Computador com problema

por Daniarruda Qui 15 Jan 2015, 12:39

Boa tarde pessoal.
O computador do meu irmão vive com problemas, alguma coisa ou outra eu consigo identificar como malware (vejo por exemplo inumeras toolbars e anuncios..)
Segue o log do scanneamento-

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:29, on 15/01/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Users\fermando\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\ProgramData\tABsWRcEryW.exe
C:\Program Files (x86)\PDF Architect 2\PDF Architect 2.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\fermando\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [LightShot] C:\Users\fermando\AppData\Local\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\fermando\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DTlite] "C:\ProgramData\tABsWRcEryW.exe"
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PDF Architect 2 - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 2\ws.exe
O23 - Service: pdfforge CrashHandler - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdate) (pricemeterliveUpdate) - PriceMeter - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdatem) (pricemeterliveUpdatem) - PriceMeter - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Framed Display - Unknown owner - C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe (file missing)
O23 - Service: Update webget - Unknown owner - C:\Program Files (x86)\webget\updatewebget.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12582 bytes

por **caedurodrigues** Qui 15 Jan 2015, 12:46

Boa tarde Daniarruda,

Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...par Xplode)
Ou aqui >>[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]<<
Salve-a na sua Desktop (área de trabalho).
Feche todos os programas e navegadores de internet abertos.
Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique em Examinar, para iniciar o escaneamento!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Ao término, clique em limpar
Copie o log ou clique "Relatório".
Poste: >>C:\AdwCleaner\AdwCleaner [S0].txt<<

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Oleg N. Scherbakov)>
Salve-o no desktop!
Desabilite seu antivírus!
Para Windows 7, clique direito em JRT.exe e execute-o como [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Aguarde a conclusão e poste o relatório. ( JRT.txt )

Um grande abraço. Computador com problema 648673379

por Daniarruda Qui 15 Jan 2015, 13:05

eu passei o Adwcleaner.
Tenho que passar o JRT também?

Segue o log gerado pelo Adwcleaner -

# AdwCleaner v4.107 - Relatório criado 15/01/2015 às 12:59:34
# Atualizado 07/01/2015 por Xplode
# Database : 2015-01-13.2 [Live]
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : fermando - FERMANDO-PC
# Executando de : C:\Users\fermando\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : APNMCP
[#] Serviço Deletada : pricemeterliveUpdate
[#] Serviço Deletada : pricemeterliveUpdatem
[#] Serviço Deletada : qknfd
[#] Serviço Deletada : Update webget
[#] Serviço Deletada : Update Framed Display
Serviço Deletada : {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64
Serviço Deletada : {a3f28269-ad17-41a8-b032-3e0313ef8979}w64

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\AskPartnerNetwork
Pasta Deletada : C:\ProgramData\baidu
[!] Pasta Deletada : C:\ProgramData\PriceMeterLiveUpdate
Pasta Deletada : C:\ProgramData\Systweak
Pasta Deletada : C:\Program Files (x86)\AskPartnerNetwork
Pasta Deletada : C:\Program Files (x86)\baidu
Pasta Deletada : C:\Program Files (x86)\Mobogenie
Pasta Deletada : C:\Program Files (x86)\predm
[!] Pasta Deletada : C:\Program Files (x86)\PriceMeterLiveUpdate
Pasta Deletada : C:\Program Files (x86)\Speedial
Pasta Deletada : C:\Users\fermando\AppData\Local\Temp\apn
Pasta Deletada : C:\Users\fermando\AppData\Local\Temp\baidu
Pasta Deletada : C:\Users\fermando\AppData\Local\Temp\Greener Web
Pasta Deletada : C:\Users\fermando\AppData\Local\Temp\webget
Pasta Deletada : C:\Users\fermando\AppData\Local\Temp\Framed Display
Pasta Deletada : C:\Users\fermando\AppData\Local\AskPartnerNetwork
Pasta Deletada : C:\Users\fermando\AppData\Local\Gameo
Pasta Deletada : C:\Users\fermando\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\fermando\AppData\Local\PriceMeterLiveUpdate
Pasta Deletada : C:\Users\fermando\AppData\Roaming\1H1Q
Pasta Deletada : C:\Users\fermando\AppData\Roaming\AppCloudUpdater
Pasta Deletada : C:\Users\fermando\AppData\Roaming\baidu
Pasta Deletada : C:\Users\fermando\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\fermando\AppData\Roaming\pdfforge
Pasta Deletada : C:\Users\fermando\AppData\Roaming\PriceMeterUpdater
Pasta Deletada : C:\Users\fermando\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\fermando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Pasta Deletada : C:\Users\fermando\Documents\Mobogenie
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
Arquivo Deletada : C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w64.sys
Arquivo Deletada : C:\Users\fermando\daemonprocess.txt
Arquivo Deletada : C:\Users\fermando\AppData\Roaming\Mozilla\Firefox\Profiles\9al6ip8u.default\searchplugins\Ask.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
Arquivo Deletada : C:\Users\fermando\AppData\Roaming\Mozilla\Firefox\Profiles\9al6ip8u.default\searchplugins\bingp.xml
Arquivo Deletada : C:\Users\fermando\AppData\Roaming\Mozilla\Firefox\Profiles\9al6ip8u.default\searchplugins\Speedial.xml
Arquivo Deletada : C:\Users\fermando\AppData\Roaming\Mozilla\Firefox\Profiles\9al6ip8u.default\searchplugins\Web Search.xml
Arquivo Deletada : C:\Users\fermando\AppData\Roaming\Mozilla\Firefox\Profiles\9al6ip8u.default\user.js
Arquivo Deletada : C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Arquivo Deletada : C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Arquivo Deletada : C:\Users\fermando\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\fermando\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tarefas ] *****

Tarefa Deletedo : AppCloudUpdater
Tarefa Deletedo : ASP
Tarefa Deletedo : pricemeterdownloader
Tarefa Deletedo : PriceMeterLiveUpdateUpdateTaskMachineCore
Tarefa Deletedo : PriceMeterLiveUpdateUpdateTaskMachineUA
Tarefa Deletedo : PriceMeterUpdater
Tarefa Deletedo : update-sys
Tarefa Deletedo : DriverEasy Scheduled Scan
Tarefa Deletedo : update-S-1-5-21-3896181395-4071897127-3457657136-1000

***** [ Atalhos ] *****

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quiknowledge@quiknowledge.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahaeginbdcckocjkhbciadcafnep
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahaeginbdcckocjkhbciadcafnep
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca
Chave Deletedo : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\PriceMeterLiveUpdate.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Lightshot]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{126C78A0-36E7-4697-A3AB-32706144398B}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00A154AE-6C33-4F1E-9057-242350540936}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9D24562E-40EC-4E46-B57C-700352059B55}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CF0A778A-DDA0-4492-9804-EF38C9A9F1A5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D1C6444C-CC06-4060-A486-736DEAFD9C16}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{3A1BEABE-0DC5-4615-8099-83973B843C06}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Chave Deletedo : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\Web
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Chave Deletedo : HKCU\Software\AppCloudUpdater
Chave Deletedo : HKCU\Software\AskPartnerNetwork
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\MyBestOffersToday
Chave Deletedo : HKCU\Software\PriceMeterLiveUpdate
Chave Deletedo : HKCU\Software\PriceMeterUpdater
Chave Deletedo : HKCU\Software\simplytech
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\WEDLMNGR
Chave Deletedo : HKCU\Software\gameo
Chave Deletedo : HKCU\Software\Baidu
Chave Deletedo : HKCU\Software\AppDataLow\Software\simplytech
Chave Deletedo : HKLM\SOFTWARE\AskPartnerNetwork
Chave Deletedo : HKLM\SOFTWARE\DealPlyLive
Chave Deletedo : HKLM\SOFTWARE\MyBestOffersToday
Chave Deletedo : HKLM\SOFTWARE\PriceMeterLiveUpdate
Chave Deletedo : HKLM\SOFTWARE\SafetyNut
Chave Deletedo : HKLM\SOFTWARE\systweak
Chave Deletedo : HKLM\SOFTWARE\Tutorials
Chave Deletedo : HKLM\SOFTWARE\Baidu
Chave Deletedo : HKLM\SOFTWARE\Quiknowledge
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17496

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl []

-\\ Mozilla Firefox v29.0 (pt-BR)

[9al6ip8u.default\prefs.js] - Linha deletada : user_pref("browser.search.defaultengine", "Web Search");
[9al6ip8u.default\prefs.js] - Linha deletada : user_pref("browser.search.order.1", "Web Search");
[9al6ip8u.default\prefs.js] - Linha deletada : user_pref("wtb18194.homepage", "hxxp://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45");
[9al6ip8u.default\prefs.js] - Linha deletada : user_pref("wtb18194.newtab", "hxxp://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45");

-\\ Google Chrome v39.0.2171.99

[C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

-\\ Opera v0.0.0.0

[C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [23974 octets] - [15/01/2015 12:50:12]
AdwCleaner[S0].txt - [19128 octets] - [15/01/2015 12:59:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19189 octets] ##########

por **caedurodrigues** Qui 15 Jan 2015, 13:12

Por favor execute também o JRT. Um grande abraço.

por Daniarruda Qui 15 Jan 2015, 13:33

segue o log do JRT -

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by fermando on 15/01/2015 at 13:16:20,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update webget

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Users\fermando\AppData\Roaming\baidu security"
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"

~~~ FireFox

Successfully deleted the following from C:\Users\fermando\AppData\Roaming\mozilla\firefox\profiles\9al6ip8u.default\prefs.js

user_pref("HomeTab_18194.global.DisplayRecentSearches", "true");

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/01/2015 at 13:32:30,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **caedurodrigues** Qui 15 Jan 2015, 13:38

Boa tarde Daniarruda,

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][Tens de ter uma conta e sessão iniciada para poderes visualizar este link]><(...by Smeenk)>
Salve na sua área de trabalho!
Execute o arquivo Zoek.exe.
Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!

QuickScan;
autoclean;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
Clique Run Script!
Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
Anexe o zoek-results.txt na sua próxima resposta.

Um grande abraço. Computador com problema 648673379

por Daniarruda Qui 15 Jan 2015, 14:43

segue o log:

Zoek.exe v5.0.0.0 Updated 14-01-2015
Tool run by fermando on 15/01/2015 at 13:41:11,75.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\fermando\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

15/01/2015 13:43:45 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\005 deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\fermando\AppData\Roaming\WinRAR deleted successfully
C:\Users\fermando\AppData\Local\Adobe deleted successfully
C:\Users\fermando\AppData\Local\cache deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3896181395-4071897127-3457657136-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\fermando\AppData\Roaming\Mozilla\Firefox\Profiles\9al6ip8u.default

user.js not found
---- Lines webget removed from prefs.js ----
user_pref("extensions.webget.asul", "1402450567866");
user_pref("extensions.webget.aul", "1401616789340");
user_pref("extensions.webget.irl", true);
user_pref("extensions.webget.is", "isgiwhBR");
user_pref("extensions.webget.ug", "78208DBF-D422-477B-B340-0E010BB707C6");
---- Lines nspdlsd removed from prefs.js ----
user_pref("extensions.nspdlsd.aflt", "spd_dsites02_14_20_ch");
user_pref("extensions.nspdlsd.cd", "2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CyE0F0B0DyBtCtD0ByByDtN0D0Tzu0SzzyCzytN1L2XzutBtFtBtDtFtCtAtFtDtN1L1CzutCyEtDtAtDyD1V1Q
user_pref("extensions.nspdlsd.cr", "1130745378");
user_pref("extensions.nspdlsd.data._dy", "20140728");
user_pref("extensions.nspdlsd.data.activeDate", "20140728");
user_pref("extensions.nspdlsd.data.aliveDate", "20140728");
user_pref("extensions.nspdlsd.data.cc", "br");
user_pref("extensions.nspdlsd.data.cg", "47");
user_pref("extensions.nspdlsd.data.instlDate", "20140519");
user_pref("extensions.nspdlsd.data.ntopen", "23442882");
user_pref("extensions.nspdlsd.data.ra-858c9bc4691dd7d717087c602a156841", "1c26bcf6b868fe7b830f1ac39d232989");
user_pref("extensions.nspdlsd.data.ra-872bb23eeaa531e88719b185b415ff36", "881dfe3f235219a6a709257cac7dac56");
user_pref("extensions.nspdlsd.data.ra-abc402c70e46e8cc70f0532c455a3c97", "f0b1bc2fa3394162925d4b8e801f39d0");
user_pref("extensions.nspdlsd.data.ra-dacbaa704bfd9ae018299a5407fc9ded", "64248c65e0e85552bd072a2ec53f144d");
user_pref("extensions.nspdlsd.data.ra-ebaacfa4c60ac51ffd801758802da7d0", "3c02aaf3c151f09fc07c7e257436e6c9");
user_pref("extensions.nspdlsd.data.rprt", "0");
user_pref("extensions.nspdlsd.general.content", "favorites-15db0652d523f41883fcb0af9394e99a");
user_pref("extensions.nspdlsd.general.firstRun", false);
user_pref("extensions.nspdlsd.general.guid", "955e5374-4d17-40e9-8715-ca1b8c31d4bf");
user_pref("extensions.nspdlsd.general.version", "9.5.5");
user_pref("extensions.nspdlsd.instlRef", "140305_d");
---- FireFox user.js and prefs.js backups ----

prefs_012015_1415_.backup

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\Users\fermando\.android deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\search_the_web.xml deleted
C:\PROGRA~2\SamsungPrinterLiveUpdateInstaller deleted
C:\PROGRA~2\Skillbrains deleted
C:\found.000 deleted
C:\Users\fermando\AppData\Roaming\WB.CFG deleted
C:\Users\fermando\AppData\Roaming\GoldenGate deleted
C:\PROGRA~3\PriceMeterLiveUpdate deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\fermando\Blizzard Updater.exe deleted
C:\Users\fermando\Launcher.exe deleted
C:\Users\fermando\wow-4.2.1.2756-enUS-tools-downloader.exe deleted
C:\Users\fermando\wow-4.2.1.2756-enUS-tools-patch.exe deleted
C:\PROGRA~3\cel.exe deleted
C:\PROGRA~3\temp1320088.exe deleted
C:\PROGRA~3\temp1394466.exe deleted
C:\PROGRA~3\temp155983.exe deleted
C:\PROGRA~3\temp1627442.exe deleted
C:\PROGRA~3\temp1752408.exe deleted
C:\PROGRA~3\temp4679175.exe deleted
C:\PROGRA~3\temp5665879.exe deleted
C:\PROGRA~3\temp8017877.exe deleted
C:\PROGRA~3\temp9200115.exe deleted
C:\PROGRA~3\temp9452307.exe deleted
C:\PROGRA~3\temp9629510.exe deleted
C:\PROGRA~3\temp976187.exe deleted
C:\Users\fermando\AppData\Roaming\Mozilla\Firefox\Profiles\9al6ip8u.default\nspdlsd deleted
"C:\Windows\Installer\7b035.msi" deleted
"C:\Users\fermando\AppData\Local\{358776C4-C778-45FB-BFBC-7A3F2010C148}" deleted
"C:\Users\fermando\AppData\Local\{95460F31-8052-4F40-AD2D-7FD70B5364A2}" deleted
"C:\Users\fermando\AppData\Local\{A1424BDE-D518-43DF-B314-634854BC4544}" deleted
"C:\PROGRA~3\tABsWRcEryW.exe" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-01-04 14:00:38 1C27CEECA7EAECC2A74C3D9D9DF68CA6 26694 ------w- C:\Windows\uninstall.ico
2015-01-04 14:00:37 E4B07708FD36326F575E7431A370151A 1571160 ------w- C:\Windows\TotalUninstaller.exe
====== C:\Users\fermando\AppData\Local\Temp ====
2015-01-15 15:14:19 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\libiconv2.dll
2015-01-15 15:14:19 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\libintl3.dll
2015-01-15 15:14:19 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\pcre3.dll
2015-01-15 15:14:19 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\regex2.dll
2015-01-15 15:14:19 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
2014-12-18 20:51:04 F55266BB0C40479669C69874AF09B568 90 ----a-w- C:\Users\fermando\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\0\458a7f80-25915e4a
2014-12-26 16:57:30 F55266BB0C40479669C69874AF09B568 90 ----a-w- C:\Users\fermando\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\0\458a7f80-593d85f3
====== C:\Windows\SysWOW64 =====
2015-01-13 20:56:08 71CAE7E61FD7C841481AB92A8BE6DED1 162304 ----a-w- C:\Windows\SysWOW64\ncsi.dll
2015-01-13 20:56:07 5A6A55BB31693D2D7064D7F44ADDB98D 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 20:55:59 20D035F5A92F5C12CB8694FAE5C30194 87552 ----a-w- C:\Windows\SysWOW64\davclnt.dll
2015-01-13 20:55:59 049FAF4EE26617B4CFCE3C4F45953C16 210432 ----a-w- C:\Windows\SysWOW64\WebClnt.dll
2015-01-13 20:53:46 2F9871CD1A994180A1DC4F959010AF8A 3977656 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 20:53:43 D6D3C2B151CE2867F9B3E3CA770DEF4B 3921848 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 20:53:41 9F5699D1112A7B9AE74CCB6BD427726A 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-01-13 20:56:13 5B9954AE9FD4682DADD5EBC0301366B0 52736 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2015-01-13 20:56:11 D0891D2F5D63DAB719F005919762912C 225792 ----a-w- C:\Windows\Sysnative\profsvc.dll
2015-01-13 20:56:11 767C51232F4706534E83C32DC508B827 33792 ----a-w- C:\Windows\Sysnative\profprov.dll
2015-01-13 20:56:08 1198848B46764B158CF995C4D110EFEF 303616 ----a-w- C:\Windows\Sysnative\nlasvc.dll
2015-01-13 20:56:08 0422238C1AFD34D95D71D6BB1836DABD 223744 ----a-w- C:\Windows\Sysnative\ncsi.dll
2015-01-13 20:55:59 E02555E5FB12AF8DCAAF6C05B57BD74A 109056 ----a-w- C:\Windows\Sysnative\davclnt.dll
2015-01-13 20:55:59 C1EAE0C20DFC3E193BC1B2701CA6B333 265216 ----a-w- C:\Windows\Sysnative\WebClnt.dll
2015-01-13 20:53:48 790577C77DD59EBBE4BB5359EAB0682D 5553080 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2015-01-13 20:53:46 848F036116D69AC4B2EA9F5D19519C9A 457400 ----a-w- C:\Windows\Sysnative\ci.dll
2015-01-13 20:53:43 CA950A35BA8E7C50BA44DD5C13974804 617384 ----a-w- C:\Windows\Sysnative\winresume.efi
2015-01-13 20:53:42 EA673696AA352A0D87091C794C69C407 34304 ----a-w- C:\Windows\Sysnative\appidsvc.dll
2015-01-13 20:53:42 CE44FDEAD21B2A7F9BC3B684A26833B6 503808 ----a-w- C:\Windows\Sysnative\srcore.dll
2015-01-13 20:53:42 C872E5E061ABDA2D6F5446E3845DD4BD 693176 ----a-w- C:\Windows\Sysnative\winload.efi
2015-01-13 20:53:42 766F998FA2EF1F9870856122C6446C02 533200 ----a-w- C:\Windows\Sysnative\winresume.exe
2015-01-13 20:53:42 4CFFE295B258D7EDF319EFC7EFCB1DCF 619056 ----a-w- C:\Windows\Sysnative\winload.exe
2015-01-13 20:53:42 49F6CE629E4361363C83F4D58B995A90 58880 ----a-w- C:\Windows\Sysnative\appidapi.dll
2015-01-13 20:53:41 C54E433DFA9F6A4DDF05B78F87EB4B4B 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll
2015-01-04 14:00:34 FC21BF5A1667FC745FE53D05DA4CB8A2 89600 ----a-w- C:\Windows\Sysnative\ssi2mci.dll
2015-01-04 14:00:34 803B85A5743859C9BAF790C14AD34A92 359 ----a-w- C:\Windows\Sysnative\ssi2mlm.smt
2015-01-04 14:00:34 67D1E438151DF2F57D03372330C4A545 158040 ----a-w- C:\Windows\Sysnative\ssi2mci.exe
2015-01-04 14:00:34 2CF34465F8DE12B1BF00CD8B9C22846E 226424 ----a-w- C:\Windows\Sysnative\SBuySupplies.exe
2015-01-04 14:00:34 0BF28DEE7BFB7F2D787756A2009AD5F8 34304 ----a-w- C:\Windows\Sysnative\ssi2mlm.dll
====== C:\Windows\Sysnative\drivers =====
2015-01-13 20:55:59 0AE0AB07EB9166EA6030153830148C02 142336 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys
2015-01-13 20:53:42 E1D50C4B23B1DD2D5B97DAE215A400C9 62464 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2015-01-04 13:59:57 0211AB46B73A2623B86C1CFCB30579AB 11576 ------w- C:\Windows\Sysnative\drivers\SSPORT.SYS
2014-12-30 23:14:07 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-01-04 14:01:02 -------- d-----w- C:\PROGRA~2\SamsungPrinterLiveUpdate
2015-01-04 14:00:30 -------- d-----w- C:\PROGRA~2\Samsung
2014-12-21 15:01:47 -------- d-----w- C:\PROGRA~2\TibiaTunnel
======= C: =====
====== C:\Users\fermando\AppData\Roaming ======
2014-12-21 15:23:22 7D9FE463045A572C699E4C6012236819 600 ----a-w- C:\Users\fermando\AppData\Local\PUTTY.RND
2014-12-21 15:02:49 -------- d-----w- C:\Users\fermando\AppData\Roaming\NetworkTunnel
====== C:\Users\fermando ======
2015-01-15 15:06:09 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\fermando\Downloads\JRT.exe
2015-01-15 14:48:09 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\fermando\Desktop\AdwCleaner.exe
2015-01-15 14:37:09 DD6CC155E167825920DA7FCEDA04CFAA 1356288 ----a-w- C:\Users\fermando\Downloads\ZA-Scan.exe
2015-01-04 14:01:07 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-01-04 14:01:02 -------- d-----w- C:\Users\TODOSO~1\Samsung
2015-01-04 14:01:02 -------- d-----w- C:\ProgramData\Samsung
2015-01-04 13:58:31 6FB9388D79FEE9A9D18F1CEF1836A633 21145944 ----a-w- C:\Users\fermando\Downloads\ML-371x_Series_WIN_PD_V3.12.29.00.37.exe
2014-12-21 15:01:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TibiaTunnel
2014-12-17 19:57:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot

====== C: exe-files ==
2015-01-15 15:14:19 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2015-01-15 15:06:09 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\fermando\Downloads\JRT.exe
2015-01-15 14:48:09 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\fermando\Desktop\AdwCleaner.exe
2015-01-15 14:37:09 DD6CC155E167825920DA7FCEDA04CFAA 1356288 ----a-w- C:\Users\fermando\Downloads\ZA-Scan.exe
2015-01-14 00:28:18 BA7DC0C9141BE7292CA7E744B6F19F26 897104 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.99\39.0.2171.99_39.0.2171.95_chrome_updater.exe
=== C: other files ==
2015-01-15 15:14:19 F720D6634E048B0AD485CEEF55263E6B 191092 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\misc.bat
2015-01-15 15:14:19 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\prelim.bat
2015-01-15 15:14:19 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\TDL4.bat
2015-01-15 15:14:19 C4C784C659C27DB5ED395A7901611C71 14957 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\get.bat
2015-01-15 15:14:19 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\medfos.bat
2015-01-15 15:14:19 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\surfvox.bat
2015-01-15 15:14:19 A3945FA06DB607245C6A1D0629CE737E 11057 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\runvalues.bat
2015-01-15 15:14:19 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\searchlnk.bat
2015-01-15 15:14:19 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\firefox.bat
2015-01-15 15:14:19 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\ev_clear.bat
2015-01-15 15:14:19 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\ask.bat
2015-01-15 15:14:19 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\iexplore.bat
2015-01-15 15:14:19 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\delfolders.bat
2015-01-15 15:14:19 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\mws.bat
2015-01-15 15:14:19 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\fermando\AppData\Local\Temp\jrt\chrome.bat
2015-01-13 20:55:59 0AE0AB07EB9166EA6030153830148C02 142336 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-13 20:53:42 E1D50C4B23B1DD2D5B97DAE215A400C9 62464 ----a-w- C:\Windows\System32\drivers\appid.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3896181395-4071897127-3457657136-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"LightShot"="C:\Users\fermando\AppData\Local\Skillbrains\lightshot\Lightshot.exe"
"BitTorrent"="C:\Users\fermando\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Facebook Update"="C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"DTlite"="C:\ProgramData\tABsWRcEryW.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightShot"="C:\Users\fermando\AppData\Local\Skillbrains\lightshot\Lightshot.exe"
"BitTorrent"="C:\Users\fermando\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Facebook Update"="C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"DTlite"="C:\ProgramData\tABsWRcEryW.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/01/2015 18:48]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000Core.job --a------ C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/08/2014 23:26]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000UA.job --a------ C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/08/2014 23:26]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/05/2014 17:01]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/05/2014 17:01]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000Core" [C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000UA" [C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3896181395-4071897127-3457657136-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3896181395-4071897127-3457657136-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\fermando\AppData\Roaming\Mozilla\Firefox\Profiles\9al6ip8u.default
user_pref("browser.search.defaultenginename", "Bing ");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [25/09/2014 11:15]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\fermando\AppData\Roaming\Mozilla\Firefox\Profiles\9al6ip8u.default
3CD19649B2C3023D65E67C056457A2BC - C:\Users\fermando\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director
C899B98999270821EDFFA56044DE2377 - C:\Users\fermando\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin

==== Chromium Look ======================

Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11/09/2014 11:50]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 19:22]

Google Docs - fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avast Online Security - fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.msn.com/?pc=UP97&ocid=UP97DHP"
"Search Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45"
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45"
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
"Search Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
"Search Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1407950240354&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
@="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1407950240354&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
@="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1407950240354&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
@="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1407950240354&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
@="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1407950240354&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
@="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1407950240354&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
@="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1407950240354&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
@="http://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45"
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=77324&st=home&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45"
"Default_Search_URL"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=77324&tid=18194&ver=6.7&ts=1407898800000.000008&tguid=77324-18194-1407950240354-43D3797F2A66F49D166D483209A86D45&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Start Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://br.msn.com/?pc=UP97&ocid=UP97DHP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0F050 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C0F05} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC0F050 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\fermando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\fermando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUKGIZ6U will be deleted at reboot
C:\Users\fermando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZO7IWTI6 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\fermando\AppData\Local\Mozilla\Firefox\Profiles\9al6ip8u.default\Cache will be emptied at reboot

==== Empty Chrome Cache ======================

C:\Users\fermando\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=119 folders=18 115034633 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\fermando\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\fermando\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\fermando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUKGIZ6U" not found
"C:\Users\fermando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZO7IWTI6" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 15/01/2015 at 14:42:00,56 ======================

por **caedurodrigues** Qui 15 Jan 2015, 23:23

Boa noite Daniarruda,

Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Farbar)>
Ou aqui:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Salve-a na Área de trabalho !
Execute a ferramenta ! Clique "Yes" >> "Scan".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Verifique se as caixinhas em "Whitelist" estão assinaladas.
Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
Será gerado o relatório! (FRST.txt)
Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Ou anexe-o <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Link
Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !

Um grande abraço. Computador com problema 648673379

por Daniarruda Qua 28 Jan 2015, 17:22

o primeiro arquivo gerado [FRST]
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by fermando (administrator) on FERMANDO-PC on 28-01-2015 17:17:28
Running from C:\Users\fermando\Desktop
Loaded Profiles: fermando (Available profiles: fermando)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(BitTorrent Inc.) C:\Users\fermando\AppData\Roaming\BitTorrent\BitTorrent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-11] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [mbot_br_9] => [X]
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [839384 2014-09-16] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\Run: [LightShot] => C:\Users\fermando\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\Run: [BitTorrent] => C:\Users\fermando\AppData\Roaming\BitTorrent\BitTorrent.exe [1376600 2015-01-21] (BitTorrent Inc.)
HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\Run: [Facebook Update] => C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-12] (Facebook Inc.)
HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\Run: [DTlite] => "C:\ProgramData\tABsWRcEryW.exe"
HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\Policies\Explorer: [TaskbarNoThumbnail] 1
HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\MountPoints2: {83a1b7b9-deb4-11e3-9b46-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\MountPoints2: {9bb1fe09-906d-11e4-8aa8-c89cdc4fbd71} - E:\LGAutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:65104;https=127.0.0.1:65104
AutoConfigURL: [S-1-5-21-3896181395-4071897127-3457657136-1000] => [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3896181395-4071897127-3457657136-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3896181395-4071897127-3457657136-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\fermando\AppData\Roaming\Mozilla\Firefox\Profiles\9al6ip8u.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\fermando\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-3896181395-4071897127-3457657136-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\fermando\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\fermando\AppData\Roaming\Mozilla\Firefox\Profiles\9al6ip8u.default\searchplugins\Baixaki.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-22]

Chrome:
=======
CHR HomePage: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-18]
CHR Extension: (Google Drive) - C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (YouTube) - C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-18]
CHR Extension: (Pesquisa do Google) - C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-18]
CHR Extension: (Avast Online Security) - C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-11]
CHR Extension: (Google Wallet) - C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR Extension: (Gmail) - C:\Users\fermando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-11] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-16] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5132656 2013-11-25] (INCA Internet Co., Ltd.)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-11] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-16] (BlueStack Systems)
S3 GunBod; C:\Game\SoftnyxGame\GunBoundPS\avital\gunbod64.sys [86352 2014-06-29] ()
S3 xpyebigv; No ImagePath
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 17:17 - 2015-01-28 17:18 - 00015059 _____ () C:\Users\fermando\Desktop\FRST.txt
2015-01-28 17:17 - 2015-01-28 17:17 - 00000000 ____D () C:\FRST
2015-01-21 17:52 - 2015-01-21 17:52 - 00000021 _____ () C:\Users\fermando\Desktop\carrasco loco.txt
2015-01-20 17:13 - 2015-01-20 17:13 - 00000000 ____D () C:\Users\fermando\AppData\Roaming\WinRAR
2015-01-20 12:02 - 2015-01-20 12:03 - 02126848 _____ (Farbar) C:\Users\fermando\Desktop\FRST64.exe
2015-01-20 11:53 - 2015-01-20 11:59 - 00000000 ____D () C:\Users\fermando\Desktop\nao deletar DANI
2015-01-17 10:32 - 2015-01-17 10:32 - 00565976 _____ () C:\Users\fermando\Downloads\Ventania - Só Para Loucos.mp3.exe
2015-01-15 14:36 - 2015-01-15 14:36 - 00000085 _____ () C:\folders.txt
2015-01-15 14:36 - 2015-01-15 13:39 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-15 13:42 - 2015-01-15 14:42 - 00040081 _____ () C:\zoek-results.log
2015-01-15 13:39 - 2015-01-15 14:41 - 00000000 ____D () C:\zoek_backup
2015-01-15 13:39 - 2015-01-15 13:39 - 01295360 _____ () C:\Users\fermando\Downloads\zoek.exe
2015-01-15 13:39 - 2015-01-15 13:39 - 01295360 _____ () C:\Users\fermando\Desktop\zoek.exe
2015-01-15 13:32 - 2015-01-15 13:32 - 00001245 _____ () C:\Users\fermando\Desktop\JRT.txt
2015-01-15 13:15 - 2015-01-15 13:15 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 13:06 - 2015-01-15 13:06 - 01707939 _____ (Thisisu) C:\Users\fermando\Downloads\JRT.exe
2015-01-15 12:50 - 2015-01-15 13:00 - 00000000 ____D () C:\AdwCleaner
2015-01-15 12:48 - 2015-01-15 12:48 - 02191360 _____ () C:\Users\fermando\Desktop\AdwCleaner.exe
2015-01-15 12:37 - 2015-01-15 12:37 - 01356288 _____ () C:\Users\fermando\Downloads\ZA-Scan.exe
2015-01-15 12:37 - 2015-01-15 12:37 - 00012584 _____ () C:\Users\fermando\Downloads\hijackthis.log
2015-01-15 12:36 - 2015-01-15 12:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\fermando\Downloads\HijackThis.exe
2015-01-13 18:56 - 2014-12-19 01:30 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 18:56 - 2014-12-19 01:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\profprov.dll
2015-01-13 18:56 - 2014-12-11 15:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 18:56 - 2014-12-06 02:31 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 18:56 - 2014-12-06 02:31 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-13 18:56 - 2014-12-06 02:18 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 18:56 - 2014-12-06 02:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:55 - 2014-12-19 01:30 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-01-13 18:55 - 2014-12-19 01:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-01-13 18:55 - 2014-12-19 01:03 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-01-13 18:55 - 2014-12-19 01:03 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-01-13 18:55 - 2014-12-18 23:53 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 18:53 - 2014-12-12 04:07 - 05553080 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 18:53 - 2014-12-12 04:07 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-01-13 18:53 - 2014-12-12 04:05 - 00617384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-01-13 18:53 - 2014-12-12 03:45 - 03977656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 18:53 - 2014-12-12 03:45 - 03921848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 18:53 - 2014-10-29 00:16 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-01-13 18:53 - 2014-08-19 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 18:53 - 2014-08-19 01:05 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-01-13 18:53 - 2014-07-07 00:06 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-01-13 18:53 - 2014-07-07 00:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-01-13 18:53 - 2014-07-06 23:40 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-01-13 18:53 - 2014-07-06 23:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-01-13 18:53 - 2014-06-27 22:21 - 00533200 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-01-13 18:53 - 2014-06-27 22:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-04 12:01 - 2015-01-28 10:23 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-01-04 12:01 - 2015-01-04 12:02 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2015-01-04 12:01 - 2015-01-04 12:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-01-04 12:01 - 2015-01-04 12:01 - 00000000 ____D () C:\Users\Todos os Usuários\Samsung
2015-01-04 12:01 - 2015-01-04 12:01 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-04 12:00 - 2015-01-04 12:00 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-04 12:00 - 2013-09-30 11:49 - 00158040 _____ (SS) C:\Windows\system32\ssi2mci.exe
2015-01-04 12:00 - 2013-05-09 01:34 - 01571160 ____N () C:\Windows\TotalUninstaller.exe
2015-01-04 12:00 - 2012-12-07 08:42 - 00226424 _____ () C:\Windows\system32\SBuySupplies.exe
2015-01-04 12:00 - 2012-04-05 07:33 - 00089600 _____ (SS) C:\Windows\system32\ssi2mci.dll
2015-01-04 12:00 - 2012-04-05 07:33 - 00034304 _____ () C:\Windows\system32\ssi2mlm.dll
2015-01-04 12:00 - 2012-04-05 07:33 - 00000359 _____ () C:\Windows\system32\ssi2mlm.smt
2015-01-04 11:59 - 2010-12-06 20:52 - 00011576 ____N (Samsung Electronics) C:\Windows\system32\Drivers\SSPORT.SYS
2015-01-04 11:58 - 2015-01-04 11:59 - 21145944 _____ () C:\Users\fermando\Downloads\ML-371x_Series_WIN_PD_V3.12.29.00.37.exe
2014-12-30 21:14 - 2014-12-30 21:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-12-30 21:13 - 2014-10-14 15:41 - 02021888 _____ () C:\Users\fermando\Downloads\Raimundos - Opa ! Perai, Caceta (ao vivo) - midia em cd e dvd promocional 2014.exe
2014-12-30 20:27 - 2014-12-30 20:28 - 02017723 _____ () C:\Users\fermando\Downloads\Raimundos - Opa ! Perai, Caceta (ao vivo) - midia em cd e dvd promocional 2014.rar
2014-12-29 22:15 - 2014-12-29 22:15 - 00000000 ____D () C:\Users\fermando\Downloads\Mortera_Global
2014-12-29 21:54 - 2014-12-29 22:13 - 34355498 _____ () C:\Users\fermando\Downloads\Mortera_Global.rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 17:16 - 2014-06-13 20:41 - 00000000 ____D () C:\Users\fermando\AppData\Roaming\BitTorrent
2015-01-28 17:06 - 2014-06-13 20:47 - 00000000 ____D () C:\Users\fermando\AppData\Roaming\Skype
2015-01-28 16:52 - 2014-05-24 21:13 - 00000000 ____D () C:\Users\fermando\AppData\Local\LogMeIn Hamachi
2015-01-28 16:47 - 2014-05-18 17:05 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 16:41 - 2009-07-14 02:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 16:41 - 2009-07-14 02:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 16:37 - 2014-05-18 15:50 - 01201120 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 16:33 - 2014-05-18 17:01 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 16:33 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 16:33 - 2009-07-14 02:51 - 00056607 _____ () C:\Windows\setupact.log
2015-01-28 11:27 - 2014-05-18 17:01 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 10:31 - 2014-08-12 23:26 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000UA.job
2015-01-27 08:30 - 2014-05-18 17:02 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 14:02 - 2014-01-11 17:25 - 00705798 _____ () C:\Windows\system32\prfh0416.dat
2015-01-26 14:02 - 2014-01-11 17:25 - 00147638 _____ () C:\Windows\system32\prfc0416.dat
2015-01-26 14:02 - 2009-07-14 03:13 - 01635826 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 15:16 - 2014-05-22 21:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-25 10:47 - 2014-05-18 17:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 10:47 - 2014-05-18 17:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 10:47 - 2014-05-18 17:05 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-20 21:55 - 2014-05-18 16:56 - 01600212 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-20 19:07 - 2014-08-14 22:54 - 00000000 ____D () C:\Program Files (x86)\Tibia
2015-01-15 18:14 - 2009-07-14 03:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 14:41 - 2010-11-21 01:47 - 00738852 _____ () C:\Windows\PFRO.log
2015-01-15 14:16 - 2014-05-18 16:15 - 00000000 ____D () C:\Users\fermando
2015-01-15 14:16 - 2009-07-14 01:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-15 14:16 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-01-15 12:37 - 2014-05-18 16:15 - 00000000 ____D () C:\Users\fermando\AppData\Local\VirtualStore
2015-01-14 19:36 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\rescache
2015-01-14 19:00 - 2014-08-25 18:06 - 00000000 ____D () C:\Users\fermando\AppData\Local\CrashDumps
2015-01-14 18:04 - 2014-06-13 20:44 - 00000000 ____D () C:\Users\Todos os Usuários\Skype
2015-01-14 18:04 - 2014-06-13 20:44 - 00000000 ____D () C:\ProgramData\Skype
2015-01-13 22:36 - 2014-10-28 13:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-13 22:31 - 2014-08-12 23:26 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000Core.job
2015-01-13 22:26 - 2014-10-28 13:26 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2010-11-21 01:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 17:34 - 2014-07-24 18:02 - 00000000 ____D () C:\Users\fermando\AppData\Roaming\PDF Architect 2
2015-01-04 12:26 - 2014-08-14 22:55 - 00000000 ____D () C:\Users\fermando\AppData\Roaming\Tibia
2015-01-04 12:12 - 2014-09-16 11:55 - 00000000 ____D () C:\Users\fermando\Downloads\downloads antigos
2015-01-03 11:59 - 2014-05-18 20:38 - 00000000 ____D () C:\Users\fermando\AppData\Roaming\.minecraft
2014-12-29 16:13 - 2014-05-18 21:57 - 00000000 ____D () C:\Program Files (x86)\RaidCall

==================== Files in the root of some directories =======
2014-12-21 13:23 - 2014-12-21 13:23 - 0000600 _____ () C:\Users\fermando\AppData\Local\PUTTY.RND
2014-05-24 15:11 - 2014-05-24 15:11 - 0000003 ____N () C:\Users\fermando\AppData\Local\updater.log
2014-05-24 15:11 - 2014-12-17 17:57 - 0000425 _____ () C:\Users\fermando\AppData\Local\UserProducts.xml
2014-10-03 17:19 - 2014-10-03 17:19 - 0000036 _____ () C:\ProgramData\arquivo.ini
2014-08-14 02:01 - 2014-09-24 13:23 - 0000152 _____ () C:\ProgramData\bc.ini
2014-10-03 17:18 - 2014-10-03 17:19 - 4695631 _____ () C:\ProgramData\cel.zip

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-24 16:08

==================== End Of Log ============================

por Daniarruda Qua 28 Jan 2015, 17:24

e o arquivo [Addition]:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by fermando at 2015-01-28 17:19:31
Running from C:\Users\fermando\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Arquivo do WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\BitTorrent) (Version: 7.9.2.37755 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.3.4070 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{B40D9A2E-C9CA-4402-A0B7-09E33C03B9C5}) (Version: 0.9.3.4070 - BlueStack Systems, Inc.)
CABAL Online (Brasil) (HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\CabalOnline(Bra)) (Version: - )
Command & Conquer Tiberian Sun (HKLM-x32\...\Tiberian Sun) (Version: - )
DriverEasy 4.7.5 (HKLM\...\DriverEasy_is1) (Version: 4.7.5.0 - Easeware)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GunboundPS (HKLM-x32\...\GunboundPS_is1) (Version: - Softnyx co.,Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java technology allows you to work and play in a secure computing environment. Packages (HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\Java technology allows you to work and play in a secure computing environment. Packages) (Version: - ) <==== ATTENTION
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Minecraft 1.3 (HKLM-x32\...\Minecraft 1.3) (Version: - )
Mozilla Firefox 29.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 pt-BR)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Samsung ML-371x Series (HKLM-x32\...\Samsung ML-371x Series) (Version: 1.31 (26/10/2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Shopping App by Ask (HKLM-x32\...\{4F524A2D-5354-2D53-5045-A758B70C1200}) (Version: 12.18.0.81 - APN, LLC)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype

7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.71 - CipSoft GmbH)
TibiaTunnel (HKLM-x32\...\{4BD6DFD3-105A-4921-B253-3F15E6022B5C}_is1) (Version: 7.3.1 - SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

26-12-2014 12:29:06 Windows Update
30-12-2014 09:38:19 Windows Update
06-01-2015 13:04:45 Windows Update
10-01-2015 13:34:19 Windows Update
13-01-2015 18:41:52 Windows Update
13-01-2015 22:24:52 Windows Update
15-01-2015 13:42:51 zoek.exe restore point
17-01-2015 09:34:38 Windows Update
20-01-2015 13:17:52 Windows Update
20-01-2015 21:49:14 Windows Update
27-01-2015 11:05:06 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 00:34 - 2009-06-10 19:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {37C2696D-02D5-4E63-823D-6176302F6710} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-11] (AVAST Software)
Task: {5BA37BF7-C8C8-4133-A035-81BC380428DC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000Core => C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12] (Facebook Inc.)
Task: {65CDA90F-666D-4999-98A8-8B72CD18B850} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {81451540-3E68-4DB5-917C-5EE54A69610E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3896181395-4071897127-3457657136-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8C3FBA7E-5924-4C09-8B24-81A1250D440D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000UA => C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12] (Facebook Inc.)
Task: {97547B02-6B2D-4D5A-9D34-A8A7DD782D94} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3896181395-4071897127-3457657136-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A6B62A59-AE71-41E1-8C3A-13C381F0212E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {BB6897EF-F7F5-4C1F-BEE0-89AA4BD58763} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000Core.job => C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000UA.job => C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-04 12:00 - 2012-04-05 07:33 - 00034304 _____ () C:\Windows\System32\ssi2mlm.dll
2014-09-11 11:50 - 2014-09-11 11:50 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-03 09:27 - 2014-10-03 09:27 - 02858496 _____ () C:\Program Files\AVAST Software\Avast\defs\14100300\algo.dll
2014-09-11 11:50 - 2014-09-11 11:50 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-27 08:30 - 2015-01-25 04:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 08:30 - 2015-01-25 04:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 08:30 - 2015-01-25 04:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrador (S-1-5-21-3896181395-4071897127-3457657136-500 - Administrator - Disabled)
Convidado (S-1-5-21-3896181395-4071897127-3457657136-501 - Limited - Disabled)
fermando (S-1-5-21-3896181395-4071897127-3457657136-1000 - Administrator - Enabled) => C:\Users\fermando

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2015 04:34:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 04:34:20 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Serviço não pode ser iniciado. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
em BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/28/2015 10:08:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 10:08:19 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Serviço não pode ser iniciado. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
em BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/27/2015 01:36:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 01:36:06 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Serviço não pode ser iniciado. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
em BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/27/2015 11:01:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 11:00:58 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Serviço não pode ser iniciado. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
em BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/27/2015 10:39:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 10:39:43 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Serviço não pode ser iniciado. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
em BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

System errors:
=============
Error: (01/28/2015 04:34:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064

Error: (01/28/2015 10:08:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064

Error: (01/27/2015 01:36:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064

Error: (01/27/2015 11:00:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064

Error: (01/27/2015 10:39:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064

Error: (01/27/2015 07:34:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064

Error: (01/26/2015 07:17:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064

Error: (01/26/2015 00:41:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064

Error: (01/25/2015 06:44:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/25/2015 09:43:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o erro:
%%1064

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU D525 @ 1.80GHz
Percentage of memory in use: 69%
Total physical RAM: 2038.3 MB
Available physical RAM: 630.05 MB
Total Pagefile: 4076.61 MB
Available Pagefile: 2527.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:326.07 GB) NTFS
Drive d: (TS1) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool

(Size: 465.8 GB) (Disk ID: 66DAC15B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

por **caedurodrigues** Qui 29 Jan 2015, 00:02

Boa noite Daniarruda,

Copie estas informações que estão em vermelho,para o Bloco de Notas.
Salve-a com o nome fixlist.txt
Salve-a no mesmo local em que se encontra a FRST

start
CloseProcesses:
HKLM-x32\...\Run: [mbot_br_9] => [X]
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:65104;https=127.0.0.1:65104
AutoConfigURL: [S-1-5-21-3896181395-4071897127-3457657136-1000] => [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3896181395-4071897127-3457657136-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
CHR HomePage: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
S3 xpyebigv; No ImagePath
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
2015-01-15 14:36 - 2015-01-15 13:39 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-15 13:42 - 2015-01-15 14:42 - 00040081 _____ () C:\zoek-results.log
2015-01-15 13:39 - 2015-01-15 14:41 - 00000000 ____D () C:\zoek_backup
2015-01-15 13:39 - 2015-01-15 13:39 - 01295360 _____ () C:\Users\fermando\Downloads\zoek.exe
2015-01-15 13:39 - 2015-01-15 13:39 - 01295360 _____ () C:\Users\fermando\Desktop\zoek.exe
2015-01-15 13:32 - 2015-01-15 13:32 - 00001245 _____ () C:\Users\fermando\Desktop\JRT.txt
2015-01-15 13:06 - 2015-01-15 13:06 - 01707939 _____ (Thisisu) C:\Users\fermando\Downloads\JRT.exe
2015-01-15 12:50 - 2015-01-15 13:00 - 00000000 ____D () C:\AdwCleaner
2015-01-15 12:48 - 2015-01-15 12:48 - 02191360 _____ () C:\Users\fermando\Desktop\AdwCleaner.exe
2015-01-15 12:37 - 2015-01-15 12:37 - 01356288 _____ () C:\Users\fermando\Downloads\ZA-Scan.exe
2015-01-15 12:37 - 2015-01-15 12:37 - 00012584 _____ () C:\Users\fermando\Downloads\hijackthis.log
2015-01-15 12:36 - 2015-01-15 12:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\fermando\Downloads\HijackThis.exe
2015-01-15 14:41 - 2010-11-21 01:47 - 00738852 _____ () C:\Windows\PFRO.log
Java technology allows you to work and play in a secure computing environment. Packages (HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\Java technology allows you to work and play in a secure computing environment. Packages) (Version: - ) <==== ATTENTION
Task: {5BA37BF7-C8C8-4133-A035-81BC380428DC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000Core => C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12] (Facebook Inc.)
Task: {8C3FBA7E-5924-4C09-8B24-81A1250D440D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000UA => C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000Core.job => C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000UA.job => C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe
HOSTS:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
Poste o relatório! (Fixlog.txt)

Um grande abraço. Computador com problema 648673379

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

por Daniarruda Qui 29 Jan 2015, 00:25

segue o log--

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by fermando at 2015-01-29 00:14:24 Run:1
Running from C:\Users\fermando\Desktop
Loaded Profiles: fermando (Available profiles: fermando)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [mbot_br_9] => [X]
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:65104;https=127.0.0.1:65104
AutoConfigURL: [S-1-5-21-3896181395-4071897127-3457657136-1000] => [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3896181395-4071897127-3457657136-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
CHR HomePage: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
S3 xpyebigv; No ImagePath
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
2015-01-15 14:36 - 2015-01-15 13:39 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-15 13:42 - 2015-01-15 14:42 - 00040081 _____ () C:\zoek-results.log
2015-01-15 13:39 - 2015-01-15 14:41 - 00000000 ____D () C:\zoek_backup
2015-01-15 13:39 - 2015-01-15 13:39 - 01295360 _____ () C:\Users\fermando\Downloads\zoek.exe
2015-01-15 13:39 - 2015-01-15 13:39 - 01295360 _____ () C:\Users\fermando\Desktop\zoek.exe
2015-01-15 13:32 - 2015-01-15 13:32 - 00001245 _____ () C:\Users\fermando\Desktop\JRT.txt
2015-01-15 13:06 - 2015-01-15 13:06 - 01707939 _____ (Thisisu) C:\Users\fermando\Downloads\JRT.exe
2015-01-15 12:50 - 2015-01-15 13:00 - 00000000 ____D () C:\AdwCleaner
2015-01-15 12:48 - 2015-01-15 12:48 - 02191360 _____ () C:\Users\fermando\Desktop\AdwCleaner.exe
2015-01-15 12:37 - 2015-01-15 12:37 - 01356288 _____ () C:\Users\fermando\Downloads\ZA-Scan.exe
2015-01-15 12:37 - 2015-01-15 12:37 - 00012584 _____ () C:\Users\fermando\Downloads\hijackthis.log
2015-01-15 12:36 - 2015-01-15 12:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\fermando\Downloads\HijackThis.exe
2015-01-15 14:41 - 2010-11-21 01:47 - 00738852 _____ () C:\Windows\PFRO.log
Java technology allows you to work and play in a secure computing environment. Packages (HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\Java technology allows you to work and play in a secure computing environment. Packages) (Version: - ) <==== ATTENTION
Task: {5BA37BF7-C8C8-4133-A035-81BC380428DC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000Core => C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12] (Facebook Inc.)
Task: {8C3FBA7E-5924-4C09-8B24-81A1250D440D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000UA => C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000Core.job => C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000UA.job => C:\Users\fermando\AppData\Local\Facebook\Update\FacebookUpdate.exe
HOSTS:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_br_9 => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml => Moved successfully.
Chrome HomePage deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
xpyebigv => Service deleted successfully.
BprotectEx => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
Spring => Service deleted successfully.
VGPU => Service deleted successfully.
X6va017 => Service deleted successfully.
X6va021 => Service deleted successfully.
X6va022 => Service deleted successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\fermando\Downloads\zoek.exe => Moved successfully.
C:\Users\fermando\Desktop\zoek.exe => Moved successfully.
C:\Users\fermando\Desktop\JRT.txt => Moved successfully.
C:\Users\fermando\Downloads\JRT.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\fermando\Desktop\AdwCleaner.exe => Moved successfully.
C:\Users\fermando\Downloads\ZA-Scan.exe => Moved successfully.
C:\Users\fermando\Downloads\hijackthis.log => Moved successfully.
C:\Users\fermando\Downloads\HijackThis.exe => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
Java technology allows you to work and play in a secure computing environment. Packages (HKU\S-1-5-21-3896181395-4071897127-3457657136-1000\...\Java technology allows you to work and play in a secure computing environment. Packages) (Version: - ) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BA37BF7-C8C8-4133-A035-81BC380428DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BA37BF7-C8C8-4133-A035-81BC380428DC}" => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000Core => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000Core" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C3FBA7E-5924-4C09-8B24-81A1250D440D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C3FBA7E-5924-4C09-8B24-81A1250D440D}" => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000UA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000UA" => Key deleted successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3896181395-4071897127-3457657136-1000UA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Configura��o de IP do Windows

Libera��o do Cache do DNS Resolver bem-sucedida.

========= End of CMD: =========

EmptyTemp: => Removed 435.5 MB temporary data.

The system needed a reboot.

==== End of Fixlog 00:15:05 ====

por **caedurodrigues** Qui 29 Jan 2015, 00:39

Boa noite Daniarruda,

Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ><[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ...Nicolas Coolman)
Salve-o no Disco local (C ou D).
Desabilite seu antivírus, e execute ZHPDiag.exe para instalar.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Execute o ícone do pergaminho!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique na opção "COMPLETA" e aguarde a conclusão.
Clique OK e,ao concluir, poste o relatório! ( ZHPDiag.txt )
Obs: O relatório por ser extenso deve ser postado em um desses sites:
Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Ou anexe-o <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Link
Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !

Um grande abraço. Computador com problema 648673379

por Daniarruda Qui 29 Jan 2015, 00:59

como não coube o log
segue o link
[http://cjoint.com/?EADejiKy5Jg]

por **caedurodrigues** Qui 29 Jan 2015, 02:07

Boa noite Daniarruda,

Execute este script na ferramenta ZHPFix.
Copie estas informações que estão em vermelho para o Bloco de notas.
Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.
À seguir, minimize o Bloco de notas.

Script ZHPFix
SysRestore
M3 - MFPP: Plugins - [fermando] -- C:\Users\fermando\AppData\Roaming\Mozilla\Firefox\Profiles\9al6ip8u.default\searchplugins\Baixaki.xml
O4 - HKCU\..\Run: [LightShot] C:\Users\fermando\AppData\Local\Skillbrains\lightshot\Lightshot.exe (.not file.) =>PUP.SkillBrains
O4 - HKUS\S-1-5-21-3896181395-4071897127-3457657136-1000\..\Run: [LightShot] C:\Users\fermando\AppData\Local\Skillbrains\lightshot\Lightshot.exe (.not file.) =>PUP.SkillBrains
O42 - Logiciel: Shopping App by Ask - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5354-2D53-5045-A758B70C1200} =>Toolbar.Avira
[HKCU\Software\Baidu Security]
[HKCU\Software\Baixaki]
[HKCU\Software\Skillbrains] =>PUP.SkillBrains
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\PriceMeterLiveUpdate] =>PUP.PriceMeter
[HKLM\Software\Wow6432Node\SkillBrains] =>PUP.SkillBrains
O43 - CFD: 24/07/2014 - 17:36:06 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 13/08/2014 - 16:20:32 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.80971
O43 - CFD: 23/09/2014 - 22:00:54 - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.83884
O43 - CFD: 13/08/2014 - 15:19:23 - [] ----D C:\ProgramData\Baidu Antivirus
O45 - LFCP:[MD5.B1F03738CC369184502B8CEF36674FF6] - 15/01/2015 - 12:00:10 ---A- - C:\Windows\Prefetch\PRICEMETERLIVEUPDATE.EXE-C5AC284A.pf =>PUP.PriceMeter
O51 - MPSK:{83a1b7b9-deb4-11e3-9b46-806e6f6e6963}\AutoRun\command. (...) -- D:\autorun.exe
O51 - MPSK:{9bb1fe09-906d-11e4-8aa8-c89cdc4fbd71}\AutoRun\command. (...) -- E:\LGAutoRun.exe (.not file.)
O67 - Shell Spawning: <.html> <BaiduSparkHTML>[HKLM\..\open\Command] (.Not Key.)
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
[MD5.739F55C55A99F7923EB4E238012A517B] [WIS][10/10/2014] (.APN, LLC - Shopping App by Ask.) -- C:\Windows\Installer\5a2daf.msi [512000] =>Toolbar.Avira
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5354-2D53-5045-A758B70C1200}] =>Toolbar.Avira^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:LightShot =>PUP.SkillBrains^
[HKCU\Software\Skillbrains] =>PUP.SkillBrains^
[HKLM\Software\Wow6432Node\PriceMeterLiveUpdate] =>PUP.PriceMeter^
[HKLM\Software\Wow6432Node\SkillBrains] =>PUP.SkillBrains^
C:\Windows\Installer\5a2daf.msi =>Toolbar.Avira^
EmptyClsid
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
ShortcutFix
Proxyfix
Abra a ferramenta ZHPFix. <[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]>
Clique em IMPORTAÇÃO > OK
Clique "GO".
Poste o Relatório!

Um grande abraço. Computador com problema 648673379

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

por **joram** Qui 26 Mar 2015, 04:01

Tópico Arquivado

Como o autor não respondeu por mais de 45 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Computador com problema

Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Re: Computador com problema

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31