortcutfix;
autoclean;
resethosts;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o surgimento do relatório.
|- Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.



|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

Abs!

 

[Nigel 0]

Não aparece nada quando clico no arquivo, fica carregando um pouco e para. Tentei tambem os outros arquivos, mas da no mesmo. As vezes aparece uma tela do dos mas some bem rapido. Tentei fazer pelo modo ee segurança mas tbm nao funciona, e agora ?

 

1 hora depois que cliquei no programa, abriu a tela qdo programa oO

rodou normalmente, depois que reiniciou ficou uma tela preta, abri o gerenciador de tarefas e executei o explorer. aí o pc funcionou.

segue o log:

 

 

 

 

 

Zoek.exe v5.0.0.0 Updated 13-February-2014

Tool run by Ricardo Queiroz on 13/02/2014 at 21:24:02,35.

Microsoft Windows 7 Home Premium 6.1.7600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Ricardo Queiroz\Downloads\zoek.exe [scan all users] [script inserted]

 

==== System Restore Info ======================

 

13/02/2014 21:34:00 Zoek.exe System Restore Point Created Succesfully.

 

==== Reset Hosts File ======================

 

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

 

# localhost name resolution is handle within DNS itself.

127.0.0.1 localhost

::1 localhost

 

==== Creating Sample_022014_2143.zip ======================

 

Process rundll32.exe killed

Copied file C:\Users\Ricardo Queiroz\AppData\Roaming\Setup.1.4.exe to sample\Setup.1.4.exe

Copied file C:\Users\Ricardo Queiroz\AppData\Roaming\unins000.exe to sample\unins000.exe

Copied file C:\Users\Ricardo Queiroz\AppData\Roaming\unins001.exe to sample\unins001.exe

Copied file C:\Users\Ricardo Queiroz\AppData\Roaming\unins002.exe to sample\unins002.exe

sample\Setup.1.4.exe renamed to CA08712BD9BD177B91EEAEBBED3D0EB1

sample\unins000.exe renamed to 45D18DC0CA53BFFAA11F992BEF63280D

sample\unins001.exe renamed to AD6E810B9CE3D8C0C1FF0203C68C6FA6

sample\unins002.exe renamed to 169180F02ABCECA5DE72FC5EEBC861BB

 

C:\Users\Public\Desktop\sample_022014_2143.zip created successfully

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== FireFox Fix ======================

 

ProfilePath: C:\Users\Ricardo Queiroz\AppData\Roaming\Mozilla\Firefox\Profiles\z2bhl97v.default

 

user.js not found

---- Lines imbooster removed from prefs.js ----

user_pref("id_imbooster4web_v6.Var1", "0");

user_pref("id_imbooster4web_v6.Var10", "0");

user_pref("id_imbooster4web_v6.Var2", "0");

user_pref("id_imbooster4web_v6.Var3", "0");

user_pref("id_imbooster4web_v6.Var4", "0");

user_pref("id_imbooster4web_v6.Var5", "0");

user_pref("id_imbooster4web_v6.Var6", "0");

user_pref("id_imbooster4web_v6.Var7", "0");

user_pref("id_imbooster4web_v6.Var8", "0");

user_pref("id_imbooster4web_v6.Var9", "0");

user_pref("id_imbooster4web_v6.cache.tbs_include_xml_006938", "31/18/5/5/112");

user_pref("id_imbooster4web_v6.firstlaunch", "0");

user_pref("id_imbooster4web_v6.guid", "{9721618F-DEEC-5B5B-6BCC-8AAD648A5827}");

user_pref("id_imbooster4web_v6.userId", "");

user_pref("id_imbooster4web_v6_installed_version", "1.0.1018.0");

---- FireFox user.js and prefs.js backups ----

 

prefs_022014_2144_.backup

 

==== Registry Fix Code ======================

 

Windows Registry Editor Version 5.00

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"BrowserMngr Start Page"=-

 

==== Deleting Files \ Folders ======================

 

C:\Users\Ricardo Queiroz\AppData\Roaming\HoolappForAndroid deleted

C:\Users\Default\AppData\Local\AskToolbar deleted

C:\windows\SysNative\Tasks\Hoolapp For Android deleted

C:\windows\SysNative\Tasks\Hoolapp Init deleted

C:\Users\Ricardo Queiroz\Downloads\SoftonicDownloader_para_libreoffice.exe deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AskToolbar deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Toolbar4 deleted

C:\Windows\tasks\PC Optimizer Pro64 startups.job deleted

C:\windows\SysNative\tasks\PC Optimizer Pro64 startups deleted

C:\Windows\Syswow64\sho2706.tmp deleted

C:\Users\Ricardo Queiroz\AppData\Roaming\Setup.1.4.exe deleted

C:\Users\Ricardo Queiroz\AppData\Roaming\unins000.exe deleted

C:\Users\Ricardo Queiroz\AppData\Roaming\unins001.exe deleted

C:\Users\Ricardo Queiroz\AppData\Roaming\unins002.exe deleted

"C:\Users\Ricardo Queiroz\AppData\Local\{AB9D718F-C38C-4C68-9FC9-4EA4A16D1820}" deleted

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [20/01/2014 11:09]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Ricardo Queiroz\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [19/01/2014 18:09]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\Ricardo Queiroz\AppData\Roaming\Mozilla\Firefox\Profiles\z2bhl97v.default

- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Click to call with Skype - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Ricardo Queiroz\AppData\Roaming\Mozilla\Firefox\Profiles\z2bhl97v.default

257E7BD1D90C987F5F2DDC1CCB185DC3 - C:\Users\Ricardo Queiroz\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal

630B1C896D9DC03447A6951102EBEBFD - C:\Users\Ricardo Queiroz\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil

FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Ricardo Queiroz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17

63BF4171F8EF7AA2C9D20EFB5B336B63 - C:\Users\Ricardo Queiroz\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll - Módulo de Proteção - Banco Santander (Brasil) S.A.

E64819B6014A93E2503BB52419A0F6F3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll - Shockwave Flash

92E874667621A2A475FC8EA91DD763A2 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks Chrome Background Extension Plug-In (32-bit)

94A6E06BF6531D623FE30A7C38E65F61 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer HTML5VideoShim Plug-In (32-bit)

B07511C6F3BBC07B1E09E44F20EE5B8A - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

09B4E13D25623D879D35286E2D29FF13 - C:\Users\Ricardo Queiroz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

58B690C992C321664AB6145A350B5DCD - C:\Users\Ricardo Queiroz\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil

406106D91D3F86FD34EC194940855746 - C:\Users\Ricardo Queiroz\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

 

 

==== Chrome Look ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

fnjbmmemklcjgepojigaapkoodmkgbae - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx[07/02/2011 21:17]

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[20/01/2014 11:09]

jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[14/02/2012 01:42]

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[16/08/2011 07:20]

nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx[07/02/2011 21:17]

 

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\Ricardo Queiroz\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[01/04/2013 14:43]

nnjbodopomfddehlalfilheomcahbpei - C:\Users\Ricardo Queiroz\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[04/11/2013 13:48]

pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Ricardo Queiroz\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[08/01/2014 18:23]

 

GBBD Banco Santander (Brasil) S.A. - Ricardo Queiroz\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface

avast Online Security - Ricardo Queiroz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

Vagalume - Ricardo Queiroz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipgcdnbeeiajinajlafjcdfhckglcopd

GBBD Caixa Economica Federal - Ricardo Queiroz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei

GBBD Banco do Brasil - Ricardo Queiroz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

Google Reader - Ricardo Queiroz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm

 

==== Chrome Fix ======================

 

C:\Users\Ricardo Queiroz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage deleted successfully

C:\Users\Ricardo Queiroz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage-journal deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Backup.Old.Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Backup.Old.Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{518A5696-B222-9B42-6DA4-079D42F4F880} Unknown Url="Not_Found"

{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-913290968-81056970-628956243-1001\Software\Microsoft\Internet Explorer\SearchScopes\{518A5696-B222-9B42-6DA4-079D42F4F880} deleted successfully

HKEY_USERS\S-1-5-21-913290968-81056970-628956243-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{6E19037A-12E3-4295-8915-ED48BC341614} deleted successfully

 

==== shortcuts on Users Desktops ======================

 

C:\Users\Default\Desktop\Blu-ray Disc Suite.lnk - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\PS.exe

C:\Users\Default\Desktop\CyberLink YouCam.lnk - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe

C:\Users\Default\Desktop\LG Smart Recovery.lnk - C:\Program Files (x86)\LG Software\LG Smart Recovery\LG Smart Recovery.exe

C:\Users\Default\Desktop\NAV2010SETUP.lnk - C:\Windows\NAV\Setup.exe

C:\Users\Default User\Desktop\Blu-ray Disc Suite.lnk - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\PS.exe

C:\Users\Default User\Desktop\CyberLink YouCam.lnk - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe

C:\Users\Default User\Desktop\LG Smart Recovery.lnk - C:\Program Files (x86)\LG Software\LG Smart Recovery\LG Smart Recovery.exe

C:\Users\Default User\Desktop\NAV2010SETUP.lnk - C:\Windows\NAV\Setup.exe

C:\Users\Ricardo Queiroz\Desktop\Adobe Photoshop CS5.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe

C:\Users\Ricardo Queiroz\Desktop\Computador.lnk -

C:\Users\Ricardo Queiroz\Desktop\Downloads.lnk - C:\Users\Ricardo Queiroz\Downloads

C:\Users\Ricardo Queiroz\Desktop\Dropbox.lnk - C:\Users\Ricardo Queiroz\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\Ricardo Queiroz\Desktop\JDownloader.lnk - C:\Program Files (x86)\JDownloader\JDownloaderPortable.exe

C:\Users\Ricardo Queiroz\Desktop\Jumi.lnk - C:\Program Files (x86)\Jumi\jumi.exe /relaunch

C:\Users\Ricardo Queiroz\Desktop\mp3DirectCut.lnk - C:\Program Files (x86)\mp3DirectCut\mp3DirectCut.exe

C:\Users\Ricardo Queiroz\Desktop\µTorrent.lnk -

C:\Users\Ricardo Queiroz\Desktop\DEE JAY\MAGIX Digital DJ.lnk - C:\Program Files (x86)\MAGIX\Digital_DJ\MAGIX Digital DJ.exe

C:\Users\Ricardo Queiroz\Desktop\DEE JAY\MixMeister Fusion + Video.lnk - C:\Program Files (x86)\MixMeister Fusion + Video\Fusion.exe

C:\Users\Ricardo Queiroz\Desktop\DEE JAY\Virtual DJ Pro.lnk - C:\Program Files (x86)\VirtualDJ\virtualdj_pro.exe

C:\Users\Ricardo Queiroz\Desktop\MÚSICAS\Caetano.V.Maria.G.Multishow.A.Vivo.therebels.bycontro\Caetano Veloso e Maria Gadú - Multishow Ao Vivo - cd 1\Caetano Veloso e Maria Gadú\Caetano Veloso e Maria Gadú - Atalho.lnk -

C:\Users\Ricardo Queiroz\Desktop\RICARDO\MEDICINA\iSilo.lnk - C:\Program Files (x86)\iSilo\iSilo\iSilo.exe

C:\Users\Ricardo Queiroz\Desktop\RICARDO\MEDICINA\Livros Medicina\Livros em Português\Material em portugues\Atalho para Cirurgia.lnk -

C:\Users\Ricardo Queiroz\Desktop\RICARDO\Pwnage\redsn0w_win_0.9.15b3\boot-ipt4g.lnk - C:\Users\Ricardo Queiroz\Desktop\RICARDO\Pwnage\redsn0w_win_0.9.15b3\redsn0w.exe -j -i "C:\iPod4,1_4.2.1_8C148_Restore.ipsw"

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\Aimersoft iPod Copy Manager.lnk - C:\Program Files (x86)\Aimersoft\iPod Copy Manager\iPodManager.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\Blu-ray Disc Suite.lnk - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\PS.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\Boxoft Wav to MP3 (freeware).lnk - C:\Program Files (x86)\Boxoft Wav to MP3 (freeware)\wavtomp3.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\CopyTrans Control Center.lnk - C:\Users\Ricardo Queiroz\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\DiskAid.lnk - C:\Program Files (x86)\DigiDNA\DiskAid\DiskAid.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\FastStone Photo Resizer.lnk - C:\Program Files (x86)\FastStone Photo Resizer\FSResizer.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\First PDF.lnk - C:\Program Files (x86)\First PDF\First PDF.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\Fotosizer.lnk - C:\Program Files (x86)\Fotosizer\Fotosizer.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\Free Audio Editor.lnk - C:\Program Files (x86)\Free Audio Editor\FreeAudioEditor.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\Free Easy Burner.lnk - C:\Program Files (x86)\Free Easy CD DVD Burner\FreeEasyBurner.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\iDevice Manager.lnk - C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceManager.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\Image Cut.lnk - C:\Program Files (x86)\ImageCut\ImageSplitter.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\ImageMagick Display.lnk - C:\Program Files (x86)\ImageMagick-6.8.4-Q16\imdisplay.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\IrfanView.lnk - C:\Program Files (x86)\IrfanView\i_view32.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\Jpeg Resampler 2010.lnk - C:\Program Files (x86)\JpegResampler2010\JpegResampler.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\Jumi.lnk - C:\Program Files (x86)\Jumi\jumi.exe /relaunch

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\PCiPod.lnk - C:\Program Files (x86)\PCiPod\PCiPod.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\PDF To JPG.lnk - C:\PDFToJPG\PDFJPG.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\SciLor's grooveshark.com Downloader.lnk - C:\Users\Ricardo Queiroz\Desktop\SciLor's Grooveshark.com Downloader\SciLors GrooveDownloader.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\Serif PhotoPlus Starter Edition.lnk - C:\Program Files (x86)\Serif\PhotoPlus Starter Edition\3.0\Program\PhotoPlus Starter Edition.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\Subtitle Edit.lnk - C:\Program Files (x86)\Subtitle Edit\SubtitleEdit.exe

C:\Users\Ricardo Queiroz\Desktop\VARIOS PROGRAMAS\TileMage Image Splitter.lnk - C:\Program Files (x86)\TileMage\TileMage.exe

C:\Users\USURIO~1\Desktop\Blu-ray Disc Suite.lnk - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\PS.exe

C:\Users\USURIO~1\Desktop\CyberLink YouCam.lnk - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe

C:\Users\USURIO~1\Desktop\LG Smart Recovery.lnk - C:\Program Files (x86)\LG Software\LG Smart Recovery\LG Smart Recovery.exe

C:\Users\USURIO~1\Desktop\NAV2010SETUP.lnk - C:\Windows\NAV\Setup.exe

 

==== shortcuts on All Users Desktop ======================

 

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe

C:\Users\Public\Desktop\avast Free Antivirus.lnk -

C:\Users\Public\Desktop\DivX Plus Player.lnk - C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe

C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe

C:\Users\Public\Desktop\Nero BurnLite 10.lnk - C:\Windows\Installer\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe

C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe

C:\Users\Public\Desktop\RealPlayer.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:desktop

C:\Users\Public\Desktop\Remote Mouse.lnk - C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe

C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe

C:\Users\Public\Desktop\TotalMedia Theatre 5.lnk - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\uLaunchTMT5.exe

 

==== shortcuts in Users Start Menu ======================

 

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Ricardo Queiroz\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Ricardo Queiroz\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Ricardo Queiroz\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

 

==== shortcuts in All Users Start Menu ======================

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse\Remote Mouse.lnk - C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse\Uninstall Remote Mouse.lnk - C:\Program Files (x86)\Remote Mouse\unins001.exe

 

==== shortcuts in Quick Launch ======================

 

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Easy Burner.lnk - C:\Program Files (x86)\Free Easy CD DVD Burner\FreeEasyBurner.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Jumi.lnk - C:\Program Files (x86)\Jumi\jumi.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk - C:\Program Files (x86)\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word Starter 2010.lnk - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604160000"

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

C:\Users\Ricardo Queiroz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Hao123.com deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskmedia deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hoolapp Android deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iDevice Manager Launcher deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9 deleted successfully

 

==== HijackThis Entries ======================

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/redirectdomain?brand=LGEL&bmod=LGEL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.97.1:3128;https=192.168.97.1:3128;socks=192.168.97.1:1080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ::1 localhost

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files (x86)\lg_swupdate\giljabistart.exe" Gilautouc

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sidebar] "C:\Program Files (x86)\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Ricardo Queiroz\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: Dropbox.lnk = Ricardo Queiroz\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ricardo Queiroz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: www.secureweb.com.br

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://cob.bancovw.com.br/viewer9/activeXViewer/activexviewer.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: pcdservice - Phantombility, Inc - C:\Program Files\Phantombility\Phantom CD\pcdservice.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Ricardo Queiroz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Ricardo Queiroz\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Ricardo Queiroz\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Ricardo Queiroz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

 

==== Empty FireFox Cache ======================

 

C:\Users\Ricardo Queiroz\AppData\Local\Mozilla\Firefox\Profiles\z2bhl97v.default\Cache emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\Ricardo Queiroz\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache is not empty, a reboot is needed

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=24 folders=13 6613727 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Ricardo Queiroz\AppData\Local\Temp will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\RICARD~1\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Users\Ricardo Queiroz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Users\Ricardo Queiroz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PL3T5QT8\www.wat.tv" not found

 

==== EOF on 13/02/2014 at 21:58:45,49 ======================

[DigRam 144]

Bom Dia! Nigel

 

|- Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.



|- Execute o ícone do pergaminho. ( ZHPDiag )



|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!



|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < >

|- Maiores informações: < |Link| >

A+

[DigRam 144]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.