Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14428 usuários registrados
O último usuário registrado atende pelo nome de RS_Computadores

Os nossos membros postaram um total de 35114 mensagens em 3558 assuntos
Últimos assuntos
» Pc reinicia ao desligar e vai pra BIOS
por joram Ontem à(s) 14:41

Quem está conectado
Não há nenhum usuário online :: Nenhum usuário registrado, Nenhum Invisível e nenhuma Visita :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Setembro 2017
SegTerQuaQuiSexSabDom
    123
45678910
11121314151617
18192021222324
252627282930 

Calendário Calendário

Palavras chave


Como remover o Storm Alert

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Como remover o Storm Alert

Mensagem por Cassiano1110 em Dom 11 Jan 2015, 11:14

Olá, não consigo remover esse programa que foi instalado no meu pc e fica lançando mensagens indesejadas nos meus navegadores.

Obs: tentei pelo adicionar e remover programas mas não consigo remover, obrigado.
avatar
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por joram em Dom 11 Jan 2015, 12:54

/!\ Boa Tarde! Cassiano1110 /!\

> Baixe: < ZHPDiag2.exe >  < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... de Nicolas Coolman )
> Ou aqui! << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Execute o ícone do pergaminho. ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt
> Ps: Como o log será extenso,envie-o à Pjjoint.malekal.

> Ou acesse: < [Você precisa estar registrado e conectado para ver esta imagem.]

> Ou acesse: < MyFile.tk >

> Ou anexe-o |Aqui!| << Link!

> Maiores informações: < |Link| > << Hospedagem!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3724
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por Cassiano1110 em Dom 11 Jan 2015, 23:59

Olá.

Não consegui utilizar nenhuma forma de anexo, dessa forma quebrei em dois poost e enviei

 < [Você precisa estar registrado e conectado para ver este link.] >

Não se preocupe,pois o upei para vc em Cjoint.com.

( joram )
avatar
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por joram em Seg 12 Jan 2015, 08:46

/!\ Bom Dia! Cassiano1110 /!\

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
ShortcutFix
EmptyTemp
EmptyFlash
HiddenFix
[MD5.61A1362D6A166AFB5C25954D27D418AC] [WIS][03/04/2014] (.PriceMeter - Google Update Helper.) -- C:\Windows\Installer\e35a0a.msi [40960]
[MD5.E3D54C76A3065F615D2433BB59BD959A] - (...) -- C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOASHelper.exe [1649912] [PID.5420]
[MD5.46E15CC1C1A2565831F4DE38684102CD] - (...) -- C:\Program Files (x86)\Solution Real\bin\SolutionReal.expext.exe [101624] [PID.3044]
M3 - MFPP: Plugins - [Cassiano] -- C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default\searchplugins\Vosteran.xml
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
O4 - GS\Desktop [Cassiano]: SpyHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.)
O4 - HKCU\..\RunOnce: [WSE_Vosteran] Chave orfã
O4 - HKUS\S-1-5-21-4032315922-2193373217-1692392771-1001\..\RunOnce: [WSE_Vosteran] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [gmsd_br_65] Chave orfã
O23 - Service: IePlugin Services (IePluginServices) . (...) - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: Update Solution Real (Update Solution Real) . (...) - C:\Program Files (x86)\Solution Real\updateSolutionReal.exe (.not file.)
O23 - Service: Util Solution Real (Util Solution Real) . (...) - C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe (.not file.)
O23 - Service: xttLrjmO (xttLrjmO) . (.Rational Thought Solutions - StormAlert Service.) - C:\ProgramData\lsRAqrc\xttLrjmO.exe
O23 - Service: Update brown bark (Update brown bark) . (...) - C:\Program Files (x86)\brown bark\updatebrownbark.exe (.not file.)
O23 - Service: Util brown bark (Util brown bark) . (...) - C:\Program Files (x86)\brown bark\bin\utilbrownbark.exe (.not file.)
O41 - Driver: ({76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys
O41 - Driver: ({c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64.sys
O42 - Logiciel: Google Update Helper - (.PriceMeter.) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: SpyHunter - (.Enigma Software Group USA, LLC.) [HKLM][64Bits] -- {ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}
O42 - Logiciel: Storm Alert - (.Rational Thought Solutions.) [HKLM][64Bits] -- StormAlert
O42 - Logiciel: WindowsMangerProtect20.0.0.502 - (.WindowsProtect LIMITED.) [HKLM][64Bits] -- WindowsMangerProtect
O43 - CFD: 31/07/2014 - 21:18:55 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 27/12/2014 - 16:37:36 - [0] ----D C:\Program Files (x86)\brown bark
O44 - LFC:[MD5.0EA85FE5C50FA23BC4C689DB19900A14] - 10/01/2015 - 13:41:28 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys [48792]
O58 - SDL:10/01/2015 - 13:41:28 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys [48792]
O58 - SDL:26/12/2014 - 09:23:46 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64.sys [48784]
O61 - LFC: 07/01/2015 - 23:24:11 ---A- . (...) -- C:\Users\Cassiano\AppData\Local\Temp\n5406\GamesDesktop-brInstaller.exe [382249]
O61 - LFC: 11/01/2015 - 23:23:51 ---A- . (.Solution Real.) -- C:\Users\Cassiano\AppData\Local\Microsoft\Windows\INetCache\IE\EG77AKKM\SolutionReal[1].dll [250616]
O61 - LFC: 07/01/2015 - 23:24:11 ---A- . (...) -- C:\Users\Cassiano\AppData\Local\Temp\n5406\Setup.exe [4531416]
O61 - LFC: 07/01/2015 - 23:24:11 ---A- . (.Baidu Inc..) -- C:\Users\Cassiano\AppData\Local\Temp\n5406\PCFaster_1103-b4e1b032.exe [1569312]
O61 - LFC: 07/01/2015 - 23:24:11 ---A- . (.Baidu, Inc..) -- C:\Users\Cassiano\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.7.102888.exe [23561768]
O61 - LFC: 07/01/2015 - 23:24:11 ---A- . (.Setup Install.) -- C:\Users\Cassiano\AppData\Local\Temp\n5406\s5406.exe [361680]
O61 - LFC: 11/01/2015 - 23:24:11 ---A- . (...) -- C:\Users\Cassiano\AppData\Local\Temp\nsc8ED1.tmp\nsProcess.dll [4096]
O61 - LFC: 11/01/2015 - 23:24:11 ---A- . (.VS Revo Group Ltd..) -- C:\Users\Cassiano\AppData\Local\Temp\~nsu.tmp\Au_.exe [87550]
O67 - Shell Spawning: <.html> <SparkSafeHTML>[HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> <SparkSafeHTML>[HKCU\..\open\Command] (.Not Key.)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Vosteran) - [Você precisa estar registrado e conectado para ver este link.]
[HKCU\Software\AppDataLow\Software\DynConIE]
[HKCU\Software\AppDataLow\Software\Freeven Pro 1.4]
[HKCU\Software\AppDataLow\Software\MediaPlayerplus]
[HKCU\Software\AppDataLow\Software\Rr Savings]
[HKCU\Software\AppDataLow\Software\Supra Savings]
[HKCU\Software\InstallCore]
[HKCU\Software\PriceMeterLiveUpdate]
[HKCU\Software\Download4windows]
[HKCU\Software\SupHpUISoft]
[HKCU\Software\TutoTag]
[HKCU\Software\Vosteran Browser]
[HKLM\Software\EnigmaSoftwareGroup]
[HKLM\Software\Wow6432Node\GAMESDESKTOP]
[HKLM\Software\Wow6432Node\MediaPlayerplus]
[HKLM\Software\Wow6432Node\PriceMeterLiveUpdate]
[HKLM\Software\Wow6432Node\omiga-plusSoftware]
[HKLM\Software\Wow6432Node\supTab]
[HKLM\Software\Wow6432Node\supWPM]
[HKLM\Software\Wow6432Node\supWindowsMangerProtect]
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices]
[HKLM\SYSTEM\CurrentControlSet\Services\Update Solution Real]
[HKLM\SYSTEM\CurrentControlSet\Services\Util Solution Real]
[HKLM\SYSTEM\CurrentControlSet\Services\xttLrjmO]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormAlert]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect]
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:WSE_Vosteran
C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOASHelper.exe
C:\Program Files (x86)\Solution Real\bin\SolutionReal.expext.exe
C:\ProgramData\StormAlert\uninstall.exe
C:\Windows\Installer\e35a0a.msi
C:\Users\Cassiano\Desktop\SpyHunter.lnk
C:\Program Files (x86)\predm
C:\Program Files (x86)\Solution Real
C:\ProgramData\IePluginServices
C:\ProgramData\StormAlert
C:\ProgramData\WindowsMangerProtect
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_to_day
C:\Users\Cassiano\AppData\Roaming\WSE_Vosteran
C:\Users\Cassiano\AppData\Local\com
C:\Users\Cassiano\AppData\Local\StormAlert
C:\Users\Cassiano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

ServiceStop:IePluginServices
ServiceStop:Update Solution Real
ServiceStop:xttLrjmO
ServiceStop:"Update brown bark"
ServiceStop:"Util brown bark"
ServiceStop:{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64
ServiceStop:{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64


> Abra a ferramenta ZHPFix. < [Você precisa estar registrado e conectado para ver esta imagem.] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >  

A+


Última edição por joram em Sab 17 Jan 2015, 15:57, editado 1 vez(es)
avatar
joram
Administrador
Administrador

Mensagens : 3724
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por Cassiano1110 em Ter 13 Jan 2015, 00:09

Olá joram, onde está a parte em vermelho?
avatar
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por joram em Qua 14 Jan 2015, 10:09

Cassiano1110 escreveu:Olá joram, onde está a parte em vermelho?
/!\ Bom Dia! Cassiano1110 /!\

Script ZHPFix
FirewallRaz
EmptyPrefetch
----
----
----
ServiceStop:"Util brown bark"
ServiceStop:{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64
ServiceStop:{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64


> Este é parte do script que lhe passei e que está em vermelho!
> Copie-o integralmente!
> Se vc não interpretou ou viu isso ....  study ???

A+
avatar
joram
Administrador
Administrador

Mensagens : 3724
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por Cassiano1110 em Qui 15 Jan 2015, 01:18

Olá, segue o relatório

Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014
Fichier d'export Registre :
Run by Cassiano at 15/01/2015 01:18:48
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 04s)
Prefetcher vazio
Reparação de atalhos do navegador

========== Softwares ==========
ELIMINÉ: Google Update Helper
AUSENTE Uninstall Process: c:\programdata\stormalert\uninstall.exe
AUSENTE Uninstall Process: c:\programdata\windowsmangerprotect\protectwindowsmanager.exe

========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\ProgramData\StormAlert\uninstall.exe
ELIMINA REINICIAR: Memory Process: C:\Windows\Installer\e35a0a.msi

========== Estado dos serviços ==========
IePluginServices Parado
Update Solution Real Parado
xttLrjmO Parado
"Update brown bark" Parado
"Util brown bark" Parado
{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64 Parado
{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64 Parado

========== Chaves do Registo ==========
ELIMINÉ:³ Service: IePluginServices
ELIMINÉ:³ Service: Update Solution Real
ELIMINÉ:³ Service: Util Solution Real
ELIMINÉ:³ Service: xttLrjmO
ELIMINÉ:³ Service: Update brown bark
ELIMINÉ:³ Service: Util brown bark
ELIMINÉ: SearchScopes :{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
ELIMINÉ: HKCU\Software\AppDataLow\Software\DynConIE
ELIMINÉ: HKCU\Software\AppDataLow\Software\Freeven Pro 1.4
ELIMINÉ: HKCU\Software\AppDataLow\Software\MediaPlayerplus
ELIMINÉ: HKCU\Software\AppDataLow\Software\Rr Savings
ELIMINÉ: HKCU\Software\AppDataLow\Software\Supra Savings
ELIMINÉ: HKCU\Software\InstallCore
ELIMINÉ: HKCU\Software\PriceMeterLiveUpdate
ELIMINÉ: HKCU\Software\Download4windows
ELIMINÉ: HKCU\Software\SupHpUISoft
ELIMINÉ: HKCU\Software\TutoTag
ELIMINÉ: HKCU\Software\Vosteran Browser
ELIMINÉ:³ HKLM\Software\EnigmaSoftwareGroup
ELIMINÉ:³ HKLM\Software\Wow6432Node\GAMESDESKTOP
ELIMINÉ:³ HKLM\Software\Wow6432Node\MediaPlayerplus
ELIMINÉ:³ HKLM\Software\Wow6432Node\PriceMeterLiveUpdate
ELIMINÉ:³ HKLM\Software\Wow6432Node\omiga-plusSoftware
ELIMINÉ:³ HKLM\Software\Wow6432Node\supTab
ELIMINÉ:³ HKLM\Software\Wow6432Node\supWPM
ELIMINÉ:³ HKLM\Software\Wow6432Node\supWindowsMangerProtect
ELIMINÉ:³ HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
ELIMINÉ:³ HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
ELIMINÉ:³ HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32
ELIMINÉ:³ HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\Update Solution Real
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\Util Solution Real
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\xttLrjmO
ELIMINÉ:³ HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
Nenhum valor presente na chave de exceções do registo (FirewallRaz)

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (0)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: C:\ProgramData\boost_interprocess
ELIMINA REINICIAR:** C:\Program Files (x86)\brown bark
ELIMINA REINICIAR:** c:\program files (x86)\predm
ELIMINA REINICIAR:** c:\program files (x86)\solution real
ELIMINA REINICIAR:** c:\programdata\iepluginservices
ELIMINA REINICIAR:** c:\programdata\stormalert
ELIMINA REINICIAR:** c:\programdata\windowsmangerprotect
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\free_soft_to_day
ELIMINÉ: c:\users\cassiano\appdata\local\com
ELIMINÉ: c:\users\cassiano\appdata\local\stormalert
ELIMINÉ: c:\users\cassiano\appdata\roaming\microsoft\windows\start menu\programs\spyhunter

========== Ficheiros ==========
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\users\cassiano\appdata\roaming\mozilla\firefox\profiles\mhzxax0o.default\searchplugins\vosteran.xml
ELIMINÉ: c:\users\cassiano\desktop\spyhunter.lnk
ELIMINA REINICIAR: c:\programdata\iepluginservices\pluginservice.exe
ELIMINA REINICIAR: c:\programdata\lsraqrc\xttlrjmo.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}gw64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{c498f6c6-a577-42a8-98f6-8b7499c22f4a}gw64.sys
ELIMINÉ: c:\users\cassiano\appdata\local\microsoft\windows\inetcache\ie\eg77akkm\solutionreal[1].dll

========== Pastas/Ficheiros ocultos restaurados ==========
Mes images (My Pictures) : 4 restaurados com sucesso
Ma musique (My Music) : 1 restaurados com sucesso
Ma Video (My Video) : 1 restaurados com sucesso
Mes Favoris (My Favorites) : 2 restaurados com sucesso
Mes Documents (My Documents) : 5 restaurados com sucesso
Mon Bureau (My Desktop) : 6 restaurados com sucesso
Menu demarrer (Programs) : 11 restaurados com sucesso
Dossier utilisateur (AppData) : 28 restaurados com sucesso
Programmes (Program Files) : 7 restaurados com sucesso


========== Recapitulativo ==========
2 : Processo memória
35 : Chaves do Registo
3 : Valores do Registo
1 : Elementos dos dados do Registo
14 : Pastas
9 : Ficheiros
3 : Softwares
7 : Estado dos serviços
65 : Pastas/Ficheiros ocultos restaurados


End of clean in 01mn 39s

========== Caminho do ficheiro do relatório ==========
C:\Users\Cassiano\AppData\Roaming\ZHP\ZHPFix[R1].txt - 28/12/2014 09:53:25 [4669]
C:\Users\Cassiano\AppData\Roaming\ZHP\ZHPFix[R2].txt - 28/12/2014 14:50:02 [1720]
C:\Users\Cassiano\AppData\Roaming\ZHP\ZHPFix[R3].txt - 15/01/2015 01:18:53 [5817]
avatar
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por joram em Qui 15 Jan 2015, 07:24

/!\ Bom Dia! Cassiano1110 /!\

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... by Smeenk )

< [Você precisa estar registrado e conectado para ver esta imagem.] zoek.exe >

> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute Zoek.exe como administrador.

emptyfolderscheck;delete
ipconfig /flushdns;b
QuickScan;
Emptytemp;
AutoClean;
 

> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script". 

Zoek.exe is running now. 
Do not start any browser windows, they will be closed automatically. 
Please wait! This window will close when finished. 
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
> Poste o relatório,que estará em C:\zoek-results.txt << 

A+
avatar
joram
Administrador
Administrador

Mensagens : 3724
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por Cassiano1110 em Qui 15 Jan 2015, 22:59

segue o relatório

Zoek.exe v5.0.0.0 Updated 15-01-2015
Tool run by Cassiano on 15/01/2015 at 22:28:18,29.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cassiano\Downloads\zoek.exe    [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-04-08-024137.log 37746 bytes

==== Empty Folders Check ======================

C:\PROGRA~2\Baidu Security deleted successfully
C:\PROGRA~2\brown bark deleted successfully
C:\PROGRA~2\gmsd_br_61 deleted successfully
C:\PROGRA~2\predm deleted successfully
C:\PROGRA~2\RBM deleted successfully
C:\PROGRA~2\Solution Real deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Cassiano\AppData\Roaming\Baidu Security deleted successfully
C:\Users\Cassiano\AppData\Local\LSC deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0394e4ac-22da-47f9-9160-f853ab6b899d} deleted successfully
HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc1944ae-4199-470a-af34-d0071195c57e} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0394e4ac-22da-47f9-9160-f853ab6b899d} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc1944ae-4199-470a-af34-d0071195c57e} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xttLrjmO deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginServices deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util brown bark deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util brown bark deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update brown bark deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update brown bark deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Solution Real deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Solution Real deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Solution Real deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Solution Real deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default

---- Lines srchvstrn removed from user.js ----

user_pref("extensions.srchvstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgUrl", "http://Vosteran.com/?f=1&a=vst_bxi01_15_02_ch&cd=2XzuyEtN2Y1L1QzuyCyEtC0CyCyByCtB0ByEyCtDyBzyyC0EtN0D0Tzu0StCtCtDyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0DyByC0C0AzzyDtG0AyB0DyEtG0DtC0D0BtGtD0AyE0CtGtA0BtDyEzyyEtA0BtDtB0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0F0C0CtC0D0C0AtGyD0F0F0EtGyE0AtCyDtGzztA0C0BtGyD0E0F0FtDyDyC0AtCyDtD0E2Q&cr=2086199281&ir=");
user_pref("extensions.srchvstrn.dfltSrch", true);
user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
user_pref("extensions.srchvstrn.dnsErr", true);
user_pref("extensions.srchvstrn_i.newTab", true);
user_pref("extensions.srchvstrn.newTabUrl", "http://Vosteran.com/?f=2&a=vst_bxi01_15_02_ch&cd=2XzuyEtN2Y1L1QzuyCyEtC0CyCyByCtB0ByEyCtDyBzyyC0EtN0D0Tzu0StCtCtDyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0DyByC0C0AzzyDtG0AyB0DyEtG0DtC0D0BtGtD0AyE0CtGtA0BtDyEzyyEtA0BtDtB0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0F0C0CtC0D0C0AtGyD0F0F0EtGyE0AtCyDtGzztA0C0BtGyD0E0F0FtDyDyC0AtCyDtD0E2Q&cr=2086199281&ir=");
user_pref("extensions.srchvstrn.tlbrSrchUrl", "http://Vosteran.com/?f=3&a=vst_bxi01_15_02_ch&cd=2XzuyEtN2Y1L1QzuyCyEtC0CyCyByCtB0ByEyCtDyBzyyC0EtN0D0Tzu0StCtCtDyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0DyByC0C0AzzyDtG0AyB0DyEtG0DtC0D0BtGtD0AyE0CtGtA0BtDyEzyyEtA0BtDtB0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0F0C0CtC0D0C0AtGyD0F0F0EtGyE0AtCyDtGzztA0C0BtGyD0E0F0FtDyDyC0AtCyDtD0E2Q&cr=2086199281&ir=&q=");
user_pref("extensions.srchvstrn.id", "641C6762B460796E");
user_pref("extensions.srchvstrn.instlDay", "16446");
user_pref("extensions.srchvstrn.vrsn", "");
user_pref("extensions.srchvstrn.vrsni", "");
user_pref("extensions.srchvstrn_i.vrsnTs", "1:36:39");
user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
user_pref("extensions.srchvstrn.prdct", "srchvstrn");
user_pref("extensions.srchvstrn.aflt", "vst_bxi01_15_02_ch");
user_pref("extensions.srchvstrn_i.smplGrp", "none");
user_pref("extensions.srchvstrn.tlbrId", "");
user_pref("extensions.srchvstrn.instlRef", "142905_s4");
user_pref("extensions.srchvstrn.dfltLng", "");
user_pref("extensions.srchvstrn.appId", "{4CB3598A-82E8-4D1F-983F-061238AE696E}");
user_pref("extensions.srchvstrn.excTlbr", false);
user_pref("extensions.srchvstrn.cr", "2086199281");
user_pref("extensions.srchvstrn.cd", "2XzuyEtN2Y1L1QzuyCyEtC0CyCyByCtB0ByEyCtDyBzyyC0EtN0D0Tzu0StCtCtDyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0DyByC0C0AzzyDtG0AyB0DyEtG0DtC0D0BtGtD0AyE0CtGtA0BtDyEzyyEtA0BtDtB0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0F0C0CtC0D0C0AtGyD0F0F0EtGyE0AtCyDtGzztA0C0BtGyD0E0F0FtDyDyC0AtCyDtD0E2Q");
user_pref("extensions.srchvstrn.AL", 4);

---- Lines aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256 removed from prefs.js ----
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.aa69a8c34f1034384bb0361e6f2997d075273998bc268422
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.aa69a8c34f1034384bb0361e6f2997d075273998bc268422
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.active", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.addressbar", "NA");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.addressbarenhanced", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncdb.was_copied", "true");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncdb_dbWasSet", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncinternaldb.was_copied", "true");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncinternaldb_dbWasSet", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.backgroundver", 1);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.certdomaininstaller", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.changeprevious", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.InstallationTime.value", "%221396637609%2
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.jw_token.expiration", "Fri Feb 01 2030 00
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.jw_token.value", "%22bbdb55a5-d391-a90e-6
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.description", "Feven Shopping Companion");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.domain", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.enablesearch", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.homepage", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.iframe", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.InstallationThankYouPage", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.InstallationTime", 1396637609);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.__defualt_browser__.value", "%22ff%22
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_bundledUrls.value
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_appVer.value", "14");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_nextCheck.expiration", "Tue
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_remote_resources.expiration
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.lastDailyReport", "1396987873644");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.lastUpdate", "1396987873444");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.manifesturl", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.name", "Freeven Pro 1.4");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.newtab", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.opensearch", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.pluginsurl", "http://js.clientdataservice.com/pl
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.pluginsversion", 10);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.publisher", "Freeven");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.searchstatus", 0);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.setnewtab", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.thankyou", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.updateinterval", 360);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.ver", 14);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.apps", "54256");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.bic", "1453f38691eb876daeec6e425e330cbc");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.cid", 54256);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.FilesValidatorDueTime", "1396961680265");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.firstrun", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.hadappinstalled", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.installationdate", 1396925033);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.modetype", "production");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.reportInstall", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.statsDailyCounter", 3);
---- Lines aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246 removed from prefs.js ----
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.active", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.addressbar", "NA");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.addressbarenhanced", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncdb.was_copied", "true");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncdb_dbWasSet", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncinternaldb.was_copied", "true");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncinternaldb_dbWasSet", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.backgroundver", 1);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.certdomaininstaller", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.changeprevious", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.cookie.InstallationTime.value", "%221396638131%2
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.description", "MediaPlayerEnhance Extension");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.domain", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.enablesearch", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.homepage", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.iframe", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.InstallationThankYouPage", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.InstallationTime", 1396638131);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.__defualt_browser__.value", "%22ff%22
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledUrls.value
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_appVer.value", "20");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_nextCheck.expiration", "Tue
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_remote_resources.expiration
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.lastDailyReport", "1396987873402");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.lastUpdate", "1396987872672");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.manifesturl", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.name", "MediaPlayerplus");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.newtab", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.opensearch", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.pluginsurl", "http://js.clientdataservice.com/pl
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.pluginsversion", 16);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.publisher", "Freeven");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.searchstatus", 0);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.setnewtab", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.thankyou", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.updateinterval", 360);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.ver", 20);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.apps", "54246");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.bic", "1454162782e9fad1ad6b9f8b3a2257f9");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.cid", 54246);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.FilesValidatorDueTime", "1396961680171");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.firstrun", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.hadappinstalled", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.installationdate", 1396961344);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.modetype", "production");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.reportInstall", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.statsDailyCounter", 2);
---- Lines quick_start removed from prefs.js ----
user_pref("extensions.quick_start.enable_search1", false);
user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
---- FireFox user.js and prefs.js backups ----

user_012015_2241_.backup
prefs_012015_2241_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml deleted
C:\PROGRA~2\Uninstaller deleted
C:\PROGRA~2\baidu deleted
C:\Users\Cassiano\AppData\Roaming\WB.CFG deleted
C:\Users\Cassiano\AppData\Roaming\cdr.ini deleted
C:\Users\Cassiano\AppData\Roaming\baidu deleted
C:\PROGRA~3\IePluginServices deleted
C:\PROGRA~3\Browser deleted
C:\PROGRA~3\Baidu deleted
C:\PROGRA~3\WindowsMangerProtect deleted
C:\END deleted
C:\windows\SysNative\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys deleted
C:\windows\SysNative\drivers\{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64.sys deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default\extensions\staged deleted
C:\Users\Cassiano\Desktop\Continue AutoGK (Auto Gordian Knot).lnk deleted
C:\Users\Cassiano\Desktop\Continue Skype.lnk deleted
C:\Users\Cassiano\Desktop\Continue WinRAR Installation.lnk deleted
"C:\PROGRA~3\lsRAqrc\info.dat" not deleted
"C:\PROGRA~3\lsRAqrc\xttLrjmO.dat" not deleted
"C:\PROGRA~3\lsRAqrc\xttLrjmO.exe" deleted
"C:\PROGRA~3\lsRAqrc\dat\BXmqpuMSIAl.dll" not deleted
"C:\PROGRA~3\lsRAqrc\dat\JGSLtwUnyEH.dll" not deleted
"C:\PROGRA~3\lsRAqrc\dat\MAuYRA.exe" not deleted
"C:\PROGRA~3\lsRAqrc\dat\MAuYRA.exe.config" not deleted
"C:\PROGRA~3\lsRAqrc\dat\yXVsbCFZR.exe" not deleted
"C:\PROGRA~3\lsRAqrc\dat\yXVsbCFZR.exe.config" not deleted
"C:\PROGRA~3\lsRAqrc" not deleted
"C:\PROGRA~3\lsRAqrc\dat" not deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\Cassiano\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2015-01-13 20:29:11 DCE9FD22B136C127C85F285E083B928B 65536 ----a-w- C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 20:29:10 1EB1C1E43C1901865C5AE34A9771C069 448792 ----a-w- C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 20:29:09 D9F17FC61102D89A67A2AA3DD21231F5 33584 ----a-w- C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 20:29:09 7C36A441C73F079781ABA8F3DAEDFB37 136296 ----a-w- C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 20:29:09 1F9C1925A85C6CC592C2FF612A610412 372408 ----a-w- C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 20:29:09 1275462A4337DBC5518859316BEF262C 413136 ----a-w- C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 20:29:08 BFFD9961B29DAB8084278DB2314D6027 33280 ----a-w- C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 20:29:08 B5867FF96CD0F7712CB4985EAC9F9147 370424 ----a-w- C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 20:29:08 7B2643AE85322EA168B0E760B73258FF 424544 ----a-w- C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 20:29:08 4B07B24705A9225EB565650569BDA26B 344536 ----a-w- C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-08 02:06:30 5C8874EE321F4623FFF7A1315039DDBC 77824 ----a-w- C:\WINDOWS\SysWOW64\fmcodec.DLL
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-01-13 20:29:11 FE11972797DED38CA55E88BD3579F6A2 360448 ----a-w- C:\WINDOWS\Sysnative\ncsi.dll
2015-01-13 20:29:11 E94EB2A95D7D016E119C4D6868788831 391680 ----a-w- C:\WINDOWS\Sysnative\nlasvc.dll
2015-01-13 20:29:11 6319232C1CE39AC35316CF51910EEEB5 86016 ----a-w- C:\WINDOWS\Sysnative\nlaapi.dll
2015-01-13 20:29:11 19424364D8C03B990C4281BE53963FD0 225280 ----a-w- C:\WINDOWS\Sysnative\profsvc.dll
2015-01-13 20:29:10 8EBC741DDE9409038262E2F317ED7CCE 535640 ----a-w- C:\WINDOWS\Sysnative\wer.dll
2015-01-13 20:29:10 29A888F3136B2643E22113B5422B46F9 87040 ----a-w- C:\WINDOWS\Sysnative\TSWbPrxy.exe
2015-01-13 20:29:09 A41B72F81B389786805CC4D5767B5FBC 531616 ----a-w- C:\WINDOWS\Sysnative\ci.dll
2015-01-13 20:29:09 9404704666256045F5BA9B290953B4D0 38264 ----a-w- C:\WINDOWS\Sysnative\WerFaultSecure.exe
2015-01-13 20:29:09 8779FDAE68BC948B0FE152E758CC8DA7 229888 ----a-w- C:\WINDOWS\Sysnative\AudioEndpointBuilder.dll
2015-01-13 20:29:09 6DCD12586353DC6307AC781045CA13A4 465320 ----a-w- C:\WINDOWS\Sysnative\WerFault.exe
2015-01-13 20:29:09 41C501FD9D42F3F04A8532C73E09F356 108944 ----a-w- C:\WINDOWS\Sysnative\EncDump.dll
2015-01-13 20:29:09 2C354FA91EF605007FD11BB89EED2266 413248 ----a-w- C:\WINDOWS\Sysnative\Faultrep.dll
2015-01-13 20:29:08 E24D3259769A0218FE19BB306821C2E5 394120 ----a-w- C:\WINDOWS\Sysnative\AUDIOKSE.dll
2015-01-13 20:29:08 D1E3B8D9130C70F6A3D4FDB52373FF34 37888 ----a-w- C:\WINDOWS\Sysnative\werdiagcontroller.dll
2015-01-13 20:29:08 770BAA636F3B61DA7E414421444F84FD 272248 ----a-w- C:\WINDOWS\Sysnative\audiodg.exe
2015-01-13 20:29:08 6F237EE5DDA34EAF3D9C79D4A283E250 482872 ----a-w- C:\WINDOWS\Sysnative\AudioEng.dll
2015-01-13 20:29:08 61EA45A645854FE81D8A924E2D93DFFE 911360 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll
2015-01-13 20:29:08 428F083690D7AAA012338FD5A0663EE3 500016 ----a-w- C:\WINDOWS\Sysnative\AudioSes.dll
2015-01-13 20:29:08 0BCDEB035B9346D3C3C6C8BB1AA7F38C 139984 ----a-w- C:\WINDOWS\Sysnative\wermgr.exe
====== C:\WINDOWS\Sysnative\drivers =====
2015-01-13 20:29:11 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys
2015-01-13 20:29:10 F0CB6DB513CAC393D04A0FCE0A59E1BF 75776 ----a-w- C:\WINDOWS\Sysnative\drivers\ahcache.sys
====== C:\WINDOWS\Tasks ======
2015-01-08 02:09:19 8BEE1B96B1313E50BCC4F9AD5DC960A0 3106 ----a-w- C:\WINDOWS\Sysnative\Tasks\{60BF975B-342F-49FC-9E71-D8A2221563C1}
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Cassiano\AppData\Roaming ======
2015-01-16 00:24:12 -------- d-----w- C:\Users\Cassiano\AppData\Local\Temp
2015-01-15 03:19:04 -------- d-----w- C:\Users\Cassiano\AppData\Local\StormAlert
2015-01-08 02:06:56 -------- d-----w- C:\Users\Cassiano\AppData\Local\Comodo
====== C:\Users\Cassiano ======
2015-01-12 01:16:05 A88EC2A33D59251C4FB9508BE4831F38 6868593 ----a-w- C:\Users\Cassiano\Downloads\ZHPDiag2 (1).exe
2015-01-11 03:36:28 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\Cassiano\Downloads\revo-uninstaller-1-95-32-bits [1].exe
2015-01-11 03:35:41 F8D8EDAA7993A6E92DAE346A081F034E 688617 ----a-w- C:\Users\Cassiano\Downloads\revo-uninstaller-1-95-32-bits.exe
2015-01-08 02:07:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-08 02:06:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-01-08 02:04:21 -------- d-----w- C:\Users\TODOSO~1\lsRAqrc
2015-01-08 02:04:21 -------- d-----w- C:\ProgramData\lsRAqrc
2015-01-08 02:04:14 -------- d-----w- C:\Users\TODOSO~1\StormAlert
2015-01-08 02:04:14 -------- d-----w- C:\ProgramData\StormAlert
2015-01-08 02:03:50 0FC5D0BD4E2F9A81B7561FAD16649217 17090512 ----a-w- C:\Users\Cassiano\Desktop\656-aTubeCatcher.exe
2015-01-08 02:03:08 BC987FBB7F2740509EE7A69C539C6281 569552 ----a-w- C:\Users\Cassiano\Downloads\aTube Catcher.exe
2014-12-27 18:38:17 A77C1B6C168C66DC30D017F505032F04 286 --sha-r- C:\Users\TODOSO~1\ntuser.pol
2014-12-27 18:38:17 A77C1B6C168C66DC30D017F505032F04 286 --sha-r- C:\ProgramData\ntuser.pol

====== C: exe-files ==
2015-01-15 03:18:45 8EB7FC1AC4F4ED35100E5F06AE0F669B 537464 ----a-w- C:\Users\Cassiano\AppData\Roaming\ZHP\Quarantine\stormalert.DIR\Uninstall.exe
2015-01-15 03:18:45 8EB7FC1AC4F4ED35100E5F06AE0F669B 537464 ----a-w- C:\Users\Cassiano\AppData\Roaming\ZHP\Quarantine\stormalert.DIR\StormAlert\Uninstall.exe
2015-01-13 23:01:24 0FADEC9ECEF2860536F9F107890021B5 50040 ----a-w- C:\Users\Todos os Usuários\lsRAqrc\dat\MAuYRA.exe
2015-01-13 23:01:24 0FADEC9ECEF2860536F9F107890021B5 50040 ----a-w- C:\ProgramData\lsRAqrc\dat\MAuYRA.exe
2015-01-13 23:01:23 73A980E615630B3F2D7C277AC8846B61 48504 ----a-w- C:\Users\Todos os Usuários\lsRAqrc\dat\yXVsbCFZR.exe
2015-01-13 23:01:23 73A980E615630B3F2D7C277AC8846B61 48504 ----a-w- C:\ProgramData\lsRAqrc\dat\yXVsbCFZR.exe
2015-01-13 20:29:10 29A888F3136B2643E22113B5422B46F9 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-13 20:29:09 D9F17FC61102D89A67A2AA3DD21231F5 33584 ----a-w- C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-13 20:29:09 9404704666256045F5BA9B290953B4D0 38264 ----a-w- C:\Windows\System32\WerFaultSecure.exe
2015-01-13 20:29:09 7C36A441C73F079781ABA8F3DAEDFB37 136296 ----a-w- C:\Windows\SysWOW64\wermgr.exe
2015-01-13 20:29:09 6DCD12586353DC6307AC781045CA13A4 465320 ----a-w- C:\Windows\System32\WerFault.exe
2015-01-13 20:29:09 1275462A4337DBC5518859316BEF262C 413136 ----a-w- C:\Windows\SysWOW64\WerFault.exe
2015-01-13 20:29:08 770BAA636F3B61DA7E414421444F84FD 272248 ----a-w- C:\Windows\System32\audiodg.exe
2015-01-13 20:29:08 0BCDEB035B9346D3C3C6C8BB1AA7F38C 139984 ----a-w- C:\Windows\System32\wermgr.exe
2015-01-12 01:16:05 A88EC2A33D59251C4FB9508BE4831F38 6868593 ----a-w- C:\Users\Cassiano\Downloads\ZHPDiag2 (1).exe
2015-01-11 03:36:28 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\Cassiano\Downloads\revo-uninstaller-1-95-32-bits [1].exe
2015-01-11 03:35:41 F8D8EDAA7993A6E92DAE346A081F034E 688617 ----a-w- C:\Users\Cassiano\Downloads\revo-uninstaller-1-95-32-bits.exe
=== C: other files ==
2015-01-13 20:29:11 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-13 20:29:10 F0CB6DB513CAC393D04A0FCE0A59E1BF 75776 ----a-w- C:\Windows\System32\drivers\ahcache.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_VIVO INTERNET"="D:\Cassiano\VIVO INTERNET\UpdateDog\ouc.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouCam Tray"="C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe /s"
"UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0"
"RemoteControl10"="C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
"Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_VIVO INTERNET"="D:\Cassiano\VIVO INTERNET\UpdateDog\ouc.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtsFT"="RTFTrack.exe"
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SACpl.exe /t"
"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp"
"Energy Management"="C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"EnergyUtility"="C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/01/2015 19:07]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/04/2014 17:59]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/04/2014 17:59]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\Dolby Selector" [C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{742F6630-E6FB-4F9B-BF75-3F8AE5886FD4}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program" ["%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Solution Center Launcher" [%programfiles%\lenovo\lenovo solution center\App\LSCService.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCHardwareScan" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCHardwareScanPostpone" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCTaskService" [C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default
user_pref("browser.search.defaultenginename", "Web");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [28/04/2014 00:22]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Cassiano\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default
2BC6A052D9B153F6DC2F0E420FB4F407 - C:\Users\Cassiano\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player


==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Possible outdated, latest Stable version: 39.0.2171.99)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[28/04/2014 00:22]
oilkkkefbalmbfppgjmgjoefbclebkce - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Cassiano\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[]
oilkkkefbalmbfppgjmgjoefbclebkce - No path found[]

Ask Toolbar - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
Comodo Drag&Drop Service - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
PrivDog - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Comodo Media Downloader - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
Comodo Share Page Service - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf
Google Wallet - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Vosteran New Tab - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Gmail - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_imoveis.trovit.com.br_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_imoveis.trovit.com.br_0.localstorage-journal deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oilkkkefbalmbfppgjmgjoefbclebkce_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko deleted successfully
C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"
"Search Page"="http://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://isearch.omiga-plus.com/web/?type=ds&ts=1405075745&from=smt&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD546806&q={searchTerms}"
"Start Page"="http://br.hao123.com/?tn=incore_pay_hp_ex01_hao123_br"
"Search Page"="http://isearch.omiga-plus.com/web/?type=ds&ts=1405075745&from=smt&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD546806&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://isearch.omiga-plus.com/web/?type=ds&ts=1405075745&from=smt&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD546806&q={searchTerms}"
"Start Page"="http://br.hao123.com/?tn=incore_pay_hp_ex01_hao123_br"
"Search Page"="http://isearch.omiga-plus.com/web/?type=ds&ts=1405075745&from=smt&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD546806&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nnjbodopomfddehlalfilheomcahbpei deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cassiano\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cassiano\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cassiano\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Cassiano\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Cassiano\AppData\Local\Mozilla\Firefox\Profiles\mhzxax0o.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=951 folders=213 115317484 bytes)

==== Empty Temp Folders ======================

C:\Users\Cassiano\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Cassiano\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\lsRAqrc\info.dat"  not found
"C:\PROGRA~3\lsRAqrc\xttLrjmO.dat"  not found
"C:\PROGRA~3\lsRAqrc\dat\BXmqpuMSIAl.dll"  not found
"C:\PROGRA~3\lsRAqrc\dat\JGSLtwUnyEH.dll"  not found
"C:\PROGRA~3\lsRAqrc\dat\MAuYRA.exe"  not found
"C:\PROGRA~3\lsRAqrc\dat\MAuYRA.exe.config"  not found
"C:\PROGRA~3\lsRAqrc\dat\yXVsbCFZR.exe"  not found
"C:\PROGRA~3\lsRAqrc\dat\yXVsbCFZR.exe.config"  not found
"C:\PROGRA~3\lsRAqrc"  not found

==== EOF on 15/01/2015 at 22:50:45,06 ======================
avatar
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por joram em Qui 15 Jan 2015, 23:09

/!\ Boa Noite! Cassiano1110 /!\

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... de Nicolas Coolman )

> Estando na página,clique [Você precisa estar registrado e conectado para ver esta imagem.]
> Salve-a no desktop!
> Execute-a e ao abrir,clique "J'accept/I Agree".

[Você precisa estar registrado e conectado para ver esta imagem.]

> Para correções mais abrangentes,marque todas as opções disponíveis.
> Clique Réparer.
> Clique Rapport.
> Poste o relatório!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3724
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por Cassiano1110 em Sex 16 Jan 2015, 23:29

Olá Joram.

Segue relatório

~ ZHPCleaner v2015.1.16.23 by Nicolas Coolman (16/01/2015)
~ Run by Cassiano (Administrator) (16/01/2015 23:23:40)
~ Forum : [Você precisa estar registrado e conectado para ver este link.]
~ Facebook : [Você precisa estar registrado e conectado para ver este link.]
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Cassiano\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Cassiano\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 81, 64-bit (Build 9600)


---\\ Services (0)
~ No malicious items found.


---\\ Browser internet (1)
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL ( [Você precisa estar registrado e conectado para ver este link.] )


---\\ Hosts file (2)
REPLACED:
Number of found redirections 1/20


---\\ Scheduled automatic tasks. (0)
~ No malicious items found.


---\\ Explorer ( File, Folder) (24)
MOVED file: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (PUP.EnigmaSoftware)
MOVED folder: C:\Program Files\Enigma Software Group\SpyHunter (PUP.EnigmaSoftware)
MOVED folder: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)
MOVED file: C:\ProgramData\StormAlert\data.dat (Adware.StormAlert)
MOVED file: C:\ProgramData\StormAlert\StormAlert.ico (Adware.StormAlert)
MOVED file: C:\ProgramData\StormAlert\Uninstall.exe (Adware.StormAlert)
MOVED folder: C:\ProgramData\StormAlert (Adware.StormAlert)
MOVED file: C:\Users\Cassiano\AppData\Local\StormAlert\data2.dat (Adware.StormAlert)
MOVED folder: C:\Users\Cassiano\AppData\Local\StormAlert (Adware.StormAlert)
MOVED file: C:\WINDOWS\Prefetch\GAMESDESKTOP-BRINSTALLER.TMP-94A1462F.pf (Adware.GamesDesktop)
MOVED file: C:\WINDOWS\Prefetch\PREDM.TMP-EC95B3E2.pf (Adware.Downware)
MOVED file: C:\WINDOWS\Prefetch\SPYHUNTER-INSTALLER.EXE-520FB439.pf (Crapware.SpyHunter)
MOVED file: C:\WINDOWS\Prefetch\SPYHUNTER4.EXE-1B0A567E.pf (Crapware.SpyHunter)
MOVED file: C:\WINDOWS\Prefetch\VOPACKAGE.EXE-22CF2662.pf (Adware.Downware)
MOVED file: C:\WINDOWS\Prefetch\VOPACKAGE.EXE-8F899393.pf (Adware.Downware)
MOVED file: C:\WINDOWS\Prefetch\VOSTERAN.EXE-43362C73.pf (PUP.Vosteran)
MOVED file: C:\WINDOWS\Installer\304d80dc.msi [Enigma Software Group USA, LLC - Windows Installer Editor Standalone] (PUP.EnigmaSoftware)
MOVED file: C:\WINDOWS\Installer\e35a0a.msi [PriceMeter - Windows Installer XML (3.5.2519.0)] (PUP.PriceMeter)
MOVED file: C:\Users\Cassiano\Downloads\SpyHunter-Installer (1).exe [Enigma Software Group USA, LLC. - SpyHunter Downloader] (Crapware.SpyHunter)
MOVED file: C:\Users\Cassiano\Downloads\SpyHunter-Installer.exe [Enigma Software Group USA, LLC. - SpyHunter Downloader] (Crapware.SpyHunter)
MOVED file*: C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
MOVED file*: C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)
MOVED file*: C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_serviceama-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
MOVED file*: C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_serviceama-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)


---\\ Registry ( Key, Value, Data) (25)
DELETED key: [X64] HKLM\SYSTEM\CurrentControlSet\Services\esgiguard [C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys] (PUP.EnigmaSoftware)
DELETED key: [X64] HKLM\SYSTEM\CurrentControlSet\Services\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64 [C:\WINDOWS\System32\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys] (PUP.LinkiDoo)
DELETED key: [X64] HKLM\SYSTEM\CurrentControlSet\Services\{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64 [C:\WINDOWS\System32\drivers\{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64.sys] (PUP.LinkiDoo)
DELETED data: HKCR\SparkSafeHTML\Shell\Open\Command\\Default [Bad : ] (Broken.OpenCommand)
DELETED key: HKCR\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} [IMdt] (Adware.IMBooster)
DELETED key: HKCR\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} [IManager] (Adware.IMBooster)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\portaldosites.com [] (Hijacker.PortaldoSites)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Você precisa estar registrado e conectado para ver este link.] [] (Hijacker.PortaldoSites)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com [] (Hijacker.WebsSearches)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com [] (PUP.MySearchDial)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com [] (Hijacker.PortaldoSites)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com [] (PUP.SpecialSavings)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wajam.com [] (PUP.Wajam)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com [] (Hijacker.WebsSearches)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Você precisa estar registrado e conectado para ver este link.] [] (Hijacker.PortaldoSites)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Você precisa estar registrado e conectado para ver este link.] [] (PUP.SpecialSavings)
DELETED key: [X64] HKLM\SOFTWARE\EnigmaSoftwareGroup [] (PUP.EnigmaSoftware)
DELETED key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05} [SpyHunter] (Crapware.SpyHunter)
DELETED key: HKLM\SOFTWARE\Wow6432Node\GAMESDESKTOP [] (Adware.GamesDesktop)
DELETED key: HKLM\SOFTWARE\Wow6432Node\MediaPlayerplus [] (PUP.CrossRider)
DELETED key: HKLM\SOFTWARE\Wow6432Node\omiga-plusSoftware [] (Hijacker.OmigaPlus)
DELETED key: HKLM\SOFTWARE\Wow6432Node\supTab [] (PUP.SupTab)
DELETED key: HKLM\SOFTWARE\Wow6432Node\supWindowsMangerProtect [] (PUP.Fuyu)
DELETED key: HKLM\SOFTWARE\Wow6432Node\supWPM [] (PUP.WpManager)
DELETED key: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StormAlert [Rational Thought Solutions] (Adware.StormAlert)



---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
~ Repair canceled by the user (Google Chrome)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 74491
~ Items found : 1
~ Items repaired : 50


End of clean at 23:27:58
===================
ZHPCleaner-[R]-16012015-23_27_58.txt
avatar
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por joram em Sex 16 Jan 2015, 23:51

/!\ Boa Noite! Cassiano1110 /!\

[Você precisa estar registrado e conectado para ver esta imagem.]

> Abra a ferramenta AdwCleaner ,caso a possua,e clique em "Desinstalar".
> Confirme a solicitação!

> Baixe: < Malwarebytes >

> Instale o antimalware,com duplo-clique em seu executável! ( mbam-setup.exe )

[Você precisa estar registrado e conectado para ver esta imagem.] 

> Desmarque a caixa: "Ativar trial gratuito do Malwarebytes Anti-Malware PRO"
> Marque as checkbox:

<1> Atualizar Malwarebytes Anti-Malware
<2> Executar Malwarebytes Anti-Malware

> Clique em "Concluir".
> Caso haja atualizações,elas serão baixadas e instaladas.
> Clique em "Settings" e no campo Language,coloque: Portuguese (Brasil)
> Clique em "Detecção e proteção".

> Marque: Verificar por Rootkits

> Em "Detecções PUP",selecione: Tratar detecções como malware

> Clique em Verificar >> Verificar ameaça.
> Clique em "Verificar agora".
> Aguarde a conclusão do scan!
> Caso haja detecções,clique no botão "Mover todos para a Quarentena".
> Clique em "Aplicar ações".
> Ao concluir,aceite a solicitação ao reboot,que pode ocorrer 2 vezes.
> Poste o relatório! ( Aba Histórico >> Logs de aplicativos )
> Ps: Utilize o formato ".txt" para exportar o relatório.

A+
avatar
joram
Administrador
Administrador

Mensagens : 3724
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por Cassiano1110 em Dom 18 Jan 2015, 17:51

Olá Joram, segue relatório:

Malwarebytes Anti-Malware
[Você precisa estar registrado e conectado para ver este link.]

Data da Verificação: 18/01/2015
Hora da Verificação: 17:16:08
Arquivo de Log: Verificação 1.txt
Administrador: Sim

Versão: 2.00.4.1028
Base de Dados de Malware: v2015.01.18.07
Base de Dados de Rootkit: v2015.01.14.01
Licença: Avaliação Gratuita
Proteção de Malware: Habilitado
Proteção de Site Malicioso: Habilitado
Auto-Proteção: Desabilitado

SO: Windows 8.1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Cassiano

Tipo da Verificação: Verificar Ameaça
Resultado: Terminado
Objetos Verificados: 360388
Tempo Decorrido: 14 min, 37 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de Registro: 94
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarentena, [bb9653a4820793a3335cfef3e919c040],
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarentena, [bb9653a4820793a3335cfef3e919c040],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarentena, [302194637811a6907ee07e7345bda15f],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarentena, [302194637811a6907ee07e7345bda15f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9, Quarentena, [015020d7c6c3c3737de5f1b9f013d32d],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine, Quarentena, [5df47d7ab8d14ee8f270b5f5d03307f9],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0, Quarentena, [5cf57681dfaa58dedb872b7fba4924dc],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3, Quarentena, [0c456493771225114f1289217a89aa56],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync, Quarentena, [5af79b5c9fea38fe253d1b8f8f74966a],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0, Quarentena, [430e1bdc404944f2530f7a30eb18758b],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass, Quarentena, [5bf60ee99aef63d3cb97e9c115ee30d0],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1, Quarentena, [0d445c9b4049132352109a1041c24eb2],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass, Quarentena, [c190e2150287c76fe181565449bac040],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1, Quarentena, [f45d30c7602989add0925357fa094cb4],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine, Quarentena, [84cd886f078246f085dd07a324df5aa6],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0, Quarentena, [4b06ef08cdbcba7cec768a20ca39c040],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine, Quarentena, [7ad7c2353f4a1224362c119970931fe1],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0, Quarentena, [71e004f34940082e174bb7f3be45e11f],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback, Quarentena, [7bd637c0236655e1ef732189c1420bf5],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, Quarentena, [df729a5d5a2f5bdb263cabff5da628d8],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc, Quarentena, [b49dc235a6e373c31d45ffab14efc23e],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0, Quarentena, [4b0602f58cfd0333283a74365da6926e],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher, Quarentena, [242df1061e6b89add48ee3c77a89d52b],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0, Quarentena, [4110be39e1a893a378eaa9015ea5fc04],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService, Quarentena, [69e86d8a8bfe61d568fa1793748f0af6],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0, Quarentena, [83ce13e4f990181ea3bf6d3da063a957],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine, Quarentena, [e36edc1b4c3da59140222a80bb48c33d],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0, Quarentena, [8ec33dba61283cfad290c6e4cd36768a],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback, Quarentena, [0d4441b65633ea4c30323476a36008f8],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0, Quarentena, [044dc7300b7e330376ec2f7b19ea7d83],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc, Quarentena, [f160e21590f97fb7471bf3b7be454bb5],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0, Quarentena, [20311bdc3554c47261016149cf3435cb],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\APPID\PriceMeterLiveUpdate.exe, Quarentena, [f45dfcfbafda76c0616fb6bd2fd4bf41],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\PriceMeterLiveUpdate, Quarentena, [f45d2acdc6c3f343a82dd89b71921be5],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9, Quarentena, [2f229c5bbbce86b0f66c5a508c7714ec],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine, Quarentena, [c0914fa8008985b1075b892145be4fb1],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0, Quarentena, [3021fafd67222412e37f109afa096a96],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3, Quarentena, [153c35c2484176c03a27abffd72c748c],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync, Quarentena, [aba6ed0afb8ecf677ee4aefc010237c9],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0, Quarentena, [aba6e6116b1ecb6bb0b211999b682fd1],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass, Quarentena, [4e039d5a4d3ca19550125b4f679c02fe],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1, Quarentena, [75dc60976e1b51e5d9897e2cb152b848],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass, Quarentena, [e1701fd80d7c221477eb4f5bc93a53ad],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1, Quarentena, [18399463e8a153e3471bf7b32fd452ae],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine, Quarentena, [4e036c8b0d7c0b2b80e204a6986b13ed],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0, Quarentena, [024fef0872173501ef73e5c5a55ecf31],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine, Quarentena, [173a27d0791055e12f33d4d6f112dd23],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0, Quarentena, [95bcb443494079bde77b6842ba491de3],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback, Quarentena, [f95876814a3f80b6fd65d3d7e51eb44c],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, Quarentena, [d978c037f891eb4b3230703a7e85b44c],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc, Quarentena, [381936c1c2c7d5611a48a109ef148878],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0, Quarentena, [50012acd147573c3d48ed3d78c778e72],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher, Quarentena, [2130e90ed5b4ed49dd859c0e1ce7a15f],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0, Quarentena, [63ee6c8b4d3cd066144e82286d96a55b],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService, Quarentena, [401182752e5bd462d092c7e31ae93cc4],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0, Quarentena, [9db4f6016c1dd363362cd0daa45fe61a],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine, Quarentena, [d08109ee7d0c1323b1b10c9e22e1f60a],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0, Quarentena, [0a47e5129eebab8b9fc3268409fa7987],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback, Quarentena, [c58c49aee0a9003620423d6d2bd8857b],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0, Quarentena, [6de495629ceddd5967fbf2b88380cd33],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc, Quarentena, [e76a7b7c59302d09fc66367448bbc739],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0, Quarentena, [61f0a94e7f0a2c0a94cef5b58e75fa06],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\PriceMeterLiveUpdate.exe, Quarentena, [82cf45b2563381b57b55343f5da66997],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, Quarentena, [92bf33c44e3b280e694b2059d231b050],
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Freeven Pro 1.4, Quarentena, [99b8fef94e3bc571a5a7f3a536cd30d0],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, Quarentena, [e46de611dcad66d09a75ddcdd42f60a0],

Valores de Registro: 2
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarentena, [f45db3446e1b7db91b9b17e033d1ca36]
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_br_65, Quarentena, [59f83dba6029181e558f2d49cb38b44c],

Dados de Registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 5
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, Quarentena, [2f228176a8e139fd0ace9e9f5aa63bc5],
PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarentena, [e071ac4b2e5b3cfa32ecfc6617ee57a9],
PUP.Optional.Bundler, C:\Users\Cassiano\Downloads\aTube Catcher.exe, Quarentena, [312017e0b2d71125d80d18ec9471a55b],
PUP.Optional.Solimba, C:\Users\Cassiano\Downloads\AutoGK (Auto Gordian Knot).exe, Quarentena, [72df7681ea9f82b49bfc4496758c3ec2],
PUP.Optional.FriedCookie, C:\Users\Cassiano\Downloads\winamp-full-5-666-build-3516-32-bits.exe, Quarentena, [a3ae867199f0300657cc52344fb68d73],

Setores Físicos: 0
(Nenhum item malicioso detectado)


(end)
avatar
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por joram em Dom 18 Jan 2015, 18:01

/!\ Boa Tarde! Cassiano1110 /!\

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... par Xplode )
>
> Ou daqui: < AdwCleaner >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!

< [Você precisa estar registrado e conectado para ver esta imagem.] >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Ps: Dê início ao scan,clicando em "Examinar". 

[Você precisa estar registrado e conectado para ver esta imagem.]

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt > 

A+
avatar
joram
Administrador
Administrador

Mensagens : 3724
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por Cassiano1110 em Seg 19 Jan 2015, 00:32

Olá Joram, segue anexo:

# AdwCleaner v4.108 - Relatório criado 19/01/2015 às 00:29:37
# Atualizado 17/01/2015 por Xplode
# Database : 2015-01-18.1 [Live]
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : Cassiano - ISABELA
# Executando de : C:\Users\Cassiano\Downloads\adwcleaner_4.108.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Arquivo Deletada : C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default\user.js

***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{126C78A0-36E7-4697-A3AB-32706144398B}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00A154AE-6C33-4F1E-9057-242350540936}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9D24562E-40EC-4E46-B57C-700352059B55}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CF0A778A-DDA0-4492-9804-EF38C9A9F1A5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D1C6444C-CC06-4060-A486-736DEAFD9C16}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\Web
Chave Deletedo : HKCU\Software\Baidu
Chave Deletedo : HKLM\SOFTWARE\Baidu
Chave Deletedo : HKLM\SOFTWARE\Taronja
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v32.0.3 (x86 pt-BR)


-\\ Google Chrome v39.0.2171.99

[C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
[C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]

-\\ Comodo Dragon v

[C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
[C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
[C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deletedo [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deletedo [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko

*************************

AdwCleaner[R0].txt - [6968 octets] - [19/01/2015 00:26:21]
AdwCleaner[S0].txt - [6947 octets] - [19/01/2015 00:29:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7007 octets] ##########
avatar
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por joram em Seg 19 Jan 2015, 08:38

/!\ Bom Dia! Cassiano1110 /!\

> Muitos PUPs foram detectados pelo Malwarebytes,onde implica o seguimento com o scan em Eset,que é ótima na remoção desses PUPs.
> Mas...antes de sua aplicação,vamos remover a ferramenta AdwCleaner para evitar que sua quarentena seja detectada por Eset.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Abra a ferramenta AdwCleaner e clique em "Desinstalar".
> Confirme a solicitação!

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] >

> Salve-o no desktop!
> Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe <<
> Aceite o contrato e marque: "YES, I accept the Terms of Use"
> Clique: "Start"

[Você precisa estar registrado e conectado para ver esta imagem.]


> Em "Computer scan settings",marque:

<*> Enable detection of potentially unwanted applications

> Em "Hide advanced settings",marque:

<1> Scan archives
<2> Scan for potentially unsafe applications
<3> Enable Anti-Stealth technology
<4> Remove found threats

> Clique em "Advanced settings".
> Clique "Change" e marque a caixa "Computador".
> Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )
> Ao concluir,clique em "List of found threats".
> Clique em "Export to text file" e salve o relatório no desktop.
> Clique "Back" >> "Finish".
> Poste o relatório!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3724
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por Cassiano1110 em Sex 23 Jan 2015, 00:37

Olá Joram, segue o relatório:

C:\FRST\Quarantine\C\Program Files (x86)\MediaPlayerplus\54246.crx JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\MediaPlayerplus\54246.xpi JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Program Files\AVAST Software\Avast\aswRec.dll a variant of Win32/OpenCandy.C potentially unsafe application unable to clean
C:\Users\Cassiano\AppData\Roaming\ZHP\Quarantine\Freeven Pro 1.4.DIR\54256.crx JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Cassiano\AppData\Roaming\ZHP\Quarantine\Freeven Pro 1.4.DIR\54256.xpi JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Cassiano\Desktop\656-aTubeCatcher.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\zoek_backup\C_Users_Cassiano_AppData_Local_Comodo_Dragon_User Data_Default_Extensions_aaaalipaokhkccgmgkdglfinfnfhflko\30.10_0\background\ChromeUtilPlugin.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
avatar
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por joram em Sex 23 Jan 2015, 01:24

/!\ Bom Dia! Cassiano1110 /!\

> As detecções não foram relevantes,já que em sua maioria atingiram as quarentenas de 2 ferramentas.
>
> Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... de Xplode )

[Você precisa estar registrado e conectado para ver esta imagem.]

> Estando na página,clique em Download Now
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema

> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!

> Caso queira,otimize seu computador com o Toolwiz Care.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Estando na página clique em "Download@MajorGeeks" <<
> Salve-o em diretório adequado! ( Desktop )
> Instale-o e,à seguir,busque executar suas funções que irão promover a aceleração do computador.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Clique no menu "Analisar" >> Examinar << Aguarde!
> Ao concluir o scan,clique em "Corrigir".
> Posteriormente,acesse o menu "Acelerar"

[Você precisa estar registrado e conectado para ver esta imagem.]

> Estando na função "Acelerar",clique na guia "Otimizador do sistema".
> À seguir,clique em "Otimizar".
> Aguarde a conclusão,onde todos os ítens devem apresentar o status "Reparado".
> Tudo Ok?

A+
avatar
joram
Administrador
Administrador

Mensagens : 3724
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por Cassiano1110 em Dom 25 Jan 2015, 13:05

Tudo Ok, Joram.

Muito obrigado pela sua ajuda e parabéns ao trabalho prestado por você e sua equipe.

Abraços
avatar
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por joram em Dom 25 Jan 2015, 13:23

Caso Resolvido

Necessitando nova verificação para este computador,basta abrir "Novo Tópico" e relatar o problema.

_________________
Fórum PC Brasil >> O que há de melhor,para desinfectar seu computador!
Fórum SecSecurity >> Não deixem de conhecer!
Fórum iMasters >> Tradição em informática!
avatar
joram
Administrador
Administrador

Mensagens : 3724
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: Como remover o Storm Alert

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum