Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Amanda Gabrielle

[Arquivado] google chrome abrindo páginas sozinho

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Amanda Gabrielle    0

Amanda Gabrielle
Postado

Olá, uso google chrome no meu windows 8 e já faz mais ou menos 1 mês que ele está abrindo páginas sozinho. Acho que foi algum programa que baixei. Já desinstalei alguns programas suspeitos, mas não deu certo.

Segue aqui o log do hijackthis:

Obrigada.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:41, on 11/05/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\iSafe\iSafeTray.exe
C:\Users\pandora\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\fst_br_102\fst_br_102.exe
C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe
C:\Program Files (x86)\Samsung\Side Sync\adb.exe
C:\Program Files (x86)\iSafe\proxyUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\pandora\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399331940&from=smt&uid=HGSTXHTS545050A7E380_TE85123Q3EHZYW3EHZYWX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1399331940&from=smt&uid=HGSTXHTS545050A7E380_TE85123Q3EHZYW3EHZYWX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: ScanTack - {d332cff8-358e-4c9e-8af3-a08872ef22c1} - C:\Program Files (x86)\ScanTack\ScanTackbho.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (file missing)
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [fst_br_102] "C:\Program Files (x86)\fst_br_102\fst_br_102.exe"
O4 - HKLM\..\RunOnce: [upfst_br_102.exe] C:\Users\pandora\AppData\Local\fst_br_102\upfst_br_102.exe -runonce
O4 - HKCU\..\Run: [uTorrent] "C:\Users\pandora\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\optimi~1\optpro~2.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginService\PluginService.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iSafeService - Elex do Brasil Participações Ltda - C:\Program Files (x86)\iSafe\iSafeSvc.exe
O23 - Service: Intel® Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Update ScanTack - Unknown owner - C:\Program Files (x86)\ScanTack\updateScanTack.exe
O23 - Service: Util ScanTack - Unknown owner - C:\Program Files (x86)\ScanTack\bin\utilScanTack.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wpm Service (Wpm) - Cherished Technololgy LIMITED - C:\ProgramData\WPM\wprotectmanager.exe
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
--
End of file - 12995 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

Oi Amanda.

 

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

 

:seta: Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

 

Remova adwares e toolbars maliciosas com o Adwcleaner

 

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

 

Ficamos na espera.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Amanda Gabrielle    0

Amanda Gabrielle
Postado

Segue log do AdwCleaner

 

# AdwCleaner v3.208 - Relatório criado 12/05/2014 às 12:17:05
# Atualizado 11/05/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language (64 bits)
# Usuário : pandora - AMANDA
# Executando de : C:\Users\pandora\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : 70e6ca8c
Serviço Deletada : IePluginService
Serviço Deletada : iSafeKrnl
Serviço Deletada : iSafeNetFilter
[#] Serviço Deletada : iSafeService
[#] Serviço Deletada : Update ScanTack
[#] Serviço Deletada : Util ScanTack
Serviço Deletada : Wpm
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\IePluginService
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\GrEEaaTsaavEr
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_to_day
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Pasta Deletada : C:\Program Files (x86)\IminentToolbar
[!] Pasta Deletada : C:\Program Files (x86)\iSafe
Pasta Deletada : C:\Program Files (x86)\MediaPlayerplus
Pasta Deletada : C:\Program Files (x86)\Mysearchdial
Pasta Deletada : C:\Program Files (x86)\Optimizer Pro
Pasta Deletada : C:\Program Files (x86)\ScanTack
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Program Files (x86)\Uninstaller
Pasta Deletada : C:\Program Files (x86)\GrEEaaTsaavEr
Pasta Deletada : C:\Program Files (x86)\fst_br_102
Pasta Deletada : C:\Users\Administrador\AppData\Local\torch
Pasta Deletada : C:\Users\Convidado\AppData\Local\torch
Pasta Deletada : C:\Users\pandora\AppData\Local\genienext
Pasta Deletada : C:\Users\pandora\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\pandora\AppData\Local\SaveSense
Pasta Deletada : C:\Users\pandora\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\pandora\AppData\Local\torch
Pasta Deletada : C:\Users\pandora\AppData\Local\fst_br_102
Pasta Deletada : C:\Users\pandora\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\pandora\AppData\Roaming\IminentToolbar
Pasta Deletada : C:\Users\pandora\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\pandora\AppData\Roaming\Optimizer Pro
Pasta Deletada : C:\Users\pandora\AppData\Roaming\qone8
Pasta Deletada : C:\Users\pandora\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\pandora\AppData\Roaming\webssearches
Pasta Deletada : C:\Users\pandora\Documents\Mobogenie
Pasta Deletada : C:\Users\pandora\Documents\Optimizer Pro
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\pandora\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Pasta Deletada : C:\Users\pandora\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc
Arquivo Deletada : C:\Users\pandora\daemonprocess.txt
Arquivo Deletada : C:\Users\pandora\AppData\Local\speedial.crx
Arquivo Deletada : C:\Users\pandora\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Arquivo Deletada : C:\Users\pandora\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\windows\Tasks\3afb30f2-c545-4ee2-8e16-a626c7bddeae-3.job
Arquivo Deletada : C:\windows\System32\Tasks\3afb30f2-c545-4ee2-8e16-a626c7bddeae-3
Arquivo Deletada : C:\windows\Tasks\3afb30f2-c545-4ee2-8e16-a626c7bddeae-5.job
Arquivo Deletada : C:\windows\System32\Tasks\3afb30f2-c545-4ee2-8e16-a626c7bddeae-5
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\Public\Desktop\Google Chrome.lnk
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\pandora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SOFTWARE\Classes\greatsavoEr.greatsavoEr
Chave Deletedo : HKLM\SOFTWARE\Classes\greatsavoEr.greatsavoEr.2.7
Chave Deletedo : HKLM\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker
Chave Deletedo : HKLM\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker.1.0
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_br_102]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2A99F81A-2A83-CDD7-38DF-33D1BAE8ACB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E7B17AB2-70F9-D167-24D7-77A0A1995184}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A99F81A-2A83-CDD7-38DF-33D1BAE8ACB0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7B17AB2-70F9-D167-24D7-77A0A1995184}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A99F81A-2A83-CDD7-38DF-33D1BAE8ACB0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E7B17AB2-70F9-D167-24D7-77A0A1995184}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2A99F81A-2A83-CDD7-38DF-33D1BAE8ACB0}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E7B17AB2-70F9-D167-24D7-77A0A1995184}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{2A99F81A-2A83-CDD7-38DF-33D1BAE8ACB0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7B17AB2-70F9-D167-24D7-77A0A1995184}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A99F81A-2A83-CDD7-38DF-33D1BAE8ACB0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7B17AB2-70F9-D167-24D7-77A0A1995184}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Optimizer Pro
Chave Deletedo : HKCU\Software\RegisteredApplicationsEx
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\ScanTack
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\free_soft_to_day
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\Software\MediaPlayerplus
Chave Deletedo : HKLM\Software\qone8Software
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\ScanTack
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\webssearchesSoftware
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qone8 uninstaller
Chave Deletedo : [x64] HKLM\SOFTWARE\installedbrowserextensions
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~2.dll
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16537
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\pandora\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [startup_urls] : hxxp://start.qone8.com/?type=hp&ts=1399331940&from=smt&uid=HGSTXHTS545050A7E380_TE85123Q3EHZYW3EHZYWX
Deletedo [Homepage] : hxxp://start.qone8.com/?type=hp&ts=1399331940&from=smt&uid=HGSTXHTS545050A7E380_TE85123Q3EHZYW3EHZYWX
Deletedo [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deletedo [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deletedo [Extension] : galajpcknodaogcpmiobmdfaobpkpkec
Deletedo [Extension] : iagcajndpnfncplednpbnkahadegklfa
Deletedo [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
Deletedo [Extension] : majjphhgppkndjjkmhhnbgafooenebhd
Deletedo [Extension] : ndbnkemhkgldnnpfibhiakafocfpjfgc
*************************
AdwCleaner[R0].txt - [14010 octets] - [16/11/2013 09:55:56]
AdwCleaner[R1].txt - [22341 octets] - [12/05/2014 12:11:25]
AdwCleaner[s0].txt - [13294 octets] - [16/11/2013 09:58:41]
AdwCleaner[s1].txt - [19434 octets] - [12/05/2014 12:17:05]
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [19495 octets] ##########

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

Desative temporariamente seu antivírus para evitar conflitos.

 

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

:seta: Para executá-lo corretamente siga as dicas deste tutorial:

 

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

 

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Amanda Gabrielle    0

Amanda Gabrielle
Postado
Log do Zoek:



Zoek.exe v5.0.0.0 Updated 14-April-2014

Tool run by pandora on 12/05/2014 at 17:00:29,53.

Microsoft Windows 8 Single Language 6.2.9200 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\pandora\Downloads\zoek.exe [scan all users] [script inserted]


==== System Restore Info ======================


12/05/2014 17:02:47 Zoek.exe System Restore Point Created Succesfully.


==== Reset Hosts File ======================


# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host


# localhost name resolution is handle within DNS itself.

127.0.0.1 localhost

::1 localhost


==== Deleting CLSID Registry Keys ======================



==== Deleting CLSID Registry Values ======================



==== Deleting Services ======================


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeKrnl deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeNetFilter deleted successfully


==== Deleting Files \ Folders ======================


C:\Users\pandora\AppData\LocalLow\{2A99F81A-2A83-CDD7-38DF-33D1BAE8ACB0} deleted

C:\Users\pandora\AppData\LocalLow\{E7B17AB2-70F9-D167-24D7-77A0A1995184} deleted

C:\Users\pandora\AppData\Local\Packages\windows_ie_ac_001\AC\{2A99F81A-2A83-CDD7-38DF-33D1BAE8ACB0} deleted

C:\Users\pandora\AppData\Local\Packages\windows_ie_ac_001\AC\{E7B17AB2-70F9-D167-24D7-77A0A1995184} deleted

C:\Users\pandora\.android deleted

C:\PROGRA~3\InstallMate deleted

C:\Users\pandora\AppData\Local\cache deleted

C:\Users\pandora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil deleted

C:\Users\pandora\Downloads\SoftonicDownloader_para_daemon-tools.exe deleted

C:\windows\Syswow64\InstallUtil.InstallLog deleted

C:\PROGRA~3\MakeMarkerFile.exe deleted

"C:\Users\pandora\AppData\Local\{375077E0-40D2-4731-AD1F-59D5F659C7D1}" deleted

"C:\PROGRA~3\ea118153eeee7a4b\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}" deleted

"C:\PROGRA~3\ea118153eeee7a4b\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted

"C:\PROGRA~3\ea118153eeee7a4b\{CA41BB14-E67B-1653-C57B-5CA99418A866}" deleted

"C:\PROGRA~3\ea118153eeee7a4b" deleted


==== Firefox Extensions Registry ======================


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"fmconverter@gmail.com"="C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" [07/04/2014 22:00]


==== Chrome Look ======================


YoutubeAdblocker - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec

weibsaVe - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc

YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec

weibsaVe - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc

YoutubeAdblocker - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec

weibsaVe - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc

YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec

weibsaVe - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc

YoutubeAdblocker - pandora\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec

weibsaVe - pandora\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc

Google Docs - pandora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - pandora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - pandora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - pandora\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

PartyCloud DJ - pandora\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko

Mixify Turntables - pandora\AppData\Local\Google\Chrome\User Data\Default\Extensions\flbjgnhcjdkihdiidhimgkcbmdbamkob

Google Wallet - pandora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - pandora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

YoutubeAdblocker - pandora\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec

weibsaVe - pandora\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc

DefaultTab - C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc


==== Chrome Fix ======================


C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec deleted successfully

C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec deleted successfully

C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec deleted successfully

C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec deleted successfully

C:\Users\pandora\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec deleted successfully

C:\Users\pandora\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\galajpcknodaogcpmiobmdfaobpkpkec deleted successfully

C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully

C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc deleted successfully

C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc deleted successfully

C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc deleted successfully

C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc deleted successfully

C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc deleted successfully

C:\Users\pandora\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc deleted successfully

C:\Users\pandora\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ndbnkemhkgldnnpfibhiakafocfpjfgc deleted successfully


==== Set IE to Default ======================


Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Default_Search_URL"="http://www.google.com"

"Default_Page_URL"="http://www.google.com"

"Use Search Asst"="yes"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Default_Page_URL"="http://www.google.com"

"Start Page"="http://www.google.com"

"Search Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.google.com"

"Default_Page_URL"="http://www.google.com"

"Start Page"="http://www.google.com"

"Search Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU


New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]



"Start Page"="http://www.google.com"

"Use Search Asst"="no"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]





[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]





[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"


==== All HKCU SearchScopes ======================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"



==== Reset Google Chrome ======================


C:\Users\pandora\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\pandora\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully


==== shortcuts on Users Desktops ======================


C:\Users\pandora\Desktop\FL Studio 11.lnk - C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe

C:\Users\pandora\Desktop\Free Video to GIF Converter.lnk - C:\Program Files (x86)\Free Video to GIF Converter\FreeVideotoGIFConverter.exe

C:\Users\pandora\Desktop\Media Player Classic - Home Cinema.lnk - C:\Program Files (x86)\Media Player Classic - Home Cinema\mpc-hc.exe

C:\Users\pandora\Desktop\PhotoFiltre Studio X.lnk - C:\Program Files (x86)\PhotoFiltre Studio X\pfstudiox.exe

C:\Users\pandora\Desktop\VirtualDJ Home FREE.lnk - C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe

C:\Users\pandora\Desktop\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Users\pandora\Desktop\µTorrent.lnk - C:\Users\pandora\AppData\Roaming\uTorrent\uTorrent.exe


==== shortcuts on All Users Desktop ======================


C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

C:\Users\Public\Desktop\avast Free Antivirus.lnk -

C:\Users\Public\Desktop\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe

C:\Users\Public\Desktop\Combat Arms.lnk - C:\Level Up Games\Combat Arms\CombatArms.exe

C:\Users\Public\Desktop\Dicionário eletrônico Houaiss.lnk - C:\Program Files (x86)\Houaiss\Houaiss.exe

C:\Users\Public\Desktop\Freemake Video Converter.lnk - C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe

C:\Users\Public\Desktop\Last.fm Scrobbler.lnk - C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe

C:\Users\Public\Desktop\Mixxx.lnk - C:\Program Files (x86)\Mixxx\mixxx.exe

C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe

C:\Users\Public\Desktop\Skype.lnk - C:\windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe


==== shortcuts in Users Start Menu ======================


C:\Users\pandora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk - C:\Program Files (x86)\Samsung\S Agent\CommonAgent.exe

C:\Users\pandora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.lnk - C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf

C:\Users\pandora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL Web Site.lnk - C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL Web Site.url

C:\Users\pandora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\Uninstall.lnk - C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe

C:\Users\pandora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Converter.lnk - C:\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe

C:\Users\pandora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123\hao123.lnk - C:\Users\pandora\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1101.exe

C:\Users\pandora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123\Uninstall hao123.lnk - C:\Users\pandora\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1101.exe uninstall

C:\Users\pandora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager.lnk - C:\Program Files (x86)\Image-Line\Downloader\ILDownloadManager.exe

C:\Users\pandora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\More....lnk - C:\Program Files (x86)\Image-Line\Shared\Start


==== shortcuts in All Users Start Menu ======================


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - C:\Program Files (x86)\DAEMON Tools Lite\SPTDinst-x64.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dicionário Houaiss\Apresentação do dicionário.lnk - C:\Program Files (x86)\Houaiss\Apresentacao.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dicionário Houaiss\Conhecendo o dicionário.lnk - C:\Program Files (x86)\Houaiss\Conhecendo.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dicionário Houaiss\Dicionário eletrônico Houaiss.lnk - C:\Program Files (x86)\Houaiss\Houaiss.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dicionário Houaiss\Manual do dicionário.lnk - C:\Program Files (x86)\Houaiss\Manual.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Desinstalar hao123.lnk - C:\Users\pandora\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe -uninstall

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil\Hao123.lnk - C:\Users\pandora\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 11.lnk - C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line\More....lnk - C:\Program Files (x86)\Image-Line\Shared\Start

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Update Manager\Intel® Update Manager.lnk - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --showui

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\ACID Pro 7.0\ACID Pro 7.0 Readme.lnk - C:\Program Files (x86)\Sony\ACID Pro 7.0\ACID_readme.htm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\ACID Pro 7.0\ACID Pro 7.0.lnk - C:\Program Files (x86)\Sony\ACID Pro 7.0\acid70.exe


==== shortcuts in Quick Launch ======================


C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\pandora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pandora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\hao123.lnk - C:\Users\pandora\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe

C:\Users\pandora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\pandora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\pandora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\pandora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\pandora\AppData\Roaming\uTorrent\uTorrent.exe

C:\Users\pandora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\pandora\AppData\Roaming\Microsoft\Windows\Libraries

C:\Users\pandora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pandora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM

C:\Users\pandora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe

C:\Users\pandora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk -

C:\Users\pandora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\User Guide.lnk - C:\Program Files (x86)\Samsung\User Guide\RunManual.exe


==== Reset IE Proxy ======================


Value(s) before fix:

"ProxyOverride"="*.local"

"ProxyEnable"=dword:00000000


Value(s) after fix:

"ProxyEnable"=dword:00000000


==== Deleting Registry Keys ======================


HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\0C33954C22E80A548861507D218A7799 deleted successfully


==== Empty IE Cache ======================


C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\pandora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\pandora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully


==== Empty FireFox Cache ======================


No FireFox Profiles found


==== Empty Chrome Cache ======================


C:\Users\pandora\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully


==== Empty All Flash Cache ======================


Flash Cache Emptied Successfully


==== Empty All Java Cache ======================


Java Cache cleared successfully


==== C:\zoek_backup content ======================


C:\zoek_backup (files=218 folders=60 4623772 bytes)


==== Empty Temp Folders ======================


C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\EasySurvey\AppData\Local\temp emptied successfully

C:\Users\pandora\AppData\Local\temp will be emptied at reboot

C:\Users\Public\AppData\Local\temp emptied successfully

C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\windows\Temp will be emptied at reboot


==== After Reboot ======================


==== Empty Temp Folders ======================


C:\windows\Temp successfully emptied

C:\Users\pandora\AppData\Local\Temp successfully emptied


==== Empty Recycle Bin ======================


C:\$RECYCLE.BIN successfully emptied


==== EOF on 12/05/2014 at 17:26:29,02 ======================

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

 

:seta: Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

 

Tutorial do Junkware Removal Tool

 

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

 

Ficamos na espera.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Amanda Gabrielle    0

Amanda Gabrielle
Postado
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Single Language x64
Ran by pandora on 13/05/2014 at 0:32:44,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/05/2014 at 0:47:58,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ps. as janelas pararam de aparecer

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

Faça o download do < ZHPDiag2.exe > < NicolasCoolman.jpg> ( ... de Nicolas Coolman )

 

:seta: Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

 

Tutorial de instalação e execução do aplicativo ZHPDiag

 

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Amanda Gabrielle    0

Amanda Gabrielle
Postado
~ Relatório do ZHPDiag v2014.5.12.61 - Nicolas Coolman (12/05/2014)

~ Iniciado por pandora (13/05/2014 12:07:13)

~ Endereço do Website : http://nicolascoolman.webs.com

~ Blog de análise de software : http://nicolascoolman.byethost7.com/wordpress/

~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/

~ Tradução pelo utilizador

~ Estatuto da versão :

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Activate by user



---\\ Navegadores Internet

MSIE: Internet Explorer v10.0.9200.16897 (Defaut)

GCIE: Google Chrome v34.0.1847.131


---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 8 Single Language, 64-bit (Build 9200)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK


---\\ Softwares de proteçao do sistema

avast! Free Antivirus v9.0.2018

Windows Defender W8


---\\ Softwares d'optimização do sistema


---\\ Softwares de partilha do PeerToPeer (P2P)


---\\ Monitoramento dos softwares


---\\ Informações sobre o sistema

~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3795 MB (61% free)

System Restore: Activé (Enable)

System drive C: has 337 GB (76%) free of 441 GB


---\\ Modo de conexão ao sistema

~ Computer Name: AMANDA

~ User Name: pandora

~ All Users Names: pandora, Convidado, Administrador,

~ Unselected Option: 045,061,O62,065,066,080,O82,089

Logged in as Administrator


---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\pandora\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\pandora\AppData\Roaming\

~ %Desktop% : C:\Users\pandora\Desktop\

~ %Favorites% : C:\Users\pandora\Favorites\

~ %LocalAppData% : C:\Users\pandora\AppData\Local\

~ %StartMenu% : C:\Users\pandora\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\


---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 337 Go of 441 Go)

D: CD-ROM drive (Not Inserted)

E: CD-ROM drive (Free 0 Go of 0 Go)




---\\ Estado do Centro de Segurança do Windows

~ Security Center: 49 Legitimates Filtered in 00mn 00s




---\\ Pesquisa particular de ficheiros genéricos

[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]

[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]

[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]

[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/10/2012 - 02:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]

[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]

[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]

[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]

[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]

[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]

[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]

[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]

[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]

[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]

[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]

[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]

[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]

[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]

[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]

[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]

[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]

[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]

~ Generic Processes: Scanned in 00mn 01s




---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes images (My Pictures) : 1/642

~ Mes musiques (My Musics) : 1/4736

~ Mes Videos (My Videos) : 1/3

~ Mes Favoris (My Favorites) : 1/3

~ Mes Documents (My Documents) : 1/3310

~ Mon Bureau (My Desktop) : 1/11

~ Menu demarrer (Programs) : 1/14

~ Hidden Files: Scanned in 00mn 33s




---\\ Processos lançados

[MD5.EBB6E052762BDC16A3A8927D1E6E91F5] - (.Samsung Electronics CO., LTD. - Settings.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2624048] [PID.3372]

[MD5.ADDFB090DE67FB6251ABD242104BAEB5] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\pandora\AppData\Roaming\uTorrent\uTorrent.exe [1270352] [PID.3988] =>P2P.BitTorrent

[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.3364]

[MD5.CE42DFE915F78246364D464902E47360] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2984]

[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.1180]

[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3516]

[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.4452]

[MD5.61DCB3849BB93CE4DA2297961DF24AE7] - (.Samsung Electronics CO., LTD. - SideSync.) -- C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe [6502448] [PID.4580]

[MD5.566F7C207039149618B023164E9F7CB6] - (...) -- C:\Program Files (x86)\Samsung\Side Sync\adb.exe [815104] [PID.3692]

[MD5.0D67EEBB3F9A495AE0D7D9E52BDE3704] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7874048] [PID.1604]

~ Processes Running: Scanned in 00mn 00s




---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\pandora\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)

G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

G2 - GCE: Preference [user Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)


---\\ Pasta de extensão do Google Chrome

~ Google Lines Browser: 15 Legitimates Filtered in 00mn 02s




---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qone8.com =>Hijacker.Qone8

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qone8.com =>Hijacker.Qone8

~ IE Browser: 21 Legitimates Filtered in 00mn 00s




---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s




---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s




---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21




---\\ Barras do Internet Explorer (03))

O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chave orfã

O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã

~ Toolbar: Scanned in 00mn 00s




---\\ Outras conexões do utilizador (04)

O4 - GS\QuickLaunch [pandora]: hao123.lnk . (...) -- C:\Users\pandora\AppData\Roaming\baidu\hao123-br\hao123.1.0.0.1111.exe (.not file.) =>Adware.BDSearch

O4 - GS\QuickLaunch [pandora]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\pandora\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O4 - GS\Desktop [pandora]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\pandora\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Global Startup: 3 Legitimates Filtered in 00mn 03s




---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated

O4 - HKLM\..\Run: [bitcasa] . (.Bitcasa, Inc - Bitcasa for Windows.) -- C:\Program Files\Bitcasa\Bitcasa.exe

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe

O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\pandora\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd

O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe

O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe

O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe

O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation

O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated

O4 - HKUS\S-1-5-21-308377861-1605807132-3586080931-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\pandora\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O4 - HKUS\S-1-5-21-308377861-1605807132-3586080931-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd

~ Application: Scanned in 00mn 00s




---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation

O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã

O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation

~ IE Extra Buttons: Scanned in 00mn 00s




---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F6B0B02-B01F-4632-A192-63CE49061E61}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{3D3B9E1F-6703-4E50-9BC8-74CC75C10B9A}: DhcpNameServer = 10.1.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{0F6B0B02-B01F-4632-A192-63CE49061E61}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{3D3B9E1F-6703-4E50-9BC8-74CC75C10B9A}: DhcpNameServer = 10.1.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

~ Domain: Scanned in 00mn 00s




---\\ Protocolo adicional (018)

O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --

O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s




---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

~ Winlogon: Scanned in 00mn 00s




---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\windows\system32\CbFsMntNtf3.dll

~ SSODL: 2 Legitimates Filtered in 00mn 00s




---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: (no name) [64Bits] - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\windows\SysWow64\CbFsMntNtf3.dll

~ STS/SSO: Scanned in 00mn 00s




---\\ Tarefas planificadas automaticamente (039)

[MD5.5C9B001D8970C2DA36254A916F3DA8F7] [APT] [iUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473] (...) -- C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368]

[MD5.5C9B001D8970C2DA36254A916F3DA8F7] [APT] [iUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon] (...) -- C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368]

[MD5.00000000000000000000000000000000] [APT] [{20F7D16B-51D8-488B-ADD1-C8F1DEA233FC}] (...) -- E:\setupSNK.exe (.not file.) [0]

O39 - APT: - (..) -- C:\Windows\Tasks\DriverEasy Scheduled Scan.job [424]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\DriverEasy Scheduled Scan [424]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084]

~ Scheduled Task: 18 Legitimates Filtered in 00mn 10s




---\\ Drivers lançados ao arranque do sistema (041)

O41 - Driver: (Bfilter) . (. - .) - C:\windows\system32\drivers\Bfilter.sys (.not file.)

O41 - Driver: (Bfmon) . (. - .) - C:\windows\system32\drivers\Bfmon.sys (.not file.)

O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)

O41 - Driver: (Bndef) . (. - .) - C:\windows\system32\drivers\bndef64.sys (.not file.)

O41 - Driver: (Bprotect) . (. - .) - C:\windows\system32\drivers\Bprotect.sys (.not file.)

O41 - Driver: (iSafeKrnlKit) . (. - .) - C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys (.not file.) =>Trojan.Staser

~ Drivers: 60 Legitimates Filtered in 00mn 00s




---\\ Software instalados (042)

O42 - Logiciel: Dicionário eletrônico Houaiss - (...) [HKLM][64Bits] -- Houaiss

~ Logic: 24 Legitimates Filtered in 00mn 01s




---\\ HKCU & HKLM Software Keys

[HKCU\Software\Baidu Security] =>Adware.BDSearch

[HKCU\Software\GbAs]

[HKCU\Software\superdownloads.com.br]

[HKLM\Software\Airplane]

[HKLM\Software\Baidu Security] =>Adware.BDSearch

[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch

[HKLM\Software\Wow6432Node\Level Up! Interactive]

~ Key Software: 251 Legitimates Filtered in 00mn 01s




---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 05/05/2014 - 20:22:52 - [] ----D C:\Program Files (x86)\Houaiss

O43 - CFD: 12/02/2014 - 21:05:39 - [] ----D C:\Program Files (x86)\PluginLetras

O43 - CFD: 12/04/2014 - 18:33:31 - [] ----D C:\Users\pandora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123

~ Program Folder: 174 Legitimates Filtered in 00mn 01s




---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.7518640D625C38F2494A277C6E75FA44] - 08/05/2014 - 02:40:47 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser

O44 - LFC:[MD5.9D6DF4E1F76683C6CD8A9D0F6902CD21] - 09/05/2014 - 06:13:29 ---A- . (...) -- C:\IFRToolLog.txt [354]

O44 - LFC:[MD5.2FB7FD5D1927379F3DEFB356BA5CD812] - 12/05/2014 - 12:26:06 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [154608]

O44 - LFC:[MD5.AC3A8A13D93EFCA5D75D59E636C50923] - 12/05/2014 - 12:26:06 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [762816]

O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 12/05/2014 - 17:00:08 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]

O44 - LFC:[MD5.12C2400243FC89B994DCC29A52609024] - 12/05/2014 - 17:26:29 ---A- . (...) -- C:\zoek-results.log [22774]

~ Files: 21 Legitimates Filtered in 00mn 09s




---\\ Exportar a chave da aplicação autorizada (047)

O47 - AAKE:Key Export SP - "C:\Level Up! Games\Combat Arms\CombatArms.exe" [Enabled] .(.Nexon.) -- C:\Level Up! Games\Combat Arms\CombatArms.exe

O47 - AAKE:Key Export SP - "C:\Level Up! Games\Combat Arms\Engine.exe" [Enabled] .(.Nexon.) -- C:\Level Up! Games\Combat Arms\Engine.exe

O47 - AAKE:Key Export DP - "C:\Level Up! Games\Combat Arms\CombatArms.exe" [Enabled] .(.Nexon.) -- C:\Level Up! Games\Combat Arms\CombatArms.exe

O47 - AAKE:Key Export DP - "C:\Level Up! Games\Combat Arms\Engine.exe" [Enabled] .(.Nexon.) -- C:\Level Up! Games\Combat Arms\Engine.exe

~ Keys Export: 4 Legitimates Filtered in 00mn 00s




---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1

~ MWPS: 21 Legitimates Filtered in 00mn 00s




---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1

~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s




---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:23/04/2014 - 21:49:38 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software

O58 - SDL:23/04/2014 - 21:49:38 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software

O58 - SDL:23/04/2014 - 21:49:38 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software

O58 - SDL:08/05/2014 - 02:40:47 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser

O58 - SDL:27/07/2012 - 09:00:03 ---A- . (.Windows ® Win 7 DDK provider - HID Radio Switch mini driver for USB Fx2 Device.) -- C:\Windows\System32\Drivers\RadioHIDMini.sys [23408]

O58 - SDL:28/10/2013 - 00:12:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [107288]

O58 - SDL:28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]

O58 - SDL:28/10/2013 - 00:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [204568]

O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]

~ Drivers: 69 Legitimates Filtered in 00mn 09s




---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s




---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s




---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s




---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s




---\\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{34238BAC-4155-4A6D-9A9D-6CE2D061AA91}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\pandora\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

O87 - FAEL: "{3AF2F5D3-A61B-4E74-9082-FE5888643B99}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\pandora\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ Firewall: 2 Legitimates Filtered in 00mn 03s




---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)

[MD5.FEBBCDFF047D0D0F3EA4CFF99F10BFF5] [WIS][17/08/2013] (.ReSoft Ltd. - Snap.Do.) -- C:\Windows\Installer\e7fdd.msi [9084928] =>Hijacker.SmartBar

~ WIS: 1 Legitimates Filtered in 00mn 05s




---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SS - | Demand 09/08/2013 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe

SS - | Auto 18/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 18/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 10/12/2012 803872 | (Intel® Capability Licensing Service TCP IP Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

SS - | Demand 28/02/2014 174368 | (iumsvc) . (...) - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe

SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 26/01/2013 172104 | (AdobeActiveFileMonitor11.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

SR - | Auto 24/01/2013 227456 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

SR - | Auto 23/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

SR - | Auto 31/01/2013 1594416 | (Easy Launcher) . (.Samsung Electronics CO., LTD..) - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

SR - | Auto 10/12/2012 732160 | (Intel® Capability Licensing Service Interface) . (.Intel® Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe

SR - | Auto 14/01/2013 131032 | (Intel® ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

SR - | Demand 16/08/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe

SR - | Auto 14/01/2013 165336 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

SR - | Auto 14/01/2013 279000 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

SR - | Auto 21/10/2013 3018800 | (SWUpdateService) . (.Samsung Electronics CO., LTD..) - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

SR - | Auto 14/01/2013 366040 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe

SR - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 24/01/2013 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

~ Services: Scanned in 00mn 14s




---\\ Scâner Aditional (088)

Database Version : 13045 - (12/05/2014)

Clés trouvées (Keys found) : 2

Valeurs trouvées (Values found) : 4

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 6


[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^

C:\Users\pandora\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^

[HKCU\Software\Baidu Security] =>Adware.BDSearch^

[HKLM\Software\Baidu Security] =>Adware.BDSearch^

[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^

C:\Windows\Installer\e7fdd.msi =>Hijacker.SmartBar^

C:\Windows\KMSEmulator.exe =>Hijacker.Windows

~ Additionnel Scan: 384409 Items scanned in 01mn 29s




---\\ Sumário das deteções encontradas na sua estação







~ MSI: 6 link(s) detected in 00mn 00s




~ 723 Legitimates filtered by white list

End of the scan (449 lines in 03mn 39s)(0)

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_______________________________________________________________________________________

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Power Max    54

Power Max
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito