Remover Istart.Websearches, Search Protect e Fast Start

por Victor Verenguer Seg 20 Abr 2015, 21:29

Boa noite. Ao fazer um download acabei abrindo a porta para websearches indesejados.
Gostaria de uma ajuda para remover este lixo. Já rodei CCleanner, mas não resolveu. Os programas continuam instalados.
desde já agradeço.
Victor.

por **Power Max** Seg 20 Abr 2015, 22:20

Olá Victor.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por Victor Verenguer Qua 22 Abr 2015, 16:43

Olá Power Max,
Desculpe a demora. Estava em viagem.
Estou com dificuldades gerais no PC, e isso acarreta mais demora.
O relatório segue abaixo:

# AdwCleaner v4.201 - Relatório criado 22/04/2015 às 16:33:09
# Atualizado 08/04/2015 por Xplode
# Base de dados : 2015-04-22.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x64)
# Usuário : Luiz - LUIZ-PC
# Executando de : C:\Users\Luiz\Desktop\adwcleaner_4.201.exe
# Opção : Verificar

***** [ Serviços ] *****

Serviço Encontrado : CashReminder
Serviço Encontrado : crfilterdrv
Serviço Encontrado : IHProtect Service
Serviço Encontrado : WindowsMangerProtect
Serviço Encontrado : Update Plain Savings
Serviço Encontrado : Util Plain Savings
Serviço Encontrado : {06a48682-c411-480d-acec-407c6643b478}Gw64
Serviço Encontrado : {251b9a3f-c618-468f-8932-41fa1fe4c90a}Gw64

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Program Files (x86)\ActSys\ActSys.exe
Arquivo Encontrado : C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\searchplugins\do-search.xml
Arquivo Encontrado : C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\searchplugins\istartsurf.xml
Arquivo Encontrado : C:\Windows\System32\drivers\{06a48682-c411-480d-acec-407c6643b478}Gw64.sys
Arquivo Encontrado : C:\Windows\System32\drivers\{251b9a3f-c618-468f-8932-41fa1fe4c90a}Gw64.sys
Arquivo Encontrado : C:\Windows\System32\drivers\crfilterdrv.sys
Pasta Encontrado : C:\Program Files (x86)\CashReminder
Pasta Encontrado : C:\Program Files (x86)\GOSafer
Pasta Encontrado : C:\Program Files (x86)\Plain Savings
Pasta Encontrado : C:\Program Files (x86)\XTab
Pasta Encontrado : C:\ProgramData\IHProtectUpDate
Pasta Encontrado : C:\ProgramData\WindowsMangerProtect
Pasta Encontrado : C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Pasta Encontrado : C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\Extensions\searchengine@gmail.com

***** [ Tarefas agendadas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Chave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
Chave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8DF5265D-DF88-4BFE-A517-07035BC8A23E}
Chave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Chave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Chave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Chave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Chave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Chave Encontrado : HKCU\Software\Mozilla\Extends
Chave Encontrado : HKCU\Software\Plain Savings
Chave Encontrado : HKCU\Software\simplytech
Chave Encontrado : HKCU\Software\Softonic
Chave Encontrado : HKCU\Software\TNT2
Chave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Chave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Chave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
Chave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8DF5265D-DF88-4BFE-A517-07035BC8A23E}
Chave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Chave Encontrado : [x64] HKCU\Software\Plain Savings
Chave Encontrado : [x64] HKCU\Software\simplytech
Chave Encontrado : [x64] HKCU\Software\Softonic
Chave Encontrado : [x64] HKCU\Software\TNT2
Chave Encontrado : HKLM\SOFTWARE\CashReminder
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{dc85b379-fe3b-447d-bef1-faaaf8359aef}
Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Encontrado : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Encontrado : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Encontrado : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Encontrado : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Encontrado : HKLM\SOFTWARE\Classes\TypeLib\{f42dfe21-7c86-4a0b-9543-d27fb58be97d}
Chave Encontrado : HKLM\SOFTWARE\do-searchSoftware
Chave Encontrado : HKLM\SOFTWARE\Google\Chrome\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh
Chave Encontrado : HKLM\SOFTWARE\IHProtect
Chave Encontrado : HKLM\SOFTWARE\istartsurfSoftware
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc85b379-fe3b-447d-bef1-faaaf8359aef}
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashReminder
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Chave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Chave Encontrado : HKLM\SOFTWARE\Plain Savings
Chave Encontrado : HKLM\SOFTWARE\SupDp
Chave Encontrado : HKLM\SOFTWARE\SupTab
Chave Encontrado : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Plain Savings
Chave Encontrado : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Plain Savings
Chave Encontrado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Encontrado : [x64] HKLM\SOFTWARE\CashReminder
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Encontrado : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Encontrado : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh
Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plain Savings
Dados Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - ;*.local
Dados Encontrado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Valor Encontrado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [detgdp@gmail.com]
Valor Encontrado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_searchff@gmail.com]
Valor Encontrado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
Valor Encontrado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com]

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17728

Configuração Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configuração Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configuração Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configuração Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configuração Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configuração Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

-\\ Mozilla Firefox v37.0.1 (x86 pt-BR)

[jnvitik0.default] - Linha Encontrado : user_pref("browser.search.defaultenginename", "istartsurf");
[jnvitik0.default] - Linha Encontrado : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,DuckDuckGo,Twitter,Wikipedia (pt),do-search");
[jnvitik0.default] - Linha Encontrado : user_pref("browser.search.searchengine.alias", "istartsurf");
[jnvitik0.default] - Linha Encontrado : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/web/favicon.ico");
[jnvitik0.default] - Linha Encontrado : user_pref("browser.search.searchengine.name", "istartsurf");
[jnvitik0.default] - Linha Encontrado : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=dspp&ts=1429565506&from=pcm&uid=ST3250310AS_6RY3ARANXXXX6RY3ARAN&q={searchTerms}");
[jnvitik0.default] - Linha Encontrado : user_pref("browser.search.selectedEngine", "istartsurf");
[jnvitik0.default] - Linha Encontrado : user_pref("extensions.quick_start.enable_search1", false);
[jnvitik0.default] - Linha Encontrado : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v42.0.2311.90

[C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Web data] - Encontrado [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Encontrado [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
[C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Encontrado [Default_Search_Provider_Data] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [12800 bytes] - [22/04/2015 16:33:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12860 bytes] ##########

por **Power Max** Qua 22 Abr 2015, 17:20

Você usou só a pesquisa do Adwcleaner. Use ele da forma indicada no tutorial que te passei e depois poste o novo relatório que ele irá criar.

por Victor Verenguer Qua 22 Abr 2015, 18:51

Oi,
Consegui fazer a limpeza, conforme tutorial, porém, não consigo fazer login no computador "infectado".
Estou tentando enviar o relatório por outro PC.

# AdwCleaner v4.201 - Relatório criado 22/04/2015 às 17:28:28
# Atualizado 08/04/2015 por Xplode
# Base de dados : 2015-04-22.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x64)
# Usuário : Luiz - LUIZ-PC
# Executando de : C:\Users\Luiz\Desktop\adwcleaner_4.201.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Excluído : CashReminder
Serviço Excluído : crfilterdrv
[#] Serviço Excluído : IHProtect Service
[#] Serviço Excluído : WindowsMangerProtect
[#] Serviço Excluído : Update Plain Savings
[#] Serviço Excluído : Util Plain Savings
Serviço Excluído : {06a48682-c411-480d-acec-407c6643b478}Gw64
Serviço Excluído : {251b9a3f-c618-468f-8932-41fa1fe4c90a}Gw64

***** [ Arquivos / Pastas ] *****

Pasta Excluído : C:\ProgramData\WindowsMangerProtect
Pasta Excluído : C:\ProgramData\IHProtectUpDate
Pasta Excluído : C:\Program Files (x86)\XTab
Pasta Excluído : C:\Program Files (x86)\CashReminder
Pasta Excluído : C:\Program Files (x86)\GOSafer
Pasta Excluído : C:\Program Files (x86)\Plain Savings
Pasta Excluído : C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\Extensions\searchengine@gmail.com
Pasta Excluído : C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Arquivo Excluído : C:\Program Files (x86)\ActSys\ActSys.exe
Arquivo Excluído : C:\Windows\System32\drivers\{06a48682-c411-480d-acec-407c6643b478}Gw64.sys
Arquivo Excluído : C:\Windows\System32\drivers\{251b9a3f-c618-468f-8932-41fa1fe4c90a}Gw64.sys
Arquivo Excluído : C:\Windows\System32\drivers\crfilterdrv.sys
Arquivo Excluído : C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\searchplugins\do-search.xml
Arquivo Excluído : C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\searchplugins\istartsurf.xml

***** [ Tarefas agendadas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [detgdp@gmail.com]
Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com]
Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_searchff@gmail.com]
Chave Apagado : HKLM\SOFTWARE\Google\Chrome\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh
Chave Apagado : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh
Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Apagado : HKCU\Software\Mozilla\Extends
Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Plain Savings
Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Plain Savings
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{dc85b379-fe3b-447d-bef1-faaaf8359aef}
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{f42dfe21-7c86-4a0b-9543-d27fb58be97d}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc85b379-fe3b-447d-bef1-faaaf8359aef}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Apagado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Dados Restaurado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8DF5265D-DF88-4BFE-A517-07035BC8A23E}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Apagado : HKCU\Software\simplytech
Chave Apagado : HKCU\Software\Softonic
Chave Apagado : HKCU\Software\TNT2
Chave Apagado : HKCU\Software\Plain Savings
Chave Apagado : HKLM\SOFTWARE\do-searchSoftware
Chave Apagado : HKLM\SOFTWARE\istartsurfSoftware
Chave Apagado : HKLM\SOFTWARE\SupDp
Chave Apagado : HKLM\SOFTWARE\SupTab
Chave Apagado : HKLM\SOFTWARE\IHProtect
Chave Apagado : HKLM\SOFTWARE\CashReminder
Chave Apagado : HKLM\SOFTWARE\Plain Savings
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashReminder
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Chave Apagado : [x64] HKLM\SOFTWARE\CashReminder
Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plain Savings
Dados Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - ;*.local

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17728

Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v37.0.1 (x86 pt-BR)

[jnvitik0.default\prefs.js] - Linha Apagado : user_pref("browser.search.defaultenginename", "istartsurf");
[jnvitik0.default\prefs.js] - Linha Apagado : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,DuckDuckGo,Twitter,Wikipedia (pt),do-search");
[jnvitik0.default\prefs.js] - Linha Apagado : user_pref("browser.search.searchengine.alias", "istartsurf");
[jnvitik0.default\prefs.js] - Linha Apagado : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/web/favicon.ico");
[jnvitik0.default\prefs.js] - Linha Apagado : user_pref("browser.search.searchengine.name", "istartsurf");
[jnvitik0.default\prefs.js] - Linha Apagado : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=dspp&ts=1429565506&from=pcm&uid=ST3250310AS_6RY3ARANXXXX6RY3ARAN&q={searchTerms}");
[jnvitik0.default\prefs.js] - Linha Apagado : user_pref("browser.search.selectedEngine", "istartsurf");
[jnvitik0.default\prefs.js] - Linha Apagado : user_pref("extensions.quick_start.enable_search1", false);
[jnvitik0.default\prefs.js] - Linha Apagado : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v42.0.2311.90

[C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
[C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Default_Search_Provider_Data] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [13036 bytes] - [22/04/2015 16:33:09]
AdwCleaner[S0].txt - [10440 bytes] - [22/04/2015 17:28:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10500 bytes] ##########

por **Power Max** Qua 22 Abr 2015, 20:13

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por Victor Verenguer Qua 22 Abr 2015, 20:45

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.0 (04.20.2015:1)
OS: Windows 7 Ultimate x64
Ran by Luiz on 22/04/2015 at 20:34:00,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\NVIDIA Update Core Service

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin

~~~ FireFox

Successfully deleted the following from C:\Users\Luiz\AppData\Roaming\mozilla\firefox\profiles\jnvitik0.default\prefs.js

user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, pcm);
user_pref(browser.search.searchengine.uid, ST3250310AS_6RY3ARANXXXX6RY3ARAN);
user_pref(extensions.sweetsearch@gmail.com.install-event-fired, true);
Emptied folder: C:\Users\Luiz\AppData\Roaming\mozilla\firefox\profiles\jnvitik0.default\minidumps [3 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/04/2015 at 20:42:50,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Qua 22 Abr 2015, 20:48

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Salve-o no Desktop (Área de Trabalho).

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

por Victor Verenguer Qua 22 Abr 2015, 22:15

Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by Luiz on 22/04/2015 at 20:55:38,44.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luiz\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22/04/2015 20:58:45 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Pando Networks deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Origin deleted successfully
C:\Users\Luiz\AppData\Local\CutePDF Writer deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF3126-2FC2-44D7-86C0-DF47BA501C8F} deleted successfully
HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20EA2253-FAD3-4930-8CDC-83766AEE5B1F} deleted successfully
HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ABCB129-3DB5-401D-B7DB-6B71B07AF6CE} deleted successfully
HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{500D8E23-C0E0-4D1D-A21-D7DD9FB05659} deleted successfully
HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{880832C6-3442-4753-9753-BC7E8B9CC3ED} deleted successfully
HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8FE7FCD6-99F6-426A-A984-9C7A3FB88331} deleted successfully
HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{918C71ED-9499-4720-8FB2-F9042203B70} deleted successfully
HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD533F51-5413-41CF-A46D-7749B89A6A8C} deleted successfully
HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1EF2903-750C-4965-A27C-DA6F9A83624D} deleted successfully
HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFCEE48B-DFA4-4256-98C8-19886D92BCFD} deleted successfully
HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC650F7C-959E-4961-A24D-A44F24DB316F} deleted successfully
HKEY_USERS\S-1-5-21-2032838380-1236204141-1967180275-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5ABA0A4-50F0-48DC-B347-119E819CD34B} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com/");
user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.order.1", "Google (avast)");
user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default

user.js not found
---- Lines Mega Browse removed from prefs.js ----
user_pref("extensions.Mega Browse.asul", "1398185976106");
user_pref("extensions.Mega Browse.aul", "1398185510629");
user_pref("extensions.Mega Browse.irl", true);
user_pref("extensions.Mega Browse.is", "isgiwhBR");
user_pref("extensions.Mega Browse.ug", "DB3F41C5-5063-4975-B311-73356E55AF87");
---- Lines Plain Savings removed from prefs.js ----
user_pref("extensions.Plain Savings.asul", "1429738293112");
user_pref("extensions.Plain Savings.aul", "1429731761301");
user_pref("extensions.Plain Savings.irl", true);
user_pref("extensions.Plain Savings.is", "cfsp1br");
user_pref("extensions.Plain Savings.ug", "EDF2A71A-F25C-4CFD-BBCF-A918C3456633");
---- Lines ScanTack removed from prefs.js ----
user_pref("extensions.ScanTack.asul", "1402362578987");
user_pref("extensions.ScanTack.aul", "1402362417588");
user_pref("extensions.ScanTack.irl", true);
user_pref("extensions.ScanTack.is", "t4pcsuBR");
user_pref("extensions.ScanTack.ug", "ADB5D890-3897-4B6A-86EA-F85C301E71C8");
---- Lines quick_start removed from prefs.js ----
user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
---- FireFox user.js and prefs.js backups ----

prefs_042015_2138_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Pando Networks not found
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\found.000 deleted
C:\Users\Luiz\AppData\Roaming\WB.CFG deleted
C:\Users\Luiz\AppData\Roaming\Wondershare deleted
C:\Users\Luiz\AppData\Roaming\Rim.Desktop.Exception.log deleted
C:\Users\Luiz\AppData\Roaming\Rim.Desktop.HttpServerSetup.log deleted
C:\Users\Luiz\AppData\Roaming\Rim.DesktopHelper.Exception.log deleted
C:\Users\Luiz\AppData\Roaming\Rim.Transcoder.Exception.log deleted
C:\PROGRA~3\hash.dat deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Luiz\AppData\Local\Wondershare deleted
C:\Users\Luiz\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\windows\SysNative\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Windows\Installer\8c3694.msi" deleted
"C:\Users\Luiz\AppData\Local\{FEFBAA3B-7896-4526-B815-C1C6FE9705F6}" deleted
"C:\Users\Luiz\AppData\Roaming\.minecraft" deleted
"C:\Users\Luiz\AppData\Roaming\.technic" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [22/11/2013 16:42]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- IE Tab 2 FF 3.6 - %ProfilePath%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
- Plain Savings 1.0.1 - %ProfilePath%\extensions\{06a48682-c411-480d-acec-407c6643b478}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\jnvitik0.default
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
0C0C5C207121C7A78414A8250E8E099A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director
9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash
F0F5F4BF2305E593E438C76DA61C8A9F - C:\Users\Luiz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
370EDDB3AE3A430FA75DB3F61A5B9881 - C:\Users\Luiz\AppData\Local\Roblox\Versions\version-3c333d16b2ee4af9\NPRobloxProxy.dll - Roblox Launcher Plugin
962F0ADC67B9E4B04A36A4A7DEB530F8 - C:\Users\Luiz\AppData\Local\Roblox\Versions\version-3c333d16b2ee4af9\NPRobloxProxy64.dll - Roblox Launcher Plugin

==== Chromium Look ======================

Google Chrome Version: 42.0.2311.90 (Possible outdated, latest Stable version: 41.0.2272.118) [z-db]

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17/03/2015 14:45]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 14:24]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22]

Plain Savings - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeigdomoghhcjndjinbbnhfmpaopfflp
Google Docs - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Bookmark Manager - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Avast Online Security - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
RealDownloader - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Chrome Hotword Shared Module - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chromium Startpages ======================

C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"startup_urls": [ "http://www.google.com/" ],

==== Chromium Fix ======================

C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeigdomoghhcjndjinbbnhfmpaopfflp deleted successfully
C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aeigdomoghhcjndjinbbnhfmpaopfflp_0.localstorage deleted successfully
C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aeigdomoghhcjndjinbbnhfmpaopfflp_0.localstorage-journal deleted successfully
C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeigdomoghhcjndjinbbnhfmpaopfflp deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com/"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com/"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com/"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="https://www.google.com/?trackid=sp-006"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google Url="https://www.google.com/search?trackid=sp-006&q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Luiz\Desktop\CrossFire AL.lnk - C:\Program Files (x86)\Z8Games\CrossFire BR\cfPT_launcher.exe
C:\Users\Luiz\Desktop\Elsword.lnk - C:\Level Up Games\Elsword\elsword.exe
C:\Users\Luiz\Desktop\Fraps.lnk - C:\Fraps\fraps.exe
C:\Users\Luiz\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luiz\Desktop\HP Photosmart C4200 series - Atalho.lnk -
C:\Users\Luiz\Desktop\PointBlank.lnk - C:\ongame\Pointblank\PBLauncher.exe
C:\Users\Luiz\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Luiz\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Luiz\Desktop\TV Expert.lnk - C:\Program Files (x86)\TV Expert\ADTV.exe
C:\Users\Luiz\Desktop\Warface.lnk - C:\Level Up\Warface\Launcher\Launcher.exe
C:\Users\Luiz\Desktop\µTorrent.lnk -
C:\Users\Luiz\Desktop\Extreme_Games\Combat Arms.lnk - C:\Level Up Games\Combat Arms\CombatArms.exe
C:\Users\Luiz\Desktop\Extreme_Games\Dolphin - Mario Bros.lnk - C:\Discos\Dolphin-win-x64-v3.5-367\Dolphin.exe
C:\Users\Luiz\Desktop\Extreme_Games\GForce.lnk - C:\Program Files (x86)\Disney Interactive Studios\G-Force\GForce.exe
C:\Users\Luiz\Desktop\Extreme_Games\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Luiz\Desktop\Extreme_Games\Need for Speed™ Carbon.lnk -
C:\Users\Luiz\Desktop\Extreme_Games\ROBLOX Player.lnk - C:\Users\Luiz\AppData\Local\Roblox\Versions\version-0aae98b55b324621\RobloxPlayerLauncher.exe -browser
C:\Users\Luiz\Desktop\Extreme_Games\ROBLOX Studio.lnk - C:\Users\Luiz\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe -ide
C:\Users\Luiz\Desktop\PASTAS E ATALHOS ALEATÓRIOS\Paint.NET.lnk -
C:\Users\Luiz\Desktop\PASTAS E ATALHOS ALEATÓRIOS\Virtual CloneDrive.lnk -
C:\Users\Luiz\Desktop\PASTAS E ATALHOS ALEATÓRIOS\Wondershare TunesGo Retro.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avast Premier.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Public\Desktop\Avast SafeZone.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe /sfzonebrowser
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\TV Expert.lnk - C:\Program Files (x86)\TV Expert\ADTV.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Level Up\Warface\Warface.lnk - C:\Level Up\Warface\Launcher\Launcher.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\ROBLOX Player.lnk - C:\Users\Luiz\AppData\Local\Roblox\Versions\version-3c333d16b2ee4af9\RobloxPlayerLauncher.exe -browser
C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\ROBLOX Studio.lnk - C:\Users\Luiz\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe -ide
C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk - C:\Program Files (x86)\Paint.NET\PaintDotNet.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Level Up\Combat Arms.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk - C:\Windows\SysWOW64\msiexec.exe /i {80EE9168-BB59-4F87-BF1A-57C137EAF714} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PointBlank\PointBlank.lnk - C:\ongame\Pointblank\PBLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PointBlank\Uninstall - PointBlank.lnk - C:\ongame\Pointblank\PBUnInst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PointBlank\Website - PointBlank.lnk - C:\ongame\Pointblank\PointBlank.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games\CrossFire BR\CrossFire AL.lnk - C:\Program Files (x86)\Z8Games\CrossFire BR\cfPT_launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games\CrossFire BR\Desinstalar crossfire.lnk - C:\Program Files (x86)\Z8Games\CrossFire BR\unins000.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wondershare TunesGo Retro.lnk - C:\Program Files (x86)\Wondershare\TunesGo Retro\TunesGoRetro.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BlackBerry Desktop Software.lnk - C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Desligar.lnk - C:\Windows\System32\shutdown.exe -s -t 0
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Nero Burning ROM 2014.lnk - C:\Windows\Installer\{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}\ARPPRODUCTICON.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"=""
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CD7414338C3B62649A58A4AEA863AD6B deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{334147DC-B3C8-4626-A985-4AEA8A36DAB6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\CD7414338C3B62649A58A4AEA863AD6B deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Luiz\AppData\Local\Mozilla\Firefox\Profiles\jnvitik0.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=20303 folders=2368 1883875092 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Luiz\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Luiz\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 22/04/2015 at 22:07:59,27 ======================

por **Power Max** Qua 22 Abr 2015, 22:33

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para executá-lo corretamente siga as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.

por Victor Verenguer Qui 23 Abr 2015, 17:59

Desculpe a demora, mas não consigo fazer login no fórum pelo PC infectado.

Relatório abaixo:

~ ZHPCleaner v2015.4.23.183 by Nicolas Coolman (23/04/2015)
~ Run by Luiz (Administrator) (23/04/2015 17:38:56)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Luiz\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Luiz\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)

---\\ Serviços (0)
~ Nenhum ítem malicioso foi encontrado.

---\\ Navegadores de Internet (3)
SUBSTITUIDO Proxy: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 ( 1 )
SUBSTITUIDO Proxy: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride ( )
SUBSTITUIDO Proxy: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 ( 1 )

---\\ Arquivo hosts (2)
SUBSTITUIDO:
Número de redirecionamentos encontrados 1/22

---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso foi encontrado.

---\\ Explorer ( Arquivos, Pastas) (4)
MOVIDO arquivo: C:\Program Files\KMSpico\TokensBackup (PUA.KMSpico)
MOVIDO pasta: C:\ProgramData\Microsoft Toolkit\Settings.xml (Trojan.AutoKMS) [D9035FFA214D9A2C2E3BF5A81A0727E6]
MOVIDO pasta: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] (Trojan.AutoKMS) [CB54BA877CF4992BB09B0EE27FC5F9C3]
MOVIDO pasta: C:\Windows\AutoKMS\AutoKMS.log (Trojan.AutoKMS) [A0B800E3B6638B302FD7768FC02F8517]

---\\ Registro ( Chaves, Valores, Dados ) (0)
~ Nenhum ítem malicioso foi encontrado.

---\\ Resultado de reparação
~ Reparação efectuada com sucesso
~ Este navegador está faltando ! (Google Chrome)
~ Este navegador está faltando ! (Opera Software)

---\\ Estatísticas
~ Items scan : 73139
~ Items encontrado : 1
~ items cancelados : 0
~ Items réparo : 7

End of clean at 17:53:27
===================
ZHPCleaner-[R]-23042015-17_53_27.txt

por **Power Max** Qui 23 Abr 2015, 20:30

start - Remover Istart.Websearches, Search Protect e Fast Start 772309

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Obs: Depois de acessar um destes links acima, clique no botão DOWNLOAD, como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

por Victor Verenguer Sex 24 Abr 2015, 21:13

Agora consigo realizar o login no computador
Segue abaixo o relatório:

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data da Verificação: 24/04/2015
Hora da Verificação: 16:44:45
Arquivo de Log: log 1.txt
Administrador: Sim

Versão: 2.01.6.1022
Base de Dados de Malware: v2015.04.24.06
Base de Dados de Rootkit: v2015.04.21.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado

SO: Windows 7 Service Pack 1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Luiz

Tipo da Verificação: Verificação Personalizada
Resultado: Terminado
Objetos Verificados: 611260
Tempo Decorrido: 3 hr, 48 min, 27 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 1
PUP.Optional.BRApp.A, C:\Program Files (x86)\DesProtetor\DesProtetor.exe, 2384, Apagar ao Reiniciar, [fe68c8a82961989ed58b2f43f10fb947]

Módulos: 2
PUP.Optional.DesProtetor.A, C:\Program Files (x86)\DesProtetor\nfapi.dll, Apagar ao Reiniciar, [8dd91b5564263cfae61fcefa000334cc],
PUP.Optional.DesProtetor.A, C:\Program Files (x86)\DesProtetor\ProtocolFilters.dll, Apagar ao Reiniciar, [8dd91b5564263cfae61fcefa000334cc],

Chaves de Registro: 10
PUP.Optional.BRApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SaveSys, Quarentena, [fe68c8a82961989ed58b2f43f10fb947],
PUP.Optional.BRApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WNet, Quarentena, [ed799ed2ddad9c9abfa1432fb44c38c8],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-2032838380-1236204141-1967180275-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{71e129ff-6c2a-4984-818c-7e2c998b8d99}, Quarentena, [bda9442c8703eb4bb910064120e3ec14],
PUP.Optional.WNet.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WNet, Quarentena, [6402640ccbbfee4846bb1bacd82be31d],
PUP.Optional.GoSafer.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\gosaferdrv, Quarentena, [adb9a4cc04869d99b34305c2f80b926e],
PUP.Optional.ASFilter.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\asfilterdrv, Quarentena, [a0c6c0b0494177bf23d73a8dc43f45bb],
PUP.Optional.ActSys.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ActSys, Quarentena, [6ff7da96dfab9f97d2323197976c1ce4],
PUP.Optional.DesProtetor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DesProtetor, Quarentena, [8dd91b5564263cfae61fcefa000334cc],
PUP.Optional.Feven.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Free_Ven_s_pro 25, Quarentena, [590d610f90fab2849f5ddc1aca39b14f],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Mediaa_Play_AIR_1.4, Quarentena, [d78f403086045bdb0e92d3233ec5966a],

Valores de Registro: 0
(Nenhum item malicioso detectado)

Dados de Registro: 2
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ruim: (http://www.istartsurf.com/web/?type=dspp&ts=1429565506&from=pcm&uid=ST3250310AS_6RY3ARANXXXX6RY3ARAN&q={searchTerms}),Substituído,[b9ad353bf991ba7cedcfb249d0356e92]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ruim: (http://www.istartsurf.com/web/?type=dspp&ts=1429565506&from=pcm&uid=ST3250310AS_6RY3ARANXXXX6RY3ARAN&q={searchTerms}),Substituído,[2f379dd399f15fd7883428d3a16442be]

Pastas: 3
PUP.Optional.WNet.A, C:\Program Files (x86)\WNet, Quarentena, [6402640ccbbfee4846bb1bacd82be31d],
PUP.Optional.ActSys.A, C:\Program Files (x86)\ActSys, Quarentena, [6ff7da96dfab9f97d2323197976c1ce4],
PUP.Optional.DesProtetor.A, C:\Program Files (x86)\DesProtetor, Apagar ao Reiniciar, [8dd91b5564263cfae61fcefa000334cc],

Arquivos: 40
PUP.Optional.GoSafer.A, C:\Windows\System32\drivers\gosaferdrv.sys, Apagar ao Reiniciar, [7144d953dc4a27f20c891fb74485d0f9],
PUP.Optional.DesProtetor.A, C:\Windows\System32\drivers\desprotetordrv.sys, Apagar ao Reiniciar, [958bcf6d5eaf1235ded992e86558586d],
PUP.Optional.ASFilter.A, C:\Windows\System32\drivers\asfilterdrv.sys, Apagar ao Reiniciar, [5a880dabd6e086d21509ae45ea9a2621],
PUP.Optional.BRApp.A, C:\Program Files (x86)\DesProtetor\DesProtetor.exe, Apagar ao Reiniciar, [fe68c8a82961989ed58b2f43f10fb947],
PUP.Optional.BRApp.A, C:\Program Files (x86)\WNet\WNet.exe, Quarentena, [ed799ed2ddad9c9abfa1432fb44c38c8],
PUP.Optional.ClickYes, C:\Users\Luiz\Downloads\Office Toolkit 2 5 2 Downloader__3687_i1462170594_il2363937.exe, Quarentena, [5e08106090fa12245f031c0429d9bb45],
PUP.Optional.BRApp.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\ActSys\ActSys.exe.vir, Quarentena, [9cca363abbcf360082de3f33ab55c43c],
PUP.Optional.BrApp.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\CashReminder\CashReminder.exe.vir, Quarentena, [471fcda3d7b3e452ab46bab79c64b050],
Adware.Agent, C:\AdwCleaner\Quarantine\C\Program Files (x86)\GOSafer\gosafer.exe.vir, Quarentena, [2f3795dbdab02d0906da78baff034cb4],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plain Savings\bin\PlainSavings.BOAS.exe.vir, Quarentena, [c89eb4bc2b5f0b2b22c846d291710df3],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plain Savings\bin\PlainSavings.BOASPRT.exe.vir, Quarentena, [e2846f01ccbee74f13d6c1575ba77e82],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plain Savings\bin\plugins\PlainSavings.BOAS.dll.vir, Quarentena, [d88edd93a9e1cf676d1b6bb58c76926e],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plain Savings\bin\plugins\PlainSavings.PurBrowseG.dll.vir, Quarentena, [1a4ca3cd1a70db5b921a160035cd9b65],
PUP.Optional.BrowserWatch, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir, Quarentena, [b1b5afc1becc2f075962254a02fe09f7],
PUP.Optional.BrowserWatch, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir, Quarentena, [481e511fa2e893a3655697d857a9e917],
PUP.Optional.SearchProtect, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir, Quarentena, [d591343c1e6ca591bc6f8eb59f639769],
PUP.Optional.SearchProtect, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir, Quarentena, [86e0363acbbfac8a217b8a6e0df858a8],
PUP.Optional.ELEX, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir, Quarentena, [abbb97d9eaa089ad387257dc53af9868],
PUP.Optional.SearchProtect, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir, Quarentena, [f3733739f496cc6aacef8870778e7888],
PUP.Optional.XTab.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir, Quarentena, [d78fbdb3aae0fd3920a7c1516d95f50b],
PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir, Quarentena, [de8869071c6ee353b7d8271053adce32],
PUP.Optional.Protect, C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir, Quarentena, [87df0967018941f556443bbdd530a759],
PUP.Optional.WNet.A, C:\Program Files (x86)\WNet\nfregdrv.exe, Quarentena, [6402640ccbbfee4846bb1bacd82be31d],
PUP.Optional.WNet.A, C:\Program Files (x86)\WNet\libeay32.dll, Quarentena, [6402640ccbbfee4846bb1bacd82be31d],
PUP.Optional.WNet.A, C:\Program Files (x86)\WNet\nfapi.dll, Quarentena, [6402640ccbbfee4846bb1bacd82be31d],
PUP.Optional.WNet.A, C:\Program Files (x86)\WNet\ProtocolFilters.dll, Quarentena, [6402640ccbbfee4846bb1bacd82be31d],
PUP.Optional.WNet.A, C:\Program Files (x86)\WNet\ssleay32.dll, Quarentena, [6402640ccbbfee4846bb1bacd82be31d],
PUP.Optional.WNet.A, C:\Program Files (x86)\WNet\uninst.exe, Quarentena, [6402640ccbbfee4846bb1bacd82be31d],
PUP.Optional.ActSys.A, C:\Program Files (x86)\ActSys\nfregdrv.exe, Quarentena, [6ff7da96dfab9f97d2323197976c1ce4],
PUP.Optional.ActSys.A, C:\Program Files (x86)\ActSys\libeay32.dll, Quarentena, [6ff7da96dfab9f97d2323197976c1ce4],
PUP.Optional.ActSys.A, C:\Program Files (x86)\ActSys\nfapi.dll, Quarentena, [6ff7da96dfab9f97d2323197976c1ce4],
PUP.Optional.ActSys.A, C:\Program Files (x86)\ActSys\ProtocolFilters.dll, Quarentena, [6ff7da96dfab9f97d2323197976c1ce4],
PUP.Optional.ActSys.A, C:\Program Files (x86)\ActSys\remove_ActSys.exe, Quarentena, [6ff7da96dfab9f97d2323197976c1ce4],
PUP.Optional.ActSys.A, C:\Program Files (x86)\ActSys\ssleay32.dll, Quarentena, [6ff7da96dfab9f97d2323197976c1ce4],
PUP.Optional.DesProtetor.A, C:\Program Files (x86)\DesProtetor\nfregdrv.exe, Quarentena, [8dd91b5564263cfae61fcefa000334cc],
PUP.Optional.DesProtetor.A, C:\Program Files (x86)\DesProtetor\libeay32.dll, Quarentena, [8dd91b5564263cfae61fcefa000334cc],
PUP.Optional.DesProtetor.A, C:\Program Files (x86)\DesProtetor\nfapi.dll, Apagar ao Reiniciar, [8dd91b5564263cfae61fcefa000334cc],
PUP.Optional.DesProtetor.A, C:\Program Files (x86)\DesProtetor\ProtocolFilters.dll, Apagar ao Reiniciar, [8dd91b5564263cfae61fcefa000334cc],
PUP.Optional.DesProtetor.A, C:\Program Files (x86)\DesProtetor\ssleay32.dll, Quarentena, [8dd91b5564263cfae61fcefa000334cc],
PUP.Optional.DesProtetor.A, C:\Program Files (x86)\DesProtetor\uninst.exe, Quarentena, [8dd91b5564263cfae61fcefa000334cc],

Setores Físicos: 0
(Nenhum item malicioso detectado)

(end)

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Update, 24/04/2015 16:43:48, SYSTEM, LUIZ-PC, Manual, Remediation Database, 2015.3.9.1, 2015.4.22.1,
Update, 24/04/2015 16:43:48, SYSTEM, LUIZ-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.4.21.1,
Update, 24/04/2015 16:43:51, SYSTEM, LUIZ-PC, Manual, Malware Database, 2015.3.9.5, 2015.4.24.6,
Scan, 24/04/2015 20:45:09, SYSTEM, LUIZ-PC, Manual, Início:24/04/2015 16:44:45, Duração:3 hr 48 min 27 seg, Verificação Personalizada, Terminado, 4 Malware Detectatos, 54 Não-Malware Detectados,
Error, 24/04/2015 20:47:46, SYSTEM, LUIZ-PC, Protection, IsLicensed, 13,
Protection, 24/04/2015 20:47:46, SYSTEM, LUIZ-PC, Protection, Malware Protection, Stopping,
Protection, 24/04/2015 20:47:46, SYSTEM, LUIZ-PC, Protection, Malware Protection, Stopped,

(end)

por **Power Max** Sáb 25 Abr 2015, 09:58

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
_____________________________________________________________________________

Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Clique no botão Escolher arquivo > Selecione o arquivo do log (relatório) e clique no botão Abrir.

Clique no botão Créer le lien Cjoint

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.

por Victor Verenguer Sáb 25 Abr 2015, 12:46

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

por **Power Max** Sáb 25 Abr 2015, 23:13

Há vários programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, tal como é indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_______________________________________________________

start - Remover Istart.Websearches, Search Protect e Fast Start 772309

Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (.not file.)
O23 - Service: ActSys (ActSys) . (...) - C:\Program Files (x86)\ActSys\ActSys.exe (.not file.)
O23 - Service: GOSafer (GOSafer) . (...) - C:\Program Files (x86)\GOSafer\GOSafer.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.AutoKMS
O41 - Driver: (ssfilterdrv) . (.Windows Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\drivers\ssfilterdrv.sys
O42 - Logiciel: GOSafer - (.GO SAFER LLC.) [HKLM][64Bits] -- GOSafer
[HKCU\Software\Baixaki]
[HKCU\Software\ProductSetup] =>Adware.InstallCore
[HKLM\Software\ActSys]
[HKLM\Software\DesProtetor]
[HKLM\Software\GOSafer]
[HKLM\Software\WNet]
O43 - CFD: 01/05/2014 - 16:28:50 - [] ----D C:\Users\Luiz\AppData\Roaming\rmi
O44 - LFC:[MD5.958BCF6D5EAF1235DED992E86558586D] - 20/04/2015 - 18:30:39 ---A- . (.Windows Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\ssfilterdrv.sys [51520]
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:08/12/2014 - 19:33:36 ---A- . (.Windows Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\ssfilterdrv.sys [51520]
O64 - Services: CurCS - 08/12/2014 - C:\Windows\System32\drivers\ssfilterdrv.sys (ssfilterdrv) .(.Windows Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) - LEGACY_SSFILTERDRV
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SS - | Auto 22/07/1658 0 | (ActSys) . (...) - C:\Program Files (x86)\ActSys\ActSys.exe
SS - | Auto 22/07/1658 0 | (GOSafer) . (...) - C:\Program Files (x86)\GOSafer\GOSafer.exe
[HKCU\Software\ProductSetup] =>Adware.InstallCore^
ShortcutFix
ProxyFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

start - Remover Istart.Websearches, Search Protect e Fast Start 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

por Victor Verenguer Ter 28 Abr 2015, 17:37

Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by Luiz at 28/04/2015 17:36:21
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\gosafer\uninst.exe

========== Estado dos serviços ==========
SSFILTERDRV Parado

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GOSafer]
ELIMINÉ: Service: ActSys
ELIMINÉ: Service: GOSafer
ELIMINÉ Driver Key: ssfilterdrv
ELIMINÉ: HKCU\Software\Baixaki
ELIMINÉ: HKCU\Software\ProductSetup
ELIMINÉ:* HKLM\Software\ActSys
ELIMINÉ:* HKLM\Software\DesProtetor
ELIMINÉ:* HKLM\Software\GOSafer
ELIMINÉ:* HKLM\Software\WNet
ELIMINÉ: SearchScopes :{012E1000-F331-11DB-8314-0800200C9A66}
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ: SearchScopes :{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}

========== Valores do Registo ==========
ELIMINÉ RunValue: Wondershare Helper Compact.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\ssfilterdrv.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (121) (12.861.857 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: AutoKMS
ELIMINÉ: AutoKMS
ELIMINÉ: AutoKMS

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
13 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
6 : Ficheiros
1 : Softwares
1 : Estado dos serviços
3 : Tarefa planificada
1 : Restauração Sistema

End of clean in 00mn 55s

========== Caminho do ficheiro do relatório ==========
C:\Users\Luiz\AppData\Roaming\ZHP\ZHPFix[R1].txt - 28/04/2015 17:36:26 [2309]

por **Power Max** Ter 28 Abr 2015, 17:41

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "COMPLETA" e aguarde a conclusão:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
_______________________________________________

Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Clique no botão Escolher arquivo > Selecione o arquivo do log (relatório) e clique no botão Abrir.

Clique no botão Créer le lien Cjoint

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.

Obs: como estou acessando pelo celular, amanhã te passo o próximo procedimento, OK?

por Victor Verenguer Ter 28 Abr 2015, 19:30

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

por **Power Max** Qua 29 Abr 2015, 08:43

Ainda há vários programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, tal como é indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_______________________________________________________

start - Remover Istart.Websearches, Search Protect e Fast Start 772309

Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
O44 - LFC:[MD5.958BCF6D5EAF1235DED992E86558586D] - 20/04/2015 - 18:30:39 ---A- . (.Windows Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\ssfilterdrv.sys [51520]
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:08/12/2014 - 19:33:36 ---A- . (.Windows Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\ssfilterdrv.sys [51520]
O61 - LFC: 28/04/2015 - 19:21:49 ---A- . (...) -- C:\Users\Luiz\AppData\Local\Temp\Rar$EXa0.602\Atualizador.iGDesktop.1.0.0.1.exe [36089]
ShortcutFix
ProxyFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

start - Remover Istart.Websearches, Search Protect e Fast Start 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

por Victor Verenguer Qua 29 Abr 2015, 20:37

Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by Luiz at 29/04/2015 20:36:24
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 11s)
Reparação de atalhos do navegador

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\ssfilterdrv.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (10) (10.889.481 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
6 : Valores do Registo
1 : Pastas
6 : Ficheiros
1 : Restauração Sistema

End of clean in 01mn 23s

========== Caminho do ficheiro do relatório ==========
C:\Users\Luiz\AppData\Roaming\ZHP\ZHPFix[R1].txt - 28/04/2015 17:36:26 [2388]
C:\Users\Luiz\AppData\Roaming\ZHP\ZHPFix[R2].txt - 29/04/2015 20:36:36 [1360]

por **Power Max** Qui 30 Abr 2015, 09:22

Como está o computador depois destes procedimentos? Os problemas foram resolvidos?

por Victor Verenguer Qui 30 Abr 2015, 20:58

Sim.
Obrigado pela ajuda.
Como sempre o Fórum PC Brasil foi eficiente.
start - Remover Istart.Websearches, Search Protect e Fast Start 404338

start - Remover Istart.Websearches, Search Protect e Fast Start 648673379

por **Power Max** Sex 01 maio 2015, 10:03

Fico feliz que o problema tenha sido resolvido.

start - Remover Istart.Websearches, Search Protect e Fast Start 772309

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

start - Remover Istart.Websearches, Search Protect e Fast Start 772309

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

start - Remover Istart.Websearches, Search Protect e Fast Start 648673379

Foi um prazer ajudar. Conte sempre conosco!

por **Power Max** Sex 01 maio 2015, 10:03

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > << Link!

> Leia as várias dicas que estão contidas na Cartilha de Segurança e fique livre de infecções.

CASO RESOLVIDO

> Necessitando nova verificação para este computador, basta abrir um Novo Tópico" e relatar o problema.

por Conteúdo patrocinado

Remover Istart.Websearches, Search Protect e Fast Start

Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Re: Remover Istart.Websearches, Search Protect e Fast Start

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30