Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35074 mensagens em 3551 assuntos
Últimos assuntos
» Computador travando direto
por joram Ontem à(s) 16:50

Quem está conectado
2 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 2 Visitantes

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


Remoção da extensão UTAdRemovalApp 2.0

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Muitas Dúvidas em Sex 02 Maio 2014, 00:41

Bom, meu PC está uma bagaça, estou tentando ao máximo possível concerta o que for possível. Sempre usei o Yahoo para tirar dúvidas, mas nem sempre conseguia respostas. Um usuário me indicou o fórum, e cá estou eu.

Sobre o problema:

Baixei algum programa e esse programa trouxe a extensão UoTAdRiemoValApP 2.0 para o meu PC. Essa extensão encheu meu PC de propagandas e deixou-o lerdo. Dei uma pesquisada para saber mais sobre a extensão e descobri que é desses programas colocados por Hackers no seu PC.

Outra coisa, do lado da extensão vai estar escrito ''Ativada. Instalada pela política empresarial.'' E não da para excluí-la.

É isso, gostaria de tirá-la do meu PC. Sem que eu precise formata o computador!
avatar
Muitas Dúvidas
Iniciante
Iniciante

Mensagens : 14
Reputação : 1
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Power Max em Sex 02 Maio 2014, 10:01

   Olá.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Muitas Dúvidas em Sex 02 Maio 2014, 14:21

Aqui o relatório:

# AdwCleaner v3.205 - Relatório criado 02/05/2014 às 13:59:47
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium  (32 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : iSafeKrnl
Serviço Deletada : iSafeNetFilter
[#] Serviço Deletada : iSafeService

***** [ Arquivos / Pastas ] *****

[!] Pasta Deletada : C:\Program Files\iSafe
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\1H1Q
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\Extensions\quick_start@gmail.com
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\Extensions\faoeou@eau-.net
Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbidhpngejjicedjgbojnmgknhnmnpgi
[!] Pasta Deletada : C:\Program Files\iSafe
[!] Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
[!] Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbidhpngejjicedjgbojnmgknhnmnpgi
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\awesomehp.xml
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\searchplugins\Mysearchdial.xml
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\user.js
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx
Arquivo Deletada : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\awesomehp.xml
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\searchplugins\Mysearchdial.xml

***** [ Atalhos ] *****


***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{979F9A62-63A0-4E7C-AAB4-0750DEDEBBA1}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{979F9A62-63A0-4E7C-AAB4-0750DEDEBBA1}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E25C1B6C-6182-3927-0535-867DA4E8FC7F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E25C1B6C-6182-3927-0535-867DA4E8FC7F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E25C1B6C-6182-3927-0535-867DA4E8FC7F}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E25C1B6C-6182-3927-0535-867DA4E8FC7F}
Chave Deletedo : HKCU\Software\V9
Chave Deletedo : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chave Deletedo : HKLM\Software\awesomehpSoftware
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Chave Deletedo : HKLM\Software\iSafe

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16514

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (pt-BR)

[ Arquivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js ]

Linha deletada : user_pref("aol_toolbar.default.homepage.check", false);
Linha deletada : user_pref("aol_toolbar.default.search.check", false);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Linha deletada : user_pref("extensions.NxKT1jWZa.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"[...]
Linha deletada : user_pref("extensions.Ou2Ed.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1[...]
Linha deletada : user_pref("extensions.enabledAddons", "%7BF17C1572-C9EC-4e5c-A542-D05CBB5C5A08%7D:10.0.5.1,daplinkchecker%40speedbit.com:1.0.1.8,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0");
Linha deletada : user_pref("extensions.mysearchdial.AL", 2);
Linha deletada : user_pref("extensions.mysearchdial.aflt", "dsites0301");
Linha deletada : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Linha deletada : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0DtDyCyDyDtAtG0DyD0DzytGy[...]
Linha deletada : user_pref("extensions.mysearchdial.cr", "854936854");
Linha deletada : user_pref("extensions.mysearchdial.dfltLng", "");
Linha deletada : user_pref("extensions.mysearchdial.dfltSrch", true);
Linha deletada : user_pref("extensions.mysearchdial.dnsErr", true);
Linha deletada : user_pref("extensions.mysearchdial.excTlbr", false);
Linha deletada : user_pref("extensions.mysearchdial.hmpg", true);
Linha deletada : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCt[...]
Linha deletada : user_pref("extensions.mysearchdial.id", "6466B300D2E5E84D");
Linha deletada : user_pref("extensions.mysearchdial.instlDay", "16133");
Linha deletada : user_pref("extensions.mysearchdial.instlRef", "0211_a");
Linha deletada : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBt[...]
Linha deletada : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Linha deletada : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Linha deletada : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Linha deletada : user_pref("extensions.mysearchdial.tlbrId", "base");
Linha deletada : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDt[...]
Linha deletada : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Linha deletada : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Linha deletada : user_pref("extensions.mysearchdial_i.newTab", false);
Linha deletada : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Linha deletada : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.00:29:16");
Linha deletada : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Linha deletada : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : cekcjpgehmohobmdiikfnopibipmgnml
Deletedo [Extension] : fbidhpngejjicedjgbojnmgknhnmnpgi
Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [9899 octets] - [02/05/2014 13:57:45]
AdwCleaner[R1].txt - [10527 octets] - [02/05/2014 13:58:28]
AdwCleaner[S0].txt - [10075 octets] - [02/05/2014 13:59:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10136 octets] ##########
avatar
Muitas Dúvidas
Iniciante
Iniciante

Mensagens : 14
Reputação : 1
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Power Max em Sex 02 Maio 2014, 14:36

Faça o download do Malwarebytes em um destes links abaixo:
[Você precisa estar registrado e conectado para ver este link.]
[Você precisa estar registrado e conectado para ver este link.]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Muitas Dúvidas em Sex 02 Maio 2014, 16:12

Malwarebytes Anti-Malware
[Você precisa estar registrado e conectado para ver este link.]

Data de Verificação: 02/05/2014
Hora da Verificação: 16:00:03
Logfile: LOG.txt
Administrador: Sim

Versão: 2.00.1.1004
Malware Database: v2014.05.02.10
Rootkit Database: v2014.03.27.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Chameleon: Desabilitado

OS: Windows 7
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Usuario

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 339081
Tempo Decorrido: 1 hr, 3 min, 52 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 22
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{920A4C19-53FB-38A8-BC00-B9F37CA70339}, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{920A4C19-53FB-38A8-BC00-B9F37CA70339}, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\BiutSAver.BiutSAver, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\BiutSAver.BiutSAver.5.1, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1574201965-1944898624-3258338672-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{920A4C19-53FB-38A8-BC00-B9F37CA70339}, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1574201965-1944898624-3258338672-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{920A4C19-53FB-38A8-BC00-B9F37CA70339}, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{920A4C19-53FB-38A8-BC00-B9F37CA70339}, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{920A4C19-53FB-38A8-BC00-B9F37CA70339}\INPROCSERVER32, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}, Quarantined, [ffa361eb12692a0c184268df07fa36ca],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickCtrl.9, Quarantined, [5052341877049e985bd460519073ac54],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, Quarantined, [b3ef113b2e4d0234e7480da4649ffc04],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.Update3WebControl.3, Quarantined, [f9a9e5677b004aecf837a30e17ec837d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, Quarantined, [dfc3f9533843d95db778892825de6f91],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, Quarantined, [a7fb0a427407b2842f002a8746bdc23e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [554da4a8b8c35ed817185958917224dc],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [6042103c58232c0af33c5b5661a27c84],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [dac88fbd5b20f046939cbff2be45f20e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, Quarantined, [8220e765ec8fdd5931fe446d8281c040],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, Quarantined, [d7cb8fbdfe7dee4806293c753fc4b14f],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, Quarantined, [683a9cb04b30af8762cdad0411f249b7],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [1b87ea626714ea4c9996ab06857eba46],
PUP.Optional.BeatTool.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update BeatTool, Quarantined, [5a4868e4ccafa690b511126dbe44c33d],

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 5
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\content, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\content\images, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\defaults, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\defaults\preferences, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],

Arquivos: 50
PUP.Optional.MultiPlug.A, C:\ProgramData\BitSAVer\gtJ.dll, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, C:\Program Files\surf aand keep\MpIFdlJIO2.dll, Quarantined, [871be369f388ee4870eabb8c8180e31d],
PUP.Optional.MultiPlug.A, C:\Program Files\surf aand keep\MpIFdlJIO2.x64.dll, Quarantined, [efb30e3e4f2cef47ee6ce06727da38c8],
PUP.Optional.MultiPlug.A, C:\ProgramData\BitSAVer\gtJ.exe, Quarantined, [ffa361eb12692a0c184268df07fa36ca],
Rootkit.0access, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini, Quarantined, [f5ad0d3fbbc07cba6955089827d910f0],
PUP.Optional.BeatTool.A, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RI1UHGB\Setup[1].exe, Quarantined, [b2f095b7304bc5714f7d9acb7b863ec2],
PUP.Optional.Amonetize.A, C:\Users\Usuario\AppData\Local\Temp\Launcher__4051_il604.exe, Quarantined, [9b07dc7096e52313e17b8eae808012ee],
PUP.Optional.ToolBarInstaller.A, C:\Users\Usuario\AppData\Local\Temp\130214_p.exe, Quarantined, [822059f3b0cb95a19dfe9777c53f9967],
PUP.Optional.BeatTool.A, C:\Users\Usuario\AppData\Local\Temp\130214_t.exe, Quarantined, [dbc766e6384377bf16493eee689c3dc3],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Local\Temp\130214_y.exe, Quarantined, [bfe35defd2a956e0cdc9182758a914ec],
PUP.Optional.InstallCore, C:\Users\Usuario\Downloads\Programas\ccleaner-4114619-32-bits.exe, Quarantined, [980a0448ee8d15211be32cf9d62ee61a],
PUP.Optional.InstallCore, C:\Users\Usuario\Downloads\Programas\download-accelerator-plus-10053-32-bits.exe, Quarantined, [c5ddbf8d067585b18220719422e2ee12],
PUP.Optional.Rapiddown, C:\Users\Usuario\Downloads\Programas\Media Player Classic - Home Cinema.exe, Quarantined, [f6ac2725df9c39fdc2c445f4f40c28d8],
PUP.Optional.Rapiddown, C:\Users\Usuario\Downloads\Programas\Revo Uninstaller.exe, Quarantined, [445e2b216e0dfc3a2a5c58e11ae67090],
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\searchplugins\Mysearchdial.xml, Quarantined, [bde5de6e611a0f2772f9146dcf339f61],
PUP.Optional.Awesomehp.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\awesomehp.xml, Quarantined, [3072b498d1aa01351aae9aee34ce9c64],
PUP.Optional.MindSpark.A, C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zwinky.dl.tb.ask.com_0.localstorage, Quarantined, [782a09432a51d95dbdeb17a7f80b6d93],
PUP.Optional.MindSpark.A, C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zwinky.dl.tb.ask.com_0.localstorage-journal, Quarantined, [772bd07c5d1e78bea7014e7050b3837d],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\chrome.manifest, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\install.rdf, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\content\savesense.xul, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\content\images\icon32.png, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\defaults\preferences\defaults.js, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.AL", 2)Wink, Replaced,[8c16470542391f17e213aeb515efad53]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "dsites0301")Wink, Replaced,[2181af9d661573c3d5203e2504000df3]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}")Wink, Replaced,[b5ed70dc56255fd74fa6c59e7292f30d]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0DtDyCyDyDtAtG0DyD0DzytGyEzzyEzytGtC0C0D0AtGtBzyyD0C0EyDtBzyyDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEyEzy0FtD0FtGtAzy0B0FtG0CtDtBzztGtBzzyD0DtGtCtA0CyEyC0BzyyCyByCtDyC2Q")Wink, Replaced,[742e5bf1d5a68da9b63f4d16b054a65a]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cr", "854936854")Wink, Replaced,[3a687ece2a514ee84da8392a5fa511ef]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltLng", "")Wink, Replaced,[861c58f47407cc6a9461f56ecf3544bc]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true)Wink, Replaced,[e1c14b010f6c0d2935c09dc641c3e41c]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dnsErr", true)Wink, Replaced,[534f82caa1da88ae17de91d2df2537c9]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.excTlbr", false)Wink, Replaced,[a6fcf3596e0dea4c609592d13dc7df21]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true)Wink, Replaced,[02a0d8747dfeef4744b1372cea1a6898]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0DtDyCyDyDtAtG0DyD0DzytGyEzzyEzytGtC0C0D0AtGtBzyyD0C0EyDtBzyyDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEyEzy0FtD0FtGtAzy0B0FtG0CtDtBzztGtBzzyD0DtGtCtA0CyEyC0BzyyCyByCtDyC2Q&cr=854936854&ir=")Wink, Replaced,[d4ce8ac2adce90a6cb2a085bec18a45c]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.id", "6466B300D2E5E84D")Wink, Replaced,[673b58f40d6e2e08a055f27126de2ed2]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlDay", "16133")Wink, Replaced,[2b771b316219ff377e77f96ae2229d63]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlRef", "0211_a")Wink, Replaced,[7b27d775097283b39461560d8c7854ac]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0DtDyCyDyDtAtG0DyD0DzytGyEzzyEzytGtC0C0D0AtGtBzyyD0C0EyDtBzyyDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEyEzy0FtD0FtGtAzy0B0FtG0CtDtBzztGtBzzyD0DtGtCtA0CyEyC0BzyyCyByCtDyC2Q&cr=854936854&ir=")Wink, Replaced,[c8da5fed512a3afc31c4c2a1768e27d9]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prdct", "mysearchdial")Wink, Replaced,[faa8ee5ea1da52e48471d192d232ab55]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial")Wink, Replaced,[9c066be199e270c6668fcb98d0348878]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial")Wink, Replaced,[8c165eee2c4f1422b63fb1b28f75aa56]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrId", "base")Wink, Replaced,[dbc7ea622853d1651dd8afb44cb851af]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0DtDyCyDyDtAtG0DyD0DzytGyEzzyEzytGtC0C0D0AtGtBzyyD0C0EyDtBzyyDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEyEzy0FtD0FtGtAzy0B0FtG0CtDtBzztGtBzzyD0DtGtCtA0CyEyC0BzyyCyByCtDyC2Q&cr=854936854&ir=&q=")Wink, Replaced,[2f730943ee8daf8728cd91d2db2958a8]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsn", "1.8.29.0")Wink, Replaced,[01a1cb810b70d462f0052b388d773fc1]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsni", "1.8.29.0")Wink, Replaced,[cdd5b6962f4c75c185706af9d72dcb35]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.newTab", false)Wink, Replaced,[3072d37985f60a2c52a3f271030104fc]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.smplGrp", "none")Wink, Replaced,[b7eb8ebe7209ed49995c3c27d33131cf]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.00:29:16")Wink, Replaced,[346ed874b2c99c9a44b1ee7527dd5ea2]
PUP.Optional.Babylon.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkDS", 0)Wink, Replaced,[0c961b3186f5f83e10ee214237cd827e]
PUP.Optional.Babylon.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkHmpg", 0)Wink, Replaced,[960c3a12b1ca9f97dc224d167490e31d]

Physical Sectors: 0
(No malicious items detected)


(end)
avatar
Muitas Dúvidas
Iniciante
Iniciante

Mensagens : 14
Reputação : 1
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Power Max em Sex 02 Maio 2014, 16:15

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Muitas Dúvidas em Sex 02 Maio 2014, 17:08

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Usuario on 02/05/2014 at 16:37:25,24.
Microsoft Windows 7 Home Premium  6.1.7600  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\AppData\Local\Temp\Rar$DIa0.112\zoek.scr    [Scan all users] [Script inserted]

==== System Restore Info ======================

02/05/2014 16:39:22 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeNetFilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iSafeNetFilter deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js:
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("browser.startup.homepage", "about:blank");
user_pref("browser.search.defaulturl", "");
user_pref("browser.newtab.url", "about:blank");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default

user.js not found
---- Lines speedbit modified from prefs.js ----

user_pref("extensions.enabledAddons", "%7BF17C1572-C9EC-4e5c-A542-D05CBB5C5A08%7D:10.0.5.1,daplinkchecker%40speedbit.com:1.0.1.8,%7B972ce4c6-7e08-4474
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So
---- Lines mysearch removed from prefs.js ----
user_pref("extensions.irmysearch.aflt", "dsites0301");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1
user_pref("extensions.irmysearch.cr", "854936854");
user_pref("extensions.irmysearch.instlRef", "0211_a");
---- Lines Sweet removed from prefs.js ----
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines extensions.NxKT1jWZa removed from prefs.js ----
user_pref("extensions.NxKT1jWZa.epoch", "1398771322");
user_pref("extensions.NxKT1jWZa.url", "http://driverguidemy.ru/sync2/?q=hfZ9oehMDdnMCyVUojaMg708BNmGWj8ckShGheDUojw9rdsFrjwEqjw8rGhIC7n0rjnEqds5rjwHqj
---- Lines extensions.Ou2Ed removed from prefs.js ----
user_pref("extensions.Ou2Ed.epoch", "1398771323");
user_pref("extensions.Ou2Ed.url", "http://skyfunnjobbest.info/sync2/?q=hfZ9ofhMWdsMCyVUojaMg708BNmGWj8ckShGheDUojwHrjsHrjaEqdgHqihIC7n0rjnEqds5rjwHqdw
---- FireFox user.js and prefs.js backups ----

prefs_052014_1656_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\gofdnhpakeadndlaofpilojffblehfjo deleted
C:\Users\Usuario\AppData\LocalLow\{920A4C19-53FB-38A8-BC00-B9F37CA70339} deleted
C:\Users\Usuario\AppData\LocalLow\{B96CF689-1852-9937-232D-8EB440A40BCC} deleted
C:\Users\Usuario\AppData\LocalLow\{E25C1B6C-6182-3927-0535-867DA4E8FC7F} deleted
C:\PROGRA~2\85d94afb08148879 deleted
C:\PROGRA~2\BitSAVer deleted
C:\Program Files\surf aand keep deleted
C:\Program Files\Common Files\SpeedBit deleted
C:\Users\Usuario\AppData\Roaming\iSafe deleted
C:\PROGRA~2\SpeedBit deleted
C:\PROGRA~2\InstallMate deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC deleted
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\firefox@mega.co.nz.xpi deleted
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\vlp_480@uo-e.com deleted
"C:\PROGRA~2\fbidhpngejjicedjgbojnmgknhnmnpgi\fbidhpngejjicedjgbojnmgknhnmnpgi.crx" deleted
"C:\PROGRA~2\fbidhpngejjicedjgbojnmgknhnmnpgi\update.xml" deleted
"C:\Program Files\iSafe\iSafeRKScanShell.dll" deleted
"C:\Program Files\iSafe\msvcr110.dll" deleted
"C:\Program Files\iSafe\sqlite3.dll" deleted
"C:\PROGRA~2\fbidhpngejjicedjgbojnmgknhnmnpgi" deleted
"C:\Program Files\iSafe" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"daplinkchecker@speedbit.com"="C:\Program Files\DAP\daplinkchecker" [08/11/2013 03:13]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}"="C:\Program Files\DAP\DAPFireFox" [08/11/2013 03:13]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default
- Download Accelerator Plus DAP extension - C:\Program Files\DAP\DAPFireFox
- DAP Link Checker - C:\Program Files\DAP\daplinkchecker

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default
C36444D7301A8C881FC7296B092609C7 - C:\Users\Usuario\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
8E151A2A185DAF9852322028ABE55534 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll - Silverlight Plug-In
8B93EF56BEF58F2EB6B6D92B57715131 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrlui.dll - Microsoft (R) Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ffdcfjdljhbehggjdkdioajnknjcpbjb - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx[21/05/2013 09:32]

Download Accelerator Plus (DAP) - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Flash Video Downloader - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcemfkdllcgnkeljaickakjlfdbcgadf

==== Chrome Fix ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_online.babylon.com_0.localstorage deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_online.babylon.com_0.localstorage-journal deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcemfkdllcgnkeljaickakjlfdbcgadf deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gcemfkdllcgnkeljaickakjlfdbcgadf_0.localstorage deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gcemfkdllcgnkeljaickakjlfdbcgadf_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}"
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google  Url="http://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Usuario\Desktop\Adobe Photoshop CS4.lnk - C:\Program Files\Adobe\Adobe Photoshop CS4\Required\Droplet Template.exe
C:\Users\Usuario\Desktop\Download Accelerator Plus (DAP).lnk - C:\Program Files\DAP\DAP.exe
C:\Users\Usuario\Desktop\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Usuario\Desktop\Google Chrome.lnk - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Usuario\Desktop\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Usuario\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Usuario\Desktop\Miniaurélio.lnk -  
C:\Users\Usuario\Desktop\My DAP Downloads.lnk - C:\Users\Usuario\Downloads
C:\Users\Usuario\Desktop\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Usuario\Desktop\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -  
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\mIRC.lnk - C:\Program Files\mIRC\mirc.exe
C:\Users\Public\Desktop\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8  
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\SlimDrivers.lnk - C:\Windows\Installer\{A5457401-D56A-43F2-9524-78E54A7FC07A}\Icon.exe
C:\Users\Public\Desktop\YAC.lnk - C:\Program Files\iSafe\iStart.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC\IRCIntro Help.lnk - C:\Program Files\mIRC\ircintro.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC\mIRC Help.lnk - C:\Program Files\mIRC\mirc.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC\mIRC.lnk - C:\Program Files\mIRC\mirc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC\Readme.txt.lnk - C:\Program Files\mIRC\readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC\Versions.txt.lnk - C:\Program Files\mIRC\versions.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Nero ProductSetup.lnk - C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe -ScParameter=8  MODE="update"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Compartilhar\Nero MediaHome.lnk - C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\dados\Nero BackItUp.lnk - C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\dados\Nero Burning ROM.lnk - C:\Program Files\Nero\Nero 7\Core\nero.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\dados\Nero Express.lnk - C:\Program Files\Nero\Nero 7\Core\nero.exe -ScParameter=8  /w
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Etiquetas\Nero CoverDesigner.lnk - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Ferramentas\Nero BurnRights.lnk - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Ferramentas\Nero CD-DVD Speed.lnk - C:\Program Files\Nero\Nero 7\Nero Toolkit\CDSpeed.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Ferramentas\Nero DriveSpeed.lnk - C:\Program Files\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Ferramentas\Nero InfoTool.lnk - C:\Program Files\Nero\Nero 7\Nero Toolkit\InfoTool.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Ferramentas\Nero Scout.lnk - C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Foto e Vídeo\Nero PhotoSnap Viewer.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Foto e Vídeo\Nero PhotoSnap.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Foto e Vídeo\Nero Recode.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Foto e Vídeo\Nero Vision.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Adobe Premiere Plug-In [Inglês].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero BackItUp [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Burn Plug-in (for MCE) [Manual em inglês].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero BurnRights [Ajuda em inglês].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero CD-DVD Speed [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero CoverDesigner [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Express [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Home [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero MediaHome [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero MediaStreaming Plug-in (for MCE) [Manual em inglês].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Mobile [Manual em inglês].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero PhotoSnap [Ajuda em inglês].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Recode [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero ShowTime [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero SoundTrax [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero StartSmart [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Vision [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero WaveEditor [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Tocar\Nero Mobile.lnk - C:\Program Files\Nero\Nero 7\Nero Mobile\SetupNeroMobile.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Tocar\Nero ShowTime.lnk - C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\áudio\Nero Burning ROM.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\áudio\Nero Express.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\áudio\Nero SoundTrax.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\áudio\Nero WaveEditor.lnk -  

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8  
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Limpa profundamente arquivos de Spam.lnk - C:\Program Files\iSafe\iStart.exe -divertop -param0=9 -param1=0 -param2=1
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk - C:\Program Files\iSafe\iStart.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck deleted successfully

==== Empty IE Cache ======================

C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JID7W13M will be deleted at reboot
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Usuario\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Usuario\AppData\Local\Mozilla\Firefox\Profiles\7s9gfw7g.default\Cache will be emptied at reboot

==== Empty Chrome Cache ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1783 folders=217 280483122 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Usuario\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Usuario\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Usuario\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\iSafe"  not found
"C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JID7W13M" not found

==== EOF on 02/05/2014 at 17:05:01,82 ======================
avatar
Muitas Dúvidas
Iniciante
Iniciante

Mensagens : 14
Reputação : 1
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Power Max em Sex 02 Maio 2014, 17:11

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Muitas Dúvidas em Sex 02 Maio 2014, 17:30

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Usuario on 02/05/2014 at 17:23:29,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Usuario\AppData\Roaming\mozilla\firefox\profiles\7s9gfw7g.default\prefs.js

user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
Emptied folder: C:\Users\Usuario\AppData\Roaming\mozilla\firefox\profiles\7s9gfw7g.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/05/2014 at 17:28:59,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
Muitas Dúvidas
Iniciante
Iniciante

Mensagens : 14
Reputação : 1
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Power Max em Sex 02 Maio 2014, 17:31

Faça o download do < ZHPDiag2.exe > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Muitas Dúvidas em Sex 02 Maio 2014, 17:56

~ Relatório do ZHPDiag v2014.5.1.49 - Nicolas Coolman  (01/05/2014)
~ Iniciado por Usuario (02/05/2014 17:51:48)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 32-bit  (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.10

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 51 GB (21%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 51 Go of 233 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 45 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C8ADAA6948993D839D14524847EA5B75] - (.Microsoft Corporation - Internet Extensions para Win32.) (.07/11/2013 - 14:59:57.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/336
~ Mes musiques (My Musics) : 47/368
~ Mes Videos (My Videos) : 1/19
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/133
~ Mon Bureau (My Desktop) : 0/40
~ Menu demarrer (Programs) : 1/31
~ Hidden Files:  Scanned in 00mn 01s



---\\ Processos lançados
[MD5.094A47AB1D4966C8CD318AD7EB1521A6] - (.SlimWare Utilities, Inc. - SlimDrivers.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe   [29395264] [PID.2232]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [4858968] [PID.3600]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [254336] [PID.3712]
[MD5.6641B633A0A2618BC3739E0DCD6E1B9B] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe   [138808] [PID.3792]
[MD5.1B06D4DF241484C193CFDD89FB21E19A] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe   [172088] [PID.3860]
[MD5.B0010C958505273A76FAE4A089E1AACE] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe   [173624] [PID.3892]
[MD5.6E178947225BCAF1B727C80476C1425D] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe   [12013272] [PID.4048]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   [959904] [PID.4056]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe   [116648] [PID.2584]
[MD5.B141F8F8B0FF37FFC51F9B71EE7A641B] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   [19875432] [PID.2284]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe   [507264] [PID.1732]
[MD5.3F73B87BEC17FFF232B4A511A76F8606] - (.MPC-HC Team - MPC-HC.) -- C:\Program Files\MPC-HC\mpc-hc.exe   [8935232] [PID.2908]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe   [863184] [PID.2216]
[MD5.C6FD6C175276637C5D6F6EA293137F5E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7867904] [PID.1100]
~ Processes Running:  Scanned in 00mn 03s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [ffdcfjdljhbehggjdkdioajnknjcpbjb] Download Accelerator Plus (DAP) v.2.1.0.1, (Désactivé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: YAC.lnk . (...)  -- C:\Program Files\iSafe\iStart.exe (.not file.)  =>Trojan.Staser
~ Global Startup: 1 Legitimates Filtered in 00mn 03s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [DownloadAccelerator] . (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1574201965-1944898624-3258338672-1000\..\Run: [DownloadAccelerator] . (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe
O4 - HKUS\S-1-5-21-1574201965-1944898624-3258338672-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1574201965-1944898624-3258338672-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll  =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll  =>.Microsoft Corporation
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: NameServer = 192.168.254.254,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{D60C2E4F-5471-4D50-9E38-84F49E654E55}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: NameServer = 192.168.254.254,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{D60C2E4F-5471-4D50-9E38-84F49E654E55}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: NameServer = 192.168.254.254,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{D60C2E4F-5471-4D50-9E38-84F49E654E55}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{9FCF86AF-57D5-49E3-AF38-F0EBD2222F27}] (...) -- C:\Users\Usuario\AppData\Roaming\awesomehp\UninstallManager.exe (.not file.)   [0]  =>PUP.Awesomehp
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core   [1034]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA   [1086]
O39 - APT:  - (..) -- C:\Windows\Tasks\SlimDrivers Startup.job   [390]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\SlimDrivers Startup   [390]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 04s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (iSafeKrnlKit) . (. - .) - C:\Program Files\iSafe\iSafeKrnlKit.sys (.not file.)  =>Trojan.Staser
~ Drivers: 66 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Codec 8.4f - (...) [HKLM] -- Codec_is1
O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM] -- Download Accelerator Plus (DAP)
~ Logic: 5 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\SpeedBit]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\SpeedBit]
~ Key Software: 214 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/03/2014 - 21:44:43 - [] ----D C:\Program Files\Baidu Security  =>Adware.BDSearch
O43 - CFD: 04/03/2014 - 00:36:05 - [] ----D C:\Program Files\Codec
O43 - CFD: 07/11/2013 - 15:16:38 - [] ----D C:\Program Files\DICIONARIO MiniAurelio Nova Ortografia
O43 - CFD: 04/03/2014 - 21:44:43 - [] ----D C:\ProgramData\Baidu Security  =>Adware.BDSearch
O43 - CFD: 09/04/2014 - 12:49:07 - [0] ----D C:\ProgramData\UoTAdRiemoValApP  =>PUP.RandomName
~ Program Folder: 153 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 02/05/2014 - 13:58:18 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll   [536576]
O44 - LFC:[MD5.53D2A391D874154326EEC3B778770D5C] - 02/05/2014 - 16:07:07 ---A- . (...) -- C:\LOG.txt   [17048]
O44 - LFC:[MD5.D22082B099ACF20E44AFCB9E2F9175BE] - 02/05/2014 - 17:02:29 ---A- . (...) -- C:\folders.txt   [84]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 02/05/2014 - 17:02:38 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.75A8EE6F0917AD9355367DBF25DB8415] - 02/05/2014 - 17:04:50 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys   [13464]
O44 - LFC:[MD5.BF10A345FE89F8D577719240F3256B48] - 02/05/2014 - 17:05:01 ---A- . (...) -- C:\zoek-results.log   [27689]
O44 - LFC:[MD5.703F8B6725269B3DCA76F2E3E5D3935C] - 02/05/2014 - 17:05:08 ---A- . (...) -- C:\Windows\System32\AutoKMS.log   [139469]  =>Trojan.Keygen
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 21/04/2014 - 23:07:00 ---A- . (...) -- C:\Windows\NeroDigital.ini   [69]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/04/2014 - 18:45:42 ---A- . (...) -- C:\Windows\Irremote.ini   [0]
O44 - LFC:[MD5.A6814842AD30E05FCCEF97C79895F500] - 22/04/2014 - 18:46:28 ---A- . (...) -- C:\Windows\System32\MsiExec.exe.log   [188]
O44 - LFC:[MD5.502C72805EDA405772C0D0F1AB334994] - 23/04/2014 - 07:20:06 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys   [38912]  =>Trojan.Staser
O44 - LFC:[MD5.12D71BD37BCEEA35B977F9E020C53841] - 30/04/2014 - 22:26:19 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [146512]
O44 - LFC:[MD5.2719BB30B547DC07B5160E345F51D983] - 30/04/2014 - 22:26:19 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [705786]
~ Files: 26 Legitimates Filtered in 00mn 34s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:09/05/2013 - 04:59:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [49376]  =>.ALWIL Software
O58 - SDL:07/11/2013 - 15:49:11 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum   [175]
O58 - SDL:07/11/2013 - 15:49:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum   [175]
O58 - SDL:07/11/2013 - 15:49:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [175176]  =>.ALWIL Software
O58 - SDL:07/11/2013 - 15:49:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum   [175]  =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:23/04/2014 - 07:20:06 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys   [38912]  =>Trojan.Staser
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:02/05/2014 - 17:04:50 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys   [13464]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
~ Drivers: 78 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML.EP5BKXLXAQ6LJPTK5F7RBSRQII>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome.EP5BKXLXAQ6LJPTK5F7RBSRQII> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\users\usuario\appdata\local\google\chrome\application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A43D98F5A2B54F22C2B8191CBF27B438] [WIS][31/03/2014] (.SaveSense - Google Update Helper.) -- C:\Windows\Installer\1c6f4e6.msi   [40960]  =>PUP.SaveSense
~ WIS: 1 Legitimates Filtered in 00mn 03s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\Mysearchdial_RASAPI32  =>Adware.MyWebSearch
HKLM\SOFTWARE\Microsoft\Tracing\Mysearchdial_RASMANCS  =>Adware.MyWebSearch
HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32  =>Adware.MyWebSearch
HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS  =>Adware.MyWebSearch
~ BTK: 249 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory)  =>PUP.SaveSense
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher)  =>PUP.SaveSense
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand)  =>PUP.SaveSense
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class)  =>PUP.SaveSense
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class)  =>PUP.SaveSense
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory)  =>PUP.SaveSense
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class)  =>PUP.SaveSense
~ BCK: 6895 Legitimates Filtered in 00mn 14s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/04/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 07/11/2013 654848 |  (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 30/03/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 08/04/2008 800040 |  (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 22/01/2008 275752 |  (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 21/06/2013 162408 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 03/09/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2013 46808 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 28/02/2006 229376 |  (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 19/12/2006 81920 |  (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\system32\IoctlSvc.exe
SR - | Auto 10/03/2010 189728 |  (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 17s



---\\ Scâner Aditional (088)
Database Version : 13045 - (01/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 3
Fichiers trouvés  (Files found) : 11

C:\Program Files\Baidu Security   =>Adware.BDSearch^
C:\ProgramData\Baidu Security   =>Adware.BDSearch^
C:\ProgramData\UoTAdRiemoValApP   =>PUP.RandomName^
[HKCU\Software\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Baidu Security]   =>Adware.BDSearch^
C:\Windows\Installer\1c6f4e6.msi   =>PUP.SaveSense^
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory)   =>PUP.SaveSense^
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher)   =>PUP.SaveSense^
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand)   =>PUP.SaveSense^
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class)   =>PUP.SaveSense^
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class)   =>PUP.SaveSense^
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory)   =>PUP.SaveSense^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class)   =>PUP.SaveSense^
C:\Windows\AutoKMS.exe   =>Trojan.Keygen
~ Additionnel Scan: 298446 Items scanned in 00mn 48s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.]  =>Trojan.Staser
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.Awesomehp
[Você precisa estar registrado e conectado para ver este link.]  =>Adware.BDSearch
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.SaveSense
[Você precisa estar registrado e conectado para ver este link.]  =>Adware.MyWebSearch
~ MSI: 5 link(s) detected in 00mn 00s



~ 675 Legitimates filtered by white list
End of the scan (462 lines in 02mn 41s)(0)
avatar
Muitas Dúvidas
Iniciante
Iniciante

Mensagens : 14
Reputação : 1
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Power Max em Sex 02 Maio 2014, 18:25

Acesse o site [Você precisa estar registrado e conectado para ver este link.] e envie este arquivo destacado em azul abaixo para ser analisado:
C:\Windows\System32\Drivers\iSafeKrnlBoot.sys

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

Analise arquivos e links suspeitos de forma online e totalmente gratuita

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Muitas Dúvidas em Sex 02 Maio 2014, 18:31

Link - [Você precisa estar registrado e conectado para ver este link.]
avatar
Muitas Dúvidas
Iniciante
Iniciante

Mensagens : 14
Reputação : 1
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Power Max em Sex 02 Maio 2014, 18:36

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Sab 03 Maio 2014, 21:52, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Muitas Dúvidas em Sex 02 Maio 2014, 18:42

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Usuario at 02/05/2014 18:40:29
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 32-bit  (Build 7600)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: iSafeKrnlKit
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Mysearchdial_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Mysearchdial_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
ELIMINÉ: HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
ELIMINÉ: HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
ELIMINÉ: HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
ELIMINÉ: HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
ELIMINÉ: HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
ELIMINÉ: HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
ELIMINÉ: HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
ELIMINÉ: Service: Bonjour Service

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\public\desktop\yac.lnk
ELIMINA REINICIAR: c:\program files\bonjour\mdnsresponder.exe
ELIMINÉ: C:\Windows\Installer\1c6f4e6.msi
ELIMINÉ Temporários windows (124) (1.994.059 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {9FCF86AF-57D5-49E3-AF38-F0EBD2222F27}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
15 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 48s

========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/05/2014 18:40:34 [2179]
avatar
Muitas Dúvidas
Iniciante
Iniciante

Mensagens : 14
Reputação : 1
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Power Max em Sex 02 Maio 2014, 18:49

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Muitas Dúvidas em Sab 03 Maio 2014, 19:04

Desculpa, não tinha percebido que ''tínhamos ido'' para a página 2.

Relatório:

~ Relatório do ZHPDiag v2014.5.1.49 - Nicolas Coolman  (01/05/2014)
~ Iniciado por Usuario (03/05/2014 19:01:37)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 32-bit  (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.10

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 54 GB (23%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 54 Go of 233 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified  =>Hijacker.Application
~ Security Center: 45 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C8ADAA6948993D839D14524847EA5B75] - (.Microsoft Corporation - Internet Extensions para Win32.) (.07/11/2013 - 14:59:57.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/336
~ Mes musiques (My Musics) : 47/368
~ Mes Videos (My Videos) : 1/19
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/132
~ Mon Bureau (My Desktop) : 0/39
~ Menu demarrer (Programs) : 1/31
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processos lançados
[MD5.094A47AB1D4966C8CD318AD7EB1521A6] - (.SlimWare Utilities, Inc. - SlimDrivers.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe   [29395264] [PID.360]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [4858968] [PID.2888]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [254336] [PID.3256]
[MD5.6641B633A0A2618BC3739E0DCD6E1B9B] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe   [138808] [PID.3428]
[MD5.1B06D4DF241484C193CFDD89FB21E19A] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe   [172088] [PID.3480]
[MD5.B0010C958505273A76FAE4A089E1AACE] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe   [173624] [PID.3544]
[MD5.6E178947225BCAF1B727C80476C1425D] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe   [12013272] [PID.3620]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   [959904] [PID.3628]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe   [116648] [PID.3820]
[MD5.B141F8F8B0FF37FFC51F9B71EE7A641B] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   [19875432] [PID.3836]
[MD5.173DB43DD48B60E6F61A54C88569026A] - (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe   [4110992] [PID.4036]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe   [507264] [PID.3448]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe   [863184] [PID.2028]
[MD5.C6FD6C175276637C5D6F6EA293137F5E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7867904] [PID.5312]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [ffdcfjdljhbehggjdkdioajnknjcpbjb] Download Accelerator Plus (DAP) v.2.1.0.1, (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 10s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} . (.Speedbit Ltd. - DAP Link Verification Extension.) -- C:\Program Files\DAP\LinkVerifier.dll
~ BHO: 2 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [DownloadAccelerator] . (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1574201965-1944898624-3258338672-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1574201965-1944898624-3258338672-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1574201965-1944898624-3258338672-1000\..\Run: [DownloadAccelerator] . (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll  =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll  =>.Microsoft Corporation
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: NameServer = 192.168.254.254,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{D60C2E4F-5471-4D50-9E38-84F49E654E55}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: NameServer = 192.168.254.254,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{D60C2E4F-5471-4D50-9E38-84F49E654E55}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: NameServer = 192.168.254.254,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{D60C2E4F-5471-4D50-9E38-84F49E654E55}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core   [1034]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA   [1086]
O39 - APT:  - (..) -- C:\Windows\Tasks\SlimDrivers Startup.job   [390]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\SlimDrivers Startup   [390]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 02s



---\\ Software instalados (042)
O42 - Logiciel: Codec 8.4f - (...) [HKLM] -- Codec_is1
O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM] -- Download Accelerator Plus (DAP)
~ Logic: 5 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\SpeedBit]
[HKLM\Software\SpeedBit]
~ Key Software: 212 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/03/2014 - 00:36:05 - [] ----D C:\Program Files\Codec
O43 - CFD: 07/11/2013 - 15:16:38 - [] ----D C:\Program Files\DICIONARIO MiniAurelio Nova Ortografia
O43 - CFD: 02/05/2014 - 20:59:32 - [] ----D C:\Program Files\Common Files\SpeedBit
O43 - CFD: 02/05/2014 - 20:59:34 - [] ----D C:\ProgramData\Speedbit
O43 - CFD: 02/05/2014 - 20:15:24 - [] ----D C:\Users\Usuario\AppData\Roaming\SpeedBit
~ Program Folder: 153 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 02/05/2014 - 13:58:18 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll   [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 02/05/2014 - 17:02:38 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.83E7F23B30989702637D764CDD2D1E30] - 02/05/2014 - 19:34:40 ---A- . (...) -- C:\ADS19BA.tmp   [2721]
O44 - LFC:[MD5.7D2448E9F834738D2E3B9D99851762A6] - 02/05/2014 - 19:34:40 ---A- . (...) -- C:\ADS19BB.tmp   [2592]
O44 - LFC:[MD5.815372073DA85B2098A37DED84083C8A] - 02/05/2014 - 20:35:23 ---A- . (...) -- C:\Windows\_MSRSTRT.EXE   [2560]
O44 - LFC:[MD5.45960B40C1ECB75ED5549A80049879E1] - 02/05/2014 - 20:59:27 ---A- . (.Jin Hui    E-mail: [Você precisa estar registrado e conectado para ver este link.]   We - Animation GIF Control.) -- C:\Windows\System32\AniGIF.ocx   [172032]
O44 - LFC:[MD5.75A8EE6F0917AD9355367DBF25DB8415] - 03/05/2014 - 13:57:07 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys   [13464]
O44 - LFC:[MD5.473F890FAAF843EF8B7BFC3F8379FE60] - 03/05/2014 - 13:58:42 ---A- . (...) -- C:\Windows\System32\AutoKMS.log   [140865]  =>Trojan.Keygen
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 21/04/2014 - 23:07:00 ---A- . (...) -- C:\Windows\NeroDigital.ini   [69]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/04/2014 - 18:45:42 ---A- . (...) -- C:\Windows\Irremote.ini   [0]
O44 - LFC:[MD5.A6814842AD30E05FCCEF97C79895F500] - 22/04/2014 - 18:46:28 ---A- . (...) -- C:\Windows\System32\MsiExec.exe.log   [188]
O44 - LFC:[MD5.502C72805EDA405772C0D0F1AB334994] - 23/04/2014 - 07:20:06 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys   [38912]  =>Trojan.Staser
O44 - LFC:[MD5.12D71BD37BCEEA35B977F9E020C53841] - 30/04/2014 - 22:26:19 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [146512]
O44 - LFC:[MD5.2719BB30B547DC07B5160E345F51D983] - 30/04/2014 - 22:26:19 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [705786]
~ Files: 27 Legitimates Filtered in 00mn 02s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:09/05/2013 - 04:59:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [49376]  =>.ALWIL Software
O58 - SDL:07/11/2013 - 15:49:11 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum   [175]
O58 - SDL:07/11/2013 - 15:49:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum   [175]
O58 - SDL:07/11/2013 - 15:49:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [175176]  =>.ALWIL Software
O58 - SDL:07/11/2013 - 15:49:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum   [175]  =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:23/04/2014 - 07:20:06 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys   [38912]  =>Trojan.Staser
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:03/05/2014 - 13:57:07 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys   [13464]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
~ Drivers: 78 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML.EP5BKXLXAQ6LJPTK5F7RBSRQII>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome.EP5BKXLXAQ6LJPTK5F7RBSRQII> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\users\usuario\appdata\local\google\chrome\application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys:  Scanned in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS  =>Trojan.Staser
~ BTK: 255 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/04/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 07/11/2013 654848 |  (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 30/03/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 08/04/2008 800040 |  (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 22/01/2008 275752 |  (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 21/06/2013 162408 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 03/09/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2013 46808 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 19/12/2006 81920 |  (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\system32\IoctlSvc.exe
SR - | Auto 10/03/2010 189728 |  (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 12s



---\\ Scâner Aditional (088)
Database Version : 13045 - (01/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 2

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified   =>Hijacker.Application^
C:\Windows\AutoKMS.exe   =>Trojan.Keygen
~ Additionnel Scan: 298119 Items scanned in 00mn 29s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.]  =>Trojan.Staser
~ MSI: 1 link(s) detected in 00mn 00s



~ 672 Legitimates filtered by white list
End of the scan (416 lines in 01mn 17s)(0)
avatar
Muitas Dúvidas
Iniciante
Iniciante

Mensagens : 14
Reputação : 1
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Power Max em Sab 03 Maio 2014, 19:22

 Baixe o Farbar Recovery Scan Tool e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

Analise importantes áreas do Windows com Farbar Recovery Scan Tool (versão 32 bits)

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta juntamente com o log do ZHPFix pedido abaixo. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).
_________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com os logs do Farbar pedidos acima.


Última edição por Power Max em Sab 03 Maio 2014, 19:49, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Muitas Dúvidas em Sab 03 Maio 2014, 19:42

FRST.txt :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014
Ran by Usuario (administrator) on USUARIO-PC on 03-05-2014 19:30:55
Running from C:\Users\Usuario\Downloads
Microsoft Windows 7 Home Premium  (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Você precisa estar registrado e conectado para ver este link.]
Download link for 64-Bit Version: [Você precisa estar registrado e conectado para ver este link.]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Você precisa estar registrado e conectado para ver este link.]

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Speedbit Ltd.) C:\Program Files\DAP\DAP.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(DsNET) C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(DsNET Corp.) C:\Program Files\DsNET Corp\aTube Catcher 2.0\eWorker.exe
() C:\Program Files\DsNET Corp\aTube Catcher 2.0\ffmpeg.dll


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12013272 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKU\S-1-5-21-1574201965-1944898624-3258338672-1000\...\Run: [Google Update] => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-07] (Google Inc.)
HKU\S-1-5-21-1574201965-1944898624-3258338672-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\S-1-5-21-1574201965-1944898624-3258338672-1000\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [4110992 2014-05-02] (Speedbit Ltd.)
HKU\S-1-5-21-1574201965-1944898624-3258338672-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Você precisa estar registrado e conectado para ver este link.]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9EBA13C4ECDBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Você precisa estar registrado e conectado para ver este link.]
BHO: SpeedBit Link Verification Helper - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: [NameServer]192.168.254.254,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default
FF NewTab: [Você precisa estar registrado e conectado para ver este link.]
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: [Você precisa estar registrado e conectado para ver este link.]
FF Keyword.URL: [Você precisa estar registrado e conectado para ver este link.]
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Usuario\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Usuario\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-07]
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2014-05-02]
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox [2014-05-02]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02]
CHR Extension: (Pesquisa do Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02]
CHR HKLM\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx [2014-05-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-11-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-11-07] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2013-11-07] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-05-03] ()
S3 iSafeKrnlBoot; \??\system32\DRIVERS\iSafeKrnlBoot.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-03 19:30 - 2014-05-03 19:31 - 00011114 _____ () C:\Users\Usuario\Downloads\FRST.txt
2014-05-03 19:30 - 2014-05-03 19:30 - 00000000 ____D () C:\FRST
2014-05-03 19:28 - 2014-05-03 19:29 - 01050624 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2014-05-03 19:02 - 2014-05-03 19:02 - 00027892 _____ () C:\Users\Usuario\Desktop\ZHPDiag.txt
2014-05-03 03:05 - 2014-05-03 03:16 - 598062619 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 08 - Blu-Ray 1080p.mkv
2014-05-03 02:39 - 2014-05-03 02:48 - 426982553 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 07 - Blu-Ray 1080p.mkv
2014-05-03 02:21 - 2014-05-03 02:36 - 756224304 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 06 - Blu-Ray 1080p.mkv
2014-05-03 01:54 - 2014-05-03 02:12 - 817595307 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 05 - Blu-Ray 1080p.mkv
2014-05-03 01:34 - 2014-05-03 01:48 - 635480105 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 04 - Blu-Ray 1080p.mkv
2014-05-03 00:36 - 2014-05-03 00:52 - 586200724 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 03 - Blu-Ray 1080p.mkv
2014-05-03 00:22 - 2014-05-03 00:35 - 595887114 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 02v2 - Blu-Ray 1080p.mkv
2014-05-03 00:07 - 2014-05-03 00:19 - 650099796 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 01v2 - Blu-Ray 1080p.mkv
2014-05-02 21:29 - 2014-05-02 21:29 - 00030131 _____ () C:\Users\Usuario\Downloads\e631b4008fba4f5cb02e5d13f03a33c9_A.jpeg
2014-05-02 21:00 - 2014-05-02 21:19 - 00001527 _____ () C:\Users\Usuario\Desktop\My DAP Downloads.lnk
2014-05-02 21:00 - 2014-05-02 21:00 - 00000897 _____ () C:\Users\Usuario\Desktop\Download Accelerator Plus (DAP).lnk
2014-05-02 20:59 - 2014-05-02 20:59 - 00172032 _____ (Jin Hui E-mail: [Você precisa estar registrado e conectado para ver este link.] Web: [Você precisa estar registrado e conectado para ver este link.] C:\Windows\system32\AniGIF.ocx
2014-05-02 20:59 - 2014-05-02 20:59 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Download Accelerator Plus (DAP).lnk
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\Program Files\DAP
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2014-05-02 20:15 - 2014-05-02 20:15 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\SpeedBit
2014-05-02 20:11 - 2014-05-02 20:11 - 00000000 ____D () C:\Users\Usuario\AppData\Local\CrashRpt
2014-05-02 20:06 - 2014-05-02 20:35 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2014-05-02 19:34 - 2014-05-02 20:59 - 00000000 ____D () C:\Users\Todos os Usuários\Speedbit
2014-05-02 19:34 - 2014-05-02 20:59 - 00000000 ____D () C:\ProgramData\Speedbit
2014-05-02 19:34 - 2014-05-02 19:34 - 00002721 _____ () C:\ADS19BA.tmp
2014-05-02 19:34 - 2014-05-02 19:34 - 00002592 _____ () C:\ADS19BB.tmp
2014-05-02 17:51 - 2014-05-03 19:02 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\ZHP
2014-05-02 17:51 - 2014-05-03 19:01 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-05-02 17:51 - 2014-05-02 17:51 - 00001937 _____ () C:\Users\Usuario\Desktop\ZHPFix.lnk
2014-05-02 17:51 - 2014-05-02 17:51 - 00001810 _____ () C:\Users\Usuario\Desktop\ZHPDiag.lnk
2014-05-02 17:51 - 2014-05-02 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-02 17:23 - 2014-05-02 17:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-02 17:02 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-02 16:46 - 2014-05-02 16:46 - 00000132 _____ () C:\Users\Usuario\AppData\default.pls
2014-05-02 16:36 - 2014-05-02 17:00 - 00000000 ____D () C:\zoek_backup
2014-05-02 14:53 - 2014-05-02 20:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-02 14:52 - 2014-05-02 16:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-02 14:52 - 2014-05-02 14:52 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 14:52 - 2014-05-02 14:52 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-05-02 14:52 - 2014-05-02 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-02 14:52 - 2014-05-02 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-02 14:52 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-02 14:52 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-02 14:52 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-02 13:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-02 13:57 - 2014-05-02 14:01 - 00000000 ____D () C:\AdwCleaner
2014-04-28 09:21 - 2014-04-28 09:22 - 00000000 ____D () C:\Users\Usuario\Desktop\Toradora
2014-04-27 15:20 - 2014-04-27 15:20 - 00000000 ____D () C:\Users\Usuario\Documents\NeroVision
2014-04-27 15:13 - 2014-04-27 15:13 - 00000000 ____D () C:\Users\Usuario\Documents\Nero Home
2014-04-25 13:17 - 2014-04-26 13:55 - 712832794 _____ () C:\Users\Usuario\Downloads\Jongens (2014).avi
2014-04-22 21:02 - 2014-04-22 21:02 - 00002732 _____ () C:\Users\Public\Desktop\Nero StartSmart.lnk
2014-04-22 21:02 - 2014-04-22 21:02 - 00002592 _____ () C:\Users\Public\Desktop\Nero Home.lnk
2014-04-22 21:02 - 2014-04-22 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
2014-04-22 21:00 - 2014-05-02 16:46 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Ahead
2014-04-22 20:59 - 2014-04-22 20:59 - 00000000 ____D () C:\Users\Todos os Usuários\Ahead
2014-04-22 20:59 - 2014-04-22 20:59 - 00000000 ____D () C:\ProgramData\Ahead
2014-04-22 20:55 - 2014-04-22 20:58 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2014-04-22 18:45 - 2014-04-22 18:45 - 00000000 _____ () C:\Windows\Irremote.ini
2014-04-22 18:21 - 2014-04-23 07:20 - 00038912 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-04-20 13:41 - 2014-04-20 13:41 - 00004608 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-12 21:32 - 2014-04-12 21:32 - 00197904 ____H () C:\Windows\system32\mlfcache.dat
2014-04-12 21:02 - 2014-04-17 01:34 - 00000000 ____D () C:\Program Files\mIRC
2014-04-12 21:02 - 2014-04-12 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2014-04-12 20:57 - 2014-04-12 21:02 - 00000913 _____ () C:\Users\Public\Desktop\mIRC.lnk
2014-04-12 20:54 - 2014-04-17 03:35 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\mIRC
2014-04-12 20:09 - 2014-04-12 20:09 - 00000000 ____D () C:\Users\Usuario\Downloads\Filmes
2014-04-12 11:12 - 2014-04-12 11:32 - 483050599 _____ () C:\Users\Usuario\Desktop\[Ecchi~Nyaa]_Ore_no_Nounai_Sentakushi_ga,_Gakuen_LoveCome_o_Zenryoku_de_Jama_Shiteiru_01_[Blu-Ray_720p_Hi10p_AAC][9F6C48EF].mkv

==================== One Month Modified Files and Folders =======

2014-05-03 19:31 - 2014-05-03 19:30 - 00011114 _____ () C:\Users\Usuario\Downloads\FRST.txt
2014-05-03 19:30 - 2014-05-03 19:30 - 00000000 ____D () C:\FRST
2014-05-03 19:29 - 2014-05-03 19:28 - 01050624 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2014-05-03 19:13 - 2013-11-07 14:57 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA.job
2014-05-03 19:10 - 2013-11-07 14:30 - 00000000 ____D () C:\Users\Usuario\AppData\Local\VirtualStore
2014-05-03 19:06 - 2009-07-14 01:34 - 00019312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-03 19:06 - 2009-07-14 01:34 - 00019312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 19:02 - 2014-05-03 19:02 - 00027892 _____ () C:\Users\Usuario\Desktop\ZHPDiag.txt
2014-05-03 19:02 - 2014-05-02 17:51 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\ZHP
2014-05-03 19:01 - 2014-05-02 17:51 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-05-03 18:58 - 2013-11-07 16:24 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-03 16:06 - 2013-11-07 14:26 - 00130546 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 13:58 - 2013-11-07 15:31 - 00140865 _____ () C:\Windows\system32\AutoKMS.log
2014-05-03 13:57 - 2013-11-19 10:36 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-03 13:57 - 2013-11-19 10:36 - 00000390 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-05-03 13:56 - 2014-03-31 18:55 - 00014730 _____ () C:\Windows\PFRO.log
2014-05-03 13:56 - 2014-03-23 01:00 - 00006448 _____ () C:\Windows\setupact.log
2014-05-03 13:56 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 03:16 - 2014-05-03 03:05 - 598062619 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 08 - Blu-Ray 1080p.mkv
2014-05-03 02:48 - 2014-05-03 02:39 - 426982553 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 07 - Blu-Ray 1080p.mkv
2014-05-03 02:36 - 2014-05-03 02:21 - 756224304 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 06 - Blu-Ray 1080p.mkv
2014-05-03 02:13 - 2013-11-07 14:57 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core.job
2014-05-03 02:12 - 2014-05-03 01:54 - 817595307 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 05 - Blu-Ray 1080p.mkv
2014-05-03 01:48 - 2014-05-03 01:34 - 635480105 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 04 - Blu-Ray 1080p.mkv
2014-05-03 00:52 - 2014-05-03 00:36 - 586200724 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 03 - Blu-Ray 1080p.mkv
2014-05-03 00:35 - 2014-05-03 00:22 - 595887114 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 02v2 - Blu-Ray 1080p.mkv
2014-05-03 00:19 - 2014-05-03 00:07 - 650099796 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 01v2 - Blu-Ray 1080p.mkv
2014-05-02 22:20 - 2013-11-08 20:58 - 00000000 ____D () C:\Users\Usuario\Downloads\Programas
2014-05-02 21:29 - 2014-05-02 21:29 - 00030131 _____ () C:\Users\Usuario\Downloads\e631b4008fba4f5cb02e5d13f03a33c9_A.jpeg
2014-05-02 21:19 - 2014-05-02 21:00 - 00001527 _____ () C:\Users\Usuario\Desktop\My DAP Downloads.lnk
2014-05-02 21:00 - 2014-05-02 21:00 - 00000897 _____ () C:\Users\Usuario\Desktop\Download Accelerator Plus (DAP).lnk
2014-05-02 20:59 - 2014-05-02 20:59 - 00172032 _____ (Jin Hui E-mail: [Você precisa estar registrado e conectado para ver este link.] Web: [Você precisa estar registrado e conectado para ver este link.] C:\Windows\system32\AniGIF.ocx
2014-05-02 20:59 - 2014-05-02 20:59 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Download Accelerator Plus (DAP).lnk
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\Program Files\DAP
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2014-05-02 20:59 - 2014-05-02 19:34 - 00000000 ____D () C:\Users\Todos os Usuários\Speedbit
2014-05-02 20:59 - 2014-05-02 19:34 - 00000000 ____D () C:\ProgramData\Speedbit
2014-05-02 20:35 - 2014-05-02 20:06 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2014-05-02 20:15 - 2014-05-02 20:15 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\SpeedBit
2014-05-02 20:11 - 2014-05-02 20:11 - 00000000 ____D () C:\Users\Usuario\AppData\Local\CrashRpt
2014-05-02 20:03 - 2014-05-02 14:53 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-02 20:02 - 2013-11-08 03:14 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\EQATEC Analytics
2014-05-02 19:34 - 2014-05-02 19:34 - 00002721 _____ () C:\ADS19BA.tmp
2014-05-02 19:34 - 2014-05-02 19:34 - 00002592 _____ () C:\ADS19BB.tmp
2014-05-02 17:51 - 2014-05-02 17:51 - 00001937 _____ () C:\Users\Usuario\Desktop\ZHPFix.lnk
2014-05-02 17:51 - 2014-05-02 17:51 - 00001810 _____ () C:\Users\Usuario\Desktop\ZHPDiag.lnk
2014-05-02 17:51 - 2014-05-02 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-02 17:23 - 2014-05-02 17:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-02 17:04 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-05-02 17:00 - 2014-05-02 16:36 - 00000000 ____D () C:\zoek_backup
2014-05-02 16:46 - 2014-05-02 16:46 - 00000132 _____ () C:\Users\Usuario\AppData\default.pls
2014-05-02 16:46 - 2014-04-22 21:00 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Ahead
2014-05-02 16:00 - 2014-05-02 14:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-02 16:00 - 2009-07-14 01:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-02 14:52 - 2014-05-02 14:52 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 14:52 - 2014-05-02 14:52 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-05-02 14:52 - 2014-05-02 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-02 14:52 - 2014-05-02 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-02 14:01 - 2014-05-02 13:57 - 00000000 ____D () C:\AdwCleaner
2014-05-02 01:32 - 2013-11-07 16:46 - 00000482 _____ () C:\Users\Usuario\Documents\jkhg.txt
2014-05-01 14:00 - 2013-11-07 16:44 - 00000000 ____D () C:\Users\Usuario\Downloads\Animes
2014-05-01 13:18 - 2013-11-07 14:57 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Skype
2014-04-30 22:26 - 2013-11-07 14:35 - 01634728 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-30 22:26 - 2009-07-14 05:31 - 00705786 _____ () C:\Windows\system32\prfh0416.dat
2014-04-30 22:26 - 2009-07-14 05:31 - 00146512 _____ () C:\Windows\system32\prfc0416.dat
2014-04-29 13:29 - 2013-11-07 16:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-29 13:29 - 2013-11-07 15:12 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-28 09:22 - 2014-04-28 09:21 - 00000000 ____D () C:\Users\Usuario\Desktop\Toradora
2014-04-28 08:12 - 2014-02-26 14:41 - 00000000 ____D () C:\FFOutput
2014-04-27 15:20 - 2014-04-27 15:20 - 00000000 ____D () C:\Users\Usuario\Documents\NeroVision
2014-04-27 15:13 - 2014-04-27 15:13 - 00000000 ____D () C:\Users\Usuario\Documents\Nero Home
2014-04-26 13:55 - 2014-04-25 13:17 - 712832794 _____ () C:\Users\Usuario\Downloads\Jongens (2014).avi
2014-04-24 06:48 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-23 22:56 - 2013-11-07 17:03 - 00000000 ____D () C:\Users\Usuario\Downloads\Imagens
2014-04-23 07:20 - 2014-04-22 18:21 - 00038912 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-04-22 21:10 - 2013-11-07 14:48 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Ahead
2014-04-22 21:02 - 2014-04-22 21:02 - 00002732 _____ () C:\Users\Public\Desktop\Nero StartSmart.lnk
2014-04-22 21:02 - 2014-04-22 21:02 - 00002592 _____ () C:\Users\Public\Desktop\Nero Home.lnk
2014-04-22 21:02 - 2014-04-22 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
2014-04-22 20:59 - 2014-04-22 20:59 - 00000000 ____D () C:\Users\Todos os Usuários\Ahead
2014-04-22 20:59 - 2014-04-22 20:59 - 00000000 ____D () C:\ProgramData\Ahead
2014-04-22 20:58 - 2014-04-22 20:55 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2014-04-22 20:56 - 2013-11-07 14:46 - 00000000 ____D () C:\Users\Todos os Usuários\Nero
2014-04-22 20:56 - 2013-11-07 14:46 - 00000000 ____D () C:\ProgramData\Nero
2014-04-22 20:55 - 2013-11-07 14:46 - 00000000 ____D () C:\Program Files\Nero
2014-04-22 18:51 - 2013-11-07 14:46 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-04-22 18:46 - 2013-11-07 14:47 - 00001024 _____ () C:\Users\Usuario\.rnd
2014-04-22 18:46 - 2013-11-07 14:47 - 00000188 _____ () C:\Windows\system32\MsiExec.exe.log
2014-04-22 18:45 - 2014-04-22 18:45 - 00000000 _____ () C:\Windows\Irremote.ini
2014-04-22 18:21 - 2013-11-07 14:57 - 00001325 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-22 18:21 - 2013-11-07 14:31 - 00001597 _____ () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-22 14:54 - 2013-11-07 14:59 - 00001899 _____ () C:\Users\Usuario\Desktop\Google Chrome.lnk
2014-04-21 23:07 - 2013-11-08 03:35 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-04-20 13:41 - 2014-04-20 13:41 - 00004608 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-17 03:35 - 2014-04-12 20:54 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\mIRC
2014-04-17 01:34 - 2014-04-12 21:02 - 00000000 ____D () C:\Program Files\mIRC
2014-04-12 21:32 - 2014-04-12 21:32 - 00197904 ____H () C:\Windows\system32\mlfcache.dat
2014-04-12 21:02 - 2014-04-12 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2014-04-12 21:02 - 2014-04-12 20:57 - 00000913 _____ () C:\Users\Public\Desktop\mIRC.lnk
2014-04-12 20:09 - 2014-04-12 20:09 - 00000000 ____D () C:\Users\Usuario\Downloads\Filmes
2014-04-12 11:32 - 2014-04-12 11:12 - 483050599 _____ () C:\Users\Usuario\Desktop\[Ecchi~Nyaa]_Ore_no_Nounai_Sentakushi_ga,_Gakuen_LoveCome_o_Zenryoku_de_Jama_Shiteiru_01_[Blu-Ray_720p_Hi10p_AAC][9F6C48EF].mkv
2014-04-03 09:51 - 2014-05-02 14:52 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-02 14:52 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-05-02 14:52 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 02:40

==================== End Of Log ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2014
Ran by Usuario at 2014-05-03 19:32:03
Running from C:\Users\Usuario\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\Adobe_b741c3c52d3108664cedeb2b76f6d96) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 1.0 (HKLM\...\Tradução Adobe Photoshop CS4_is1) (Version:  - Nando Backer Software Developer)
Adobe Reader X (10.1.Cool - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
aTube Catcher (HKLM\...\aTube Catcher) (Version: 2.9.4272 - DsNET Corp)
avast! Free Antivirus (HKLM\...\avast) (Version: 8.0.1489.0 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Codec 8.4f (HKLM\...\Codec_is1) (Version:  - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{B92076C0-C5FE-4DB1-AA8D-855430CDF098}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - BR (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (HKLM\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (Version: 16.0 - Corel Corporation) Hidden
DC-Bass Source 1.3.0 (HKLM\...\DC-Bass Source) (Version:  - )
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10059 (Build 2593) - Speedbit Ltd.)
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
FormatFactory 3.3.1.0 (HKLM\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Google Chrome (HKCU\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware versão 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x86) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) Portuguese (Brazil) (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Miniaurélio (HKLM\...\{01A373F1-B268-43CA-A8F1-45708A62F50A}) (Version: 5.12 - Positivo Informática.)
mIRC (HKLM\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Mozilla Firefox 28.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 28.0 (x86 pt-BR)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MPC-HC 1.7.3 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.3 - MPC-HC Team)
Nero 7 Ultra Edition (HKLM\...\{C6115A28-F277-4E82-B067-84D28BF21046}) (Version: 7.03.1357 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PeaZip 5.1.1 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.6 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Ultimate Codecs Packages (HKCU\...\Ultimate Codecs Packages) (Version:  - ) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points  =========================

02-05-2014 19:39:09 zoek.exe restore point
02-05-2014 21:39:59 ZHPFix Restore System Point
02-05-2014 23:04:24 Revo Uninstaller's restore point - Download Accelerator Plus (DAP)
02-05-2014 23:33:08 Revo Uninstaller's restore point - Download Accelerator Plus (DAP)
03-05-2014 21:51:09 ZHPFix Restore System Point

==================== Hosts content: ==========================

2009-07-13 23:04 - 2014-05-02 16:39 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {33235AB0-22BE-4E4A-954C-CDCFA65D5CFC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: {3EC36B8B-77C9-48B4-9C44-7202DF9E7FD1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {52E22773-E629-4AFF-9BCB-503B6BE77548} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {58659119-61F6-40F0-925B-2F17BE98CDC0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2013-11-07] (Microsoft)
Task: {772BF1E3-C3C0-42A1-A688-BD192EE976FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {874E4575-3352-4728-BBDC-99CB3E88ABA2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {8982478E-518F-4037-850C-FA08CC737FB7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: {89F25690-8414-4455-959A-188454A27B94} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {CF56E9B6-85EA-4368-A9EE-44344FC3029B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E5F247AC-E4E0-4178-91B0-AB21559EA09B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {EFBDD970-01E2-42D9-8BE1-0AE7AF9B69D0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F182866C-BEEC-4B88-85B3-9E7881420F74} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) =============

2014-05-03 18:02 - 2014-05-03 14:05 - 02292736 _____ () C:\Program Files\AVAST Software\Avast\defs\14050301\algo.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-02 21:00 - 2014-05-02 21:00 - 00009216 _____ () C:\ProgramData\Speedbit\DAP\Plugins\AddonsCondition.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00011776 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00010240 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00010752 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00014848 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\HotFileCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00040960 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\YouTubeCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00012288 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\FileFactoryCom.dll
2013-12-05 09:20 - 2013-12-03 23:47 - 00702416 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 09:20 - 2013-12-03 23:47 - 00099792 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 09:20 - 2013-12-03 23:48 - 04055504 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 09:20 - 2013-12-03 23:48 - 00399312 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 09:19 - 2013-12-03 23:47 - 01619408 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 09:20 - 2013-12-03 23:48 - 13586896 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
2011-01-18 03:07 - 2011-01-18 03:07 - 12433408 _____ () C:\Program Files\DsNET Corp\aTube Catcher 2.0\ffmpeg.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Update => "C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 06:51:07 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {e9fe2f0c-4f48-4f90-8a95-541c01913ef9}

Error: (05/03/2014 04:29:16 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (05/02/2014 09:15:01 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (05/02/2014 08:33:08 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {f3f42b67-dc01-4968-bd05-dcd015342424}

Error: (05/02/2014 08:04:23 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {1a543900-2ea4-4aea-98ac-d9be5bc6864f}

Error: (05/02/2014 06:39:58 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {950ea0b0-715d-45e9-b9a4-3cb649ec38de}


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (05/03/2014 06:51:07 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {e9fe2f0c-4f48-4f90-8a95-541c01913ef9}

Error: (05/03/2014 04:29:16 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (05/02/2014 09:15:01 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (05/02/2014 08:33:08 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {f3f42b67-dc01-4968-bd05-dcd015342424}

Error: (05/02/2014 08:04:23 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {1a543900-2ea4-4aea-98ac-d9be5bc6864f}

Error: (05/02/2014 06:39:58 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {950ea0b0-715d-45e9-b9a4-3cb649ec38de}


==================== Memory info ===========================

Percentage of memory in use: 75%
Total physical RAM: 2013.24 MB
Available physical RAM: 499.06 MB
Total Pagefile: 4026.48 MB
Available Pagefile: 1902.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:52.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool(Size: 233 GB) (Disk ID: 94B794B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

ZHPFix:

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Usuario at 03/05/2014 19:35:34
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 32-bit  (Build 7600)

Reciclagem vazia (00mn 30s)

========== Elementos dos dados do Registo ==========
ELIMINÉ Explorer Association Data Application: [Você precisa estar registrado e conectado para ver este link.]

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (34) (582.839 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 52s

========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/05/2014 18:40:34 [2261]
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R2].txt - 03/05/2014 18:51:36 [1196]
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R3].txt - 03/05/2014 19:36:04 [1088]
avatar
Muitas Dúvidas
Iniciante
Iniciante

Mensagens : 14
Reputação : 1
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Power Max em Sab 03 Maio 2014, 19:48

falta só o outro log do Farbar (Addition)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Muitas Dúvidas em Sab 03 Maio 2014, 20:00

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2014
Ran by Usuario at 2014-05-03 19:32:03
Running from C:\Users\Usuario\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\Adobe_b741c3c52d3108664cedeb2b76f6d96) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 1.0 (HKLM\...\Tradução Adobe Photoshop CS4_is1) (Version: - Nando Backer Software Developer)
Adobe Reader X (10.1.Cool - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
aTube Catcher (HKLM\...\aTube Catcher) (Version: 2.9.4272 - DsNET Corp)
avast! Free Antivirus (HKLM\...\avast) (Version: 8.0.1489.0 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Codec 8.4f (HKLM\...\Codec_is1) (Version: - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{B92076C0-C5FE-4DB1-AA8D-855430CDF098}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - BR (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (HKLM\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (Version: 16.0 - Corel Corporation) Hidden
DC-Bass Source 1.3.0 (HKLM\...\DC-Bass Source) (Version: - )
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10059 (Build 2593) - Speedbit Ltd.)
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
FormatFactory 3.3.1.0 (HKLM\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Google Chrome (HKCU\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware versão 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x86) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) Portuguese (Brazil) (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Miniaurélio (HKLM\...\{01A373F1-B268-43CA-A8F1-45708A62F50A}) (Version: 5.12 - Positivo Informática.)
mIRC (HKLM\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Mozilla Firefox 28.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 28.0 (x86 pt-BR)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MPC-HC 1.7.3 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.3 - MPC-HC Team)
Nero 7 Ultra Edition (HKLM\...\{C6115A28-F277-4E82-B067-84D28BF21046}) (Version: 7.03.1357 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PeaZip 5.1.1 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.6 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Ultimate Codecs Packages (HKCU\...\Ultimate Codecs Packages) (Version: - ) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points =========================

02-05-2014 19:39:09 zoek.exe restore point
02-05-2014 21:39:59 ZHPFix Restore System Point
02-05-2014 23:04:24 Revo Uninstaller's restore point - Download Accelerator Plus (DAP)
02-05-2014 23:33:08 Revo Uninstaller's restore point - Download Accelerator Plus (DAP)
03-05-2014 21:51:09 ZHPFix Restore System Point

==================== Hosts content: ==========================

2009-07-13 23:04 - 2014-05-02 16:39 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {33235AB0-22BE-4E4A-954C-CDCFA65D5CFC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: {3EC36B8B-77C9-48B4-9C44-7202DF9E7FD1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {52E22773-E629-4AFF-9BCB-503B6BE77548} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {58659119-61F6-40F0-925B-2F17BE98CDC0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2013-11-07] (Microsoft)
Task: {772BF1E3-C3C0-42A1-A688-BD192EE976FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {874E4575-3352-4728-BBDC-99CB3E88ABA2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {8982478E-518F-4037-850C-FA08CC737FB7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: {89F25690-8414-4455-959A-188454A27B94} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {CF56E9B6-85EA-4368-A9EE-44344FC3029B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E5F247AC-E4E0-4178-91B0-AB21559EA09B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {EFBDD970-01E2-42D9-8BE1-0AE7AF9B69D0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F182866C-BEEC-4B88-85B3-9E7881420F74} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) =============

2014-05-03 18:02 - 2014-05-03 14:05 - 02292736 _____ () C:\Program Files\AVAST Software\Avast\defs\14050301\algo.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-02 21:00 - 2014-05-02 21:00 - 00009216 _____ () C:\ProgramData\Speedbit\DAP\Plugins\AddonsCondition.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00011776 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00010240 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00010752 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00014848 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\HotFileCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00040960 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\YouTubeCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00012288 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\FileFactoryCom.dll
2013-12-05 09:20 - 2013-12-03 23:47 - 00702416 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 09:20 - 2013-12-03 23:47 - 00099792 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 09:20 - 2013-12-03 23:48 - 04055504 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 09:20 - 2013-12-03 23:48 - 00399312 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 09:19 - 2013-12-03 23:47 - 01619408 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 09:20 - 2013-12-03 23:48 - 13586896 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
2011-01-18 03:07 - 2011-01-18 03:07 - 12433408 _____ () C:\Program Files\DsNET Corp\aTube Catcher 2.0\ffmpeg.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Update => "C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 06:51:07 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {e9fe2f0c-4f48-4f90-8a95-541c01913ef9}

Error: (05/03/2014 04:29:16 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (05/02/2014 09:15:01 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (05/02/2014 08:33:08 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {f3f42b67-dc01-4968-bd05-dcd015342424}

Error: (05/02/2014 08:04:23 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {1a543900-2ea4-4aea-98ac-d9be5bc6864f}

Error: (05/02/2014 06:39:58 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {950ea0b0-715d-45e9-b9a4-3cb649ec38de}


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (05/03/2014 06:51:07 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {e9fe2f0c-4f48-4f90-8a95-541c01913ef9}

Error: (05/03/2014 04:29:16 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (05/02/2014 09:15:01 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (05/02/2014 08:33:08 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {f3f42b67-dc01-4968-bd05-dcd015342424}

Error: (05/02/2014 08:04:23 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {1a543900-2ea4-4aea-98ac-d9be5bc6864f}

Error: (05/02/2014 06:39:58 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {950ea0b0-715d-45e9-b9a4-3cb649ec38de}


==================== Memory info ===========================

Percentage of memory in use: 75%
Total physical RAM: 2013.24 MB
Available physical RAM: 499.06 MB
Total Pagefile: 4026.48 MB
Available Pagefile: 1902.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:52.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool (Size: 233 GB) (Disk ID: 94B794B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
avatar
Muitas Dúvidas
Iniciante
Iniciante

Mensagens : 14
Reputação : 1
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Power Max em Sab 03 Maio 2014, 20:41

 Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no mesmo lugar onde você deixou o Farbar (FRST) que é este local abaixo:
C:\Users\Usuario\Downloads

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Muitas Dúvidas em Sab 03 Maio 2014, 21:39

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-05-2014
Ran by Usuario at 2014-05-03 21:22:10 Run:1
Running from C:\Users\Usuario\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Ultimate Codecs Packages (HKCU\...\Ultimate Codecs Packages) (Version: - ) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:56E2E879
end
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
"C:\Users\Todos os Usuários\TEMP" => ":56E2E879" ADS not found.


The system needed a reboot.

==== End of Fixlog ====
avatar
Muitas Dúvidas
Iniciante
Iniciante

Mensagens : 14
Reputação : 1
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Power Max em Sab 03 Maio 2014, 21:51

Reinicie o PC e nos diga como está o computador depois destes procedimentos.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Muitas Dúvidas em Sab 03 Maio 2014, 22:22

A extensão saiu, assim como as propagadas! (ufa). O PC está mais rápido e até resolveu um problema que eu tinha no Mega.
avatar
Muitas Dúvidas
Iniciante
Iniciante

Mensagens : 14
Reputação : 1
Data de inscrição : 02/05/2014

Voltar ao Topo Ir em baixo

Re: Remoção da extensão UTAdRemovalApp 2.0

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum