Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 13 usuários online :: 0 registrados, 0 invisíveis e 13 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Remoção awesomehp
3 participantes
Página 1 de 1
Remoção awesomehp
por rkiss Ter 28 Jan 2014, 19:10
Prezados, boa tarde
Vi uma resposta no Yahoo que reflete exatamente meu problema:
remoção do awesomehp, baidu e outros pelo Spyhunter 4...
Estava tentando comprar (o site nao abre...) quando vi uma resposta do forum de que existem antivirus muito melhores e gratuitos.
Voces podem me dar uma indicação?
Abraços
Vi uma resposta no Yahoo que reflete exatamente meu problema:
remoção do awesomehp, baidu e outros pelo Spyhunter 4...
Estava tentando comprar (o site nao abre...) quando vi uma resposta do forum de que existem antivirus muito melhores e gratuitos.
Voces podem me dar uma indicação?
Abraços
rkiss- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 28/01/2014
Re: Remoção awesomehp
por Power Max Ter 28 Jan 2014, 19:13
Olá rkiss.
Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].*Execute-o e clique no botão Main Menu.
* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].
*Um relatório será apresentado.
*Selecione todo o conteúdo deste relatório e copie (Ctrl+c).
Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.
Ficamos no aguardo de sua resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção awesomehp
por rkiss Ter 28 Jan 2014, 19:18
Power, the flash... obrigado...
Abaixo log gerado.
Abs
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:16:23, on 28/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\RKiss\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\RKiss\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\RKiss\Downloads\HiJackThis.exe
R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
R3 - URLSearchHook: (no name) - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {18DBB6CE-3148-4FEC-B481-103CB3290427} - (no file)
O2 - BHO: BittorrentBar_PT - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (file missing)
O2 - BHO: Speed - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\PROGRA~2\SECURE~1\IE\SPEEDD~1.DLL
O2 - BHO: TBSB01620 - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {93488930-185C-4CED-AFEB-0FD4930F8423} - (no file)
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Browse2save - {C992690D-942B-FB46-E9A4-E7BBB1A545BF} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - C:\Program Files (x86)\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll
O2 - BHO: (no name) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - (no file)
O2 - BHO: (no name) - {fe063412-bea4-4d76-8ed3-183be6220d17} - (no file)
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NTRedirect] C:\Windows\SysWOW64\rundll32.exe "C:\Users\RKiss\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Dropbox.lnk = RKiss\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: LastPass - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Preenchimento de formulários LastPass - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.itau.com.br
O16 - DPF: {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} (Web Control) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do BonanzaDealsLive (bonanzadealslive) (bonanzadealslive) - Unknown owner - C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe (file missing)
O23 - Service: Serviço do BonanzaDealsLive (bonanzadealslivem) (bonanzadealslivem) - Unknown owner - C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe (file missing)
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Common Toolkit Tools - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginService\PluginService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Macheen Service (MacheenService) - Macheen - C:\Program Files (x86)\Dell\NetReady\MacheenService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SecureUpdate (SecureUpdateSvc) - Unknown owner - C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FighterSuiteService.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\Windows\SysWOW64\WebUpdateSvc4.exe
O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: Mobile Broadband Core Service (WMCoreService) - Unknown owner - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wpm Service (Wpm) - Cherished Technololgy LIMITED - C:\ProgramData\WPM\wprotectmanager.exe
--
End of file - 16256 bytes
Abaixo log gerado.
Abs
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:16:23, on 28/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\RKiss\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\RKiss\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\RKiss\Downloads\HiJackThis.exe
R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
R3 - URLSearchHook: (no name) - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {18DBB6CE-3148-4FEC-B481-103CB3290427} - (no file)
O2 - BHO: BittorrentBar_PT - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (file missing)
O2 - BHO: Speed - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\PROGRA~2\SECURE~1\IE\SPEEDD~1.DLL
O2 - BHO: TBSB01620 - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {93488930-185C-4CED-AFEB-0FD4930F8423} - (no file)
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Browse2save - {C992690D-942B-FB46-E9A4-E7BBB1A545BF} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - C:\Program Files (x86)\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll
O2 - BHO: (no name) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - (no file)
O2 - BHO: (no name) - {fe063412-bea4-4d76-8ed3-183be6220d17} - (no file)
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NTRedirect] C:\Windows\SysWOW64\rundll32.exe "C:\Users\RKiss\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Dropbox.lnk = RKiss\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: LastPass - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Preenchimento de formulários LastPass - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.itau.com.br
O16 - DPF: {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} (Web Control) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do BonanzaDealsLive (bonanzadealslive) (bonanzadealslive) - Unknown owner - C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe (file missing)
O23 - Service: Serviço do BonanzaDealsLive (bonanzadealslivem) (bonanzadealslivem) - Unknown owner - C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe (file missing)
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Common Toolkit Tools - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginService\PluginService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Macheen Service (MacheenService) - Macheen - C:\Program Files (x86)\Dell\NetReady\MacheenService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SecureUpdate (SecureUpdateSvc) - Unknown owner - C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FighterSuiteService.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\Windows\SysWOW64\WebUpdateSvc4.exe
O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: Mobile Broadband Core Service (WMCoreService) - Unknown owner - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wpm Service (Wpm) - Cherished Technololgy LIMITED - C:\ProgramData\WPM\wprotectmanager.exe
--
End of file - 16256 bytes
rkiss- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 28/01/2014
Re: Remoção awesomehp
por Power Max Ter 28 Jan 2014, 19:27
Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
R3 - URLSearchHook: (no name) - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)
O2 - BHO: (no name) - {18DBB6CE-3148-4FEC-B481-103CB3290427} - (no file)
O2 - BHO: BittorrentBar_PT - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - (no file)
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (file missing)
O2 - BHO: TBSB01620 - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - (no file)
O2 - BHO: (no name) - {93488930-185C-4CED-AFEB-0FD4930F8423} - (no file)
O2 - BHO: Browse2save - {C992690D-942B-FB46-E9A4-E7BBB1A545BF} - (no file)
O2 - BHO: (no name) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - (no file)
O2 - BHO: (no name) - {fe063412-bea4-4d76-8ed3-183be6220d17} - (no file)
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
_______________________________________________________________________________________________________
Siga também, por gentileza, as dicas dos tutoriais abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt e um novo log (relatório) do Hijackthis.
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção awesomehp
por rkiss Ter 28 Jan 2014, 20:36
bichinho teimoso!
Seguem os logs do HiJack e Adw...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:34:18, on 28/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
C:\Users\RKiss\Downloads\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Speed - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\PROGRA~2\SECURE~1\IE\SPEEDD~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - C:\Program Files (x86)\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Dropbox.lnk = RKiss\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: LastPass - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Preenchimento de formulários LastPass - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.itau.com.br
O16 - DPF: {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} (Web Control) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Common Toolkit Tools - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginService\PluginService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Macheen Service (MacheenService) - Macheen - C:\Program Files (x86)\Dell\NetReady\MacheenService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SecureUpdate (SecureUpdateSvc) - Unknown owner - C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FighterSuiteService.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\Windows\SysWOW64\WebUpdateSvc4.exe
O23 - Service: Mobile Broadband Core Service (WMCoreService) - Unknown owner - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wpm Service (Wpm) - Cherished Technololgy LIMITED - C:\ProgramData\WPM\wprotectmanager.exe
--
End of file - 14428 bytes
# AdwCleaner v3.018 - Relatório criado 28/01/2014 às 19:52:34
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : RKiss - RKISS-PC
# Executando de : C:\Users\RKiss\Downloads\adwcleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : bonanzadealslive
[#] Serviço Deletada : bonanzadealslivem
[#] Serviço Deletada : SProtection
Serviço Deletada : winzipersvc
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\boost_interprocess
Pasta Deletada : C:\ProgramData\Browse2Save
Pasta Deletada : C:\ProgramData\DealPlyLive
Pasta Deletada : C:\ProgramData\eSafe
Pasta Deletada : C:\ProgramData\IBUpdaterService
Pasta Deletada : C:\ProgramData\VisualBee
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2Save
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Pasta Deletada : C:\Program Files (x86)\Desk 365
Pasta Deletada : C:\Program Files (x86)\FromDocToPDF_65
Pasta Deletada : C:\Program Files (x86)\Protected Search
Pasta Deletada : C:\Program Files (x86)\WinZipper
Pasta Deletada : C:\Program Files (x86)\BittorrentBar_PT
Pasta Deletada : C:\Program Files (x86)\Common Files\337
Pasta Deletada : C:\Program Files (x86)\Common Files\spigot
Pasta Deletada : C:\Program Files (x86)\Common Files\Umbrella
Pasta Deletada : C:\Users\RKiss\AppData\Local\BonanzaDealsLive
Pasta Deletada : C:\Users\RKiss\AppData\Local\Conduit
Pasta Deletada : C:\Users\RKiss\AppData\Local\DealPlyLive
Pasta Deletada : C:\Users\RKiss\AppData\Local\FilesFrog Update Checker
Pasta Deletada : C:\Users\RKiss\AppData\Local\lollipop
Pasta Deletada : C:\Users\RKiss\AppData\Local\Minibar
Pasta Deletada : C:\Users\RKiss\AppData\Local\PutLockerDownloader
Pasta Deletada : C:\Users\RKiss\AppData\Local\visualbeeexe
Pasta Deletada : C:\Users\RKiss\AppData\Local\Temp\eIntaller
Pasta Deletada : C:\Users\RKiss\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\RKiss\AppData\LocalLow\BabylonToolbar
Pasta Deletada : C:\Users\RKiss\AppData\LocalLow\Browse2Save
Pasta Deletada : C:\Users\RKiss\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\RKiss\AppData\LocalLow\SimplyTech
Pasta Deletada : C:\Users\RKiss\AppData\LocalLow\Toolbar4
Pasta Deletada : C:\Users\RKiss\AppData\LocalLow\BittorrentBar_PT
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\337
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\BabSolution
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Desk 365
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\eIntaller
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\eUpdate
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Funmoods
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Iminent
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Omiga Plus
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\SeeSimilar02
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\SimplyTech
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\SpeedAnalysis2
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\SpeedAnalysis3
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\UpdaterEX
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\WinZipper
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\FromDocToPDF_65
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\SweetPacksToolbarData
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
Arquivo Deletada : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\invalidprefs.js
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
Arquivo Deletada : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\searchplugins\BrowserProtect.xml
Arquivo Deletada : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\searchplugins\delta.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\delta-homes.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\portaldosites.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchTheWeb.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Arquivo Deletada : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\user.js
Arquivo Deletada : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
Arquivo Deletada : C:\Windows\System32\Tasks\BonanzaDealsUpdate
Arquivo Deletada : C:\Windows\Tasks\Dealply.job
Arquivo Deletada : C:\Windows\System32\Tasks\Dealply
Arquivo Deletada : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Arquivo Deletada : C:\Windows\System32\Tasks\EPUpdater
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
Arquivo Deletada : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser
Arquivo Deletada : C:\Windows\Tasks\UpdaterEX.job
Arquivo Deletada : C:\Windows\System32\Tasks\UpdaterEX
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\RKiss\Desktop\Atalho para Arquivos\Mozilla Firefox.lnk
***** [ Registro ] *****
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\fegpgkakakkgjlnfdfoghgoohkbcejpm
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mbmpjbkgemhgalmeiigcdljkccfcafoj
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
Chave Deletedo : HKLM\SOFTWARE\Classes\AmiBs.Installer
Chave Deletedo : HKLM\SOFTWARE\Classes\AmiBs.Installer.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Chave Deletedo : HKLM\SOFTWARE\Classes\PutLockerDownloader
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Chave Deletedo : HKCU\Software\5255db8fb13ceb42
Chave Deletedo : HKLM\SOFTWARE\5255db8fb13ceb42
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2849856
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_media-player-codec-pack_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_media-player-codec-pack_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_soulseek_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_soulseek_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E2EF8DB6-915D-4551-AD77-D3617609766B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E2EF8DB6-915D-4551-AD77-D3617609766B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41797CDF-C053-40A3-8C05-E2A36F4853AB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EBD00AA-D683-41BA-8480-BDBA89DDDA51}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{29ACF17C-1713-4286-8F40-BFD05F1E70C8}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{29ACF17C-1713-4286-8F40-BFD05F1E70C8}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}
Valor Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\BabSolution
Chave Deletedo : HKCU\Software\BabylonToolbar
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DataMngr
Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\DealPlyLive
Chave Deletedo : HKCU\Software\Delta
Chave Deletedo : HKCU\Software\filescout
Chave Deletedo : HKCU\Software\Funmoods
Chave Deletedo : HKCU\Software\IM
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Minibar
Chave Deletedo : HKCU\Software\Optimizer Pro
Chave Deletedo : HKCU\Software\performersoft llc
Chave Deletedo : HKCU\Software\powerpack
Chave Deletedo : HKCU\Software\smartbar
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\Somoto
Chave Deletedo : HKCU\Software\visualbee
Chave Deletedo : HKCU\Software\Webplayer
Chave Deletedo : HKCU\Software\wnlt
Chave Deletedo : HKCU\Software\AppDataLow\SProtector
Chave Deletedo : HKCU\Software\AppDataLow\Toolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\lyrixeeker
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKCU\Software\AppDataLow\Software\Search Settings
Chave Deletedo : HKCU\Software\AppDataLow\Software\simplytech
Chave Deletedo : HKCU\Software\AppDataLow\Software\smartbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\BittorrentBar_PT
Chave Deletedo : HKLM\Software\BonanzaDealsLive
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\delta-homesSoftware
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\Minibar
Chave Deletedo : HKLM\Software\omigaplusSvc
Chave Deletedo : HKLM\Software\portaldositesSoftware
Chave Deletedo : HKLM\Software\qvo6Software
Chave Deletedo : HKLM\Software\SP Global
Chave Deletedo : HKLM\Software\SProtector
Chave Deletedo : HKLM\Software\Umbrella
Chave Deletedo : HKLM\Software\V9
Chave Deletedo : HKLM\Software\visualbee
Chave Deletedo : HKLM\Software\BittorrentBar_PT
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_PT Toolbar
Chave Deletedo : [x64] HKLM\SOFTWARE\Tarma Installer
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Chave Deletedo : HKLM\Software\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16428
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
-\\ Mozilla Firefox v26.0 (pt-BR)
[ Arquivo : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\prefs.js ]
Linha deletada : user_pref("CT2849856_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1368105430420,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Linha deletada : user_pref("CT2851643_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1368105430434,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Linha deletada : user_pref("aol_toolbar.default.homepage.check", false);
Linha deletada : user_pref("aol_toolbar.default.search.check", false);
Linha deletada : user_pref("browser.search.defaultengine", "Web Search");
Linha deletada : user_pref("browser.search.defaultthis.engineName", "WebSearch");
Linha deletada : user_pref("browser.search.order.1", "qvo6");
Linha deletada : user_pref("extensions.50f07bb1cba22.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe[...]
Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);
Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Linha deletada : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "pt");
Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.BabylonToolbar.id", "9c5f5073000000000000c0cb38955c75");
Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15954");
Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar.newTab", false);
Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar.rvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9c5f5073000000000000c0cb38955c75&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.6");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.617:19:17");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.6");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=121084&tsp=4997");
Linha deletada : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar_i.newTab", false);
Linha deletada : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.216:51:38");
Linha deletada : user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//sd-cf.softonic.com.br/[...]
Linha deletada : user_pref("extensions.crossrider.bic", "14031dd956d41891a655ae004040027a");
Linha deletada : user_pref("extensions.delta.admin", false);
Linha deletada : user_pref("extensions.delta.aflt", "babsst");
Linha deletada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Linha deletada : user_pref("extensions.delta.autoRvrt", "false");
Linha deletada : user_pref("extensions.delta.dfltLng", "pt");
Linha deletada : user_pref("extensions.delta.excTlbr", false);
Linha deletada : user_pref("extensions.delta.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.delta.id", "9c5f5073000000000000c0cb38955c75");
Linha deletada : user_pref("extensions.delta.instlDay", "15916");
Linha deletada : user_pref("extensions.delta.instlRef", "sst");
Linha deletada : user_pref("extensions.delta.lastVrsnTs", "1.8.22.019:58:22");
Linha deletada : user_pref("extensions.delta.newTab", false);
Linha deletada : user_pref("extensions.delta.prdct", "delta");
Linha deletada : user_pref("extensions.delta.prtnrId", "delta");
Linha deletada : user_pref("extensions.delta.rvrt", "false");
Linha deletada : user_pref("extensions.delta.smplGrp", "none");
Linha deletada : user_pref("extensions.delta.tlbrId", "base");
Linha deletada : user_pref("extensions.delta.tlbrSrchUrl", "");
Linha deletada : user_pref("extensions.delta.vrsn", "1.8.22.0");
Linha deletada : user_pref("extensions.delta.vrsnTs", "1.8.22.019:58:22");
Linha deletada : user_pref("extensions.delta.vrsni", "1.8.22.0");
Linha deletada : user_pref("extensions.delta_i.babExt", "");
Linha deletada : user_pref("extensions.delta_i.babTrack", "affID=123886&tsp=4959");
Linha deletada : user_pref("extensions.delta_i.srcExt", "ss");
Linha deletada : user_pref("extensions.funmoods.aflt", "1543n");
Linha deletada : user_pref("extensions.funmoods.appId", "{EA28B360-05E0-4F93-8150-02891F1D8D3C}");
Linha deletada : user_pref("extensions.funmoods.cd", "2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EzztAzytC0EyDtDyBtAtN0D0Tzu0CyCtAzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1CzutCyDyE");
Linha deletada : user_pref("extensions.funmoods.cntry", "BR");
Linha deletada : user_pref("extensions.funmoods.cr", "821617488");
Linha deletada : user_pref("extensions.funmoods.cv", "cv5");
Linha deletada : user_pref("extensions.funmoods.dfltLng", "");
Linha deletada : user_pref("extensions.funmoods.dfltSrch", true);
Linha deletada : user_pref("extensions.funmoods.dnsErr", true);
Linha deletada : user_pref("extensions.funmoods.excTlbr", false);
Linha deletada : user_pref("extensions.funmoods.hdrMd5", "AF1EDB579DAD26146F268DB8C6DD5EC9");
Linha deletada : user_pref("extensions.funmoods.hmpg", true);
Linha deletada : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=1543n&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EzztAzytC0EyDtDyBtAtN0D0Tzu0CyCtAzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1CzutCyDyE&cr=82161748[...]
Linha deletada : user_pref("extensions.funmoods.id", "F04DA2E8391E5073");
Linha deletada : user_pref("extensions.funmoods.instlDay", "15977");
Linha deletada : user_pref("extensions.funmoods.instlRef", "");
Linha deletada : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=1543n&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EzztAzytC0EyDtDyBtAtN0D0Tzu0CyCtAzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1CzutCyDyE&cr=821617[...]
Linha deletada : user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"237\",\"lastVrsn\":\"237\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Linha deletada : user_pref("extensions.funmoods.prdct", "funmoods");
Linha deletada : user_pref("extensions.funmoods.prtnrId", "funmoods");
Linha deletada : user_pref("extensions.funmoods.sg", "none");
Linha deletada : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Linha deletada : user_pref("extensions.funmoods.tlbrId", "base");
Linha deletada : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=1543n&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EzztAzytC0EyDtDyBtAtN0D0Tzu0CyCtAzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1CzutCyDyE&cr=8216[...]
Linha deletada : user_pref("extensions.funmoods.vrsn", "1.8.11.0");
Linha deletada : user_pref("extensions.funmoods.vrsni", "1.8.11.0");
Linha deletada : user_pref("extensions.funmoods_i.hmpg", true);
Linha deletada : user_pref("extensions.funmoods_i.newTab", false);
Linha deletada : user_pref("extensions.funmoods_i.smplGrp", "none");
Linha deletada : user_pref("extensions.funmoods_i.vrsnTs", "1.8.11.014:24:18");
Linha deletada : user_pref("extensions.helperbar.DockingPositionDown", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarDisabled", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Linha deletada : user_pref("extensions.helperbar.Visibility", false);
Linha deletada : user_pref("extensions.helperbar.countryiso", "br");
Linha deletada : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
Linha deletada : user_pref("extensions.helperbar.installationid", "b42237e3-acad-51f9-445c-a536ed4cfcd8");
Linha deletada : user_pref("extensions.helperbar.installdate", "30/08/2013");
Linha deletada : user_pref("extensions.helperbar.publisher", "quickobrw");
Linha deletada : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1389533665560");
Linha deletada : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001");
Linha deletada : user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");
Linha deletada : user_pref("smartbar.machineId", "4SXQO2+AAK1YWD9XDTAK1YRSQLLNFEF1XP4JQDFS4CCGTSXKTY11HMMUXIG5NSLVOICCF0RSUMRXNJJVOCZ0XG");
Linha deletada : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Linha deletada : user_pref("sweetim.toolbar.SearchBoxLogo", "");
Linha deletada : user_pref("sweetim.toolbar.SearchBoxText", "");
Linha deletada : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Linha deletada : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1360274556842");
Linha deletada : user_pref("sweetim.toolbar.Visibility.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Linha deletada : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.defaultProvider", "");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Linha deletada : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Linha deletada : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Linha deletada : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Linha deletada : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Linha deletada : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Linha deletada : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Linha deletada : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Linha deletada : user_pref("sweetim.toolbar.mode.debug", "false");
Linha deletada : user_pref("sweetim.toolbar.newtab.created", "false");
Linha deletada : user_pref("sweetim.toolbar.newtab.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.newtab.url", "hxxp://home.sweetim.com/?src=97&barid=$toolbar_id;");
Linha deletada : user_pref("sweetim.toolbar.rc.url", "hxxp://tbsrv1.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://([Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Linha deletada : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://([Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Linha deletada : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.callback", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Linha deletada : user_pref("sweetim.toolbar.search.external", "
Linha deletada : user_pref("sweetim.toolbar.searchguard.enable", "false");
Linha deletada : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Linha deletada : user_pref("sweetim.toolbar.simapp_id", "{2D35440B-60A2-11E2-9C59-F04DA2E8391E}");
Linha deletada : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://www.sweetim.com/uninstallbar.asp?barid=$toolbar_id;");
Linha deletada : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.sweetim.com/help_contact.asp");
Linha deletada : user_pref("sweetim.toolbar.urls.homepage", "hxxp://www.sweetim.com");
Linha deletada : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.sweetim.com/eula.html#privacy");
Linha deletada : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://search.sweetim.com/search.asp?barid=$toolbar_id;");
Linha deletada : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/");
Linha deletada : user_pref("sweetim.toolbar.version", "1.11.0.2");
*************************
AdwCleaner[R0].txt - [49793 octets] - [28/01/2014 19:51:41]
AdwCleaner[S0].txt - [45443 octets] - [28/01/2014 19:52:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [45504 octets] ##########
Seguem os logs do HiJack e Adw...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:34:18, on 28/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
C:\Users\RKiss\Downloads\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Speed - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\PROGRA~2\SECURE~1\IE\SPEEDD~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} - C:\Program Files (x86)\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Dropbox.lnk = RKiss\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: LastPass - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Preenchimento de formulários LastPass - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.itau.com.br
O16 - DPF: {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} (Web Control) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Common Toolkit Tools - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginService\PluginService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Macheen Service (MacheenService) - Macheen - C:\Program Files (x86)\Dell\NetReady\MacheenService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SecureUpdate (SecureUpdateSvc) - Unknown owner - C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FighterSuiteService.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\Windows\SysWOW64\WebUpdateSvc4.exe
O23 - Service: Mobile Broadband Core Service (WMCoreService) - Unknown owner - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wpm Service (Wpm) - Cherished Technololgy LIMITED - C:\ProgramData\WPM\wprotectmanager.exe
--
End of file - 14428 bytes
# AdwCleaner v3.018 - Relatório criado 28/01/2014 às 19:52:34
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : RKiss - RKISS-PC
# Executando de : C:\Users\RKiss\Downloads\adwcleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : bonanzadealslive
[#] Serviço Deletada : bonanzadealslivem
[#] Serviço Deletada : SProtection
Serviço Deletada : winzipersvc
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\boost_interprocess
Pasta Deletada : C:\ProgramData\Browse2Save
Pasta Deletada : C:\ProgramData\DealPlyLive
Pasta Deletada : C:\ProgramData\eSafe
Pasta Deletada : C:\ProgramData\IBUpdaterService
Pasta Deletada : C:\ProgramData\VisualBee
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2Save
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Pasta Deletada : C:\Program Files (x86)\Desk 365
Pasta Deletada : C:\Program Files (x86)\FromDocToPDF_65
Pasta Deletada : C:\Program Files (x86)\Protected Search
Pasta Deletada : C:\Program Files (x86)\WinZipper
Pasta Deletada : C:\Program Files (x86)\BittorrentBar_PT
Pasta Deletada : C:\Program Files (x86)\Common Files\337
Pasta Deletada : C:\Program Files (x86)\Common Files\spigot
Pasta Deletada : C:\Program Files (x86)\Common Files\Umbrella
Pasta Deletada : C:\Users\RKiss\AppData\Local\BonanzaDealsLive
Pasta Deletada : C:\Users\RKiss\AppData\Local\Conduit
Pasta Deletada : C:\Users\RKiss\AppData\Local\DealPlyLive
Pasta Deletada : C:\Users\RKiss\AppData\Local\FilesFrog Update Checker
Pasta Deletada : C:\Users\RKiss\AppData\Local\lollipop
Pasta Deletada : C:\Users\RKiss\AppData\Local\Minibar
Pasta Deletada : C:\Users\RKiss\AppData\Local\PutLockerDownloader
Pasta Deletada : C:\Users\RKiss\AppData\Local\visualbeeexe
Pasta Deletada : C:\Users\RKiss\AppData\Local\Temp\eIntaller
Pasta Deletada : C:\Users\RKiss\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\RKiss\AppData\LocalLow\BabylonToolbar
Pasta Deletada : C:\Users\RKiss\AppData\LocalLow\Browse2Save
Pasta Deletada : C:\Users\RKiss\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\RKiss\AppData\LocalLow\SimplyTech
Pasta Deletada : C:\Users\RKiss\AppData\LocalLow\Toolbar4
Pasta Deletada : C:\Users\RKiss\AppData\LocalLow\BittorrentBar_PT
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\337
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\BabSolution
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Desk 365
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\eIntaller
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\eUpdate
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Funmoods
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Iminent
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Omiga Plus
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\SeeSimilar02
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\SimplyTech
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\SpeedAnalysis2
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\SpeedAnalysis3
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\UpdaterEX
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\WinZipper
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\FromDocToPDF_65
Pasta Deletada : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\SweetPacksToolbarData
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
Arquivo Deletada : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\invalidprefs.js
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
Arquivo Deletada : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\searchplugins\BrowserProtect.xml
Arquivo Deletada : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\searchplugins\delta.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\delta-homes.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\portaldosites.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchTheWeb.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Arquivo Deletada : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\user.js
Arquivo Deletada : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
Arquivo Deletada : C:\Windows\System32\Tasks\BonanzaDealsUpdate
Arquivo Deletada : C:\Windows\Tasks\Dealply.job
Arquivo Deletada : C:\Windows\System32\Tasks\Dealply
Arquivo Deletada : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Arquivo Deletada : C:\Windows\System32\Tasks\EPUpdater
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
Arquivo Deletada : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser
Arquivo Deletada : C:\Windows\Tasks\UpdaterEX.job
Arquivo Deletada : C:\Windows\System32\Tasks\UpdaterEX
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\RKiss\Desktop\Atalho para Arquivos\Mozilla Firefox.lnk
***** [ Registro ] *****
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\fegpgkakakkgjlnfdfoghgoohkbcejpm
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mbmpjbkgemhgalmeiigcdljkccfcafoj
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NTRedirect]
Chave Deletedo : HKLM\SOFTWARE\Classes\AmiBs.Installer
Chave Deletedo : HKLM\SOFTWARE\Classes\AmiBs.Installer.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Chave Deletedo : HKLM\SOFTWARE\Classes\PutLockerDownloader
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Chave Deletedo : HKCU\Software\5255db8fb13ceb42
Chave Deletedo : HKLM\SOFTWARE\5255db8fb13ceb42
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2849856
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_media-player-codec-pack_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_media-player-codec-pack_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_soulseek_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_soulseek_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E2EF8DB6-915D-4551-AD77-D3617609766B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E2EF8DB6-915D-4551-AD77-D3617609766B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41797CDF-C053-40A3-8C05-E2A36F4853AB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EBD00AA-D683-41BA-8480-BDBA89DDDA51}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{29ACF17C-1713-4286-8F40-BFD05F1E70C8}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{29ACF17C-1713-4286-8F40-BFD05F1E70C8}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0}
Valor Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\BabSolution
Chave Deletedo : HKCU\Software\BabylonToolbar
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DataMngr
Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\DealPlyLive
Chave Deletedo : HKCU\Software\Delta
Chave Deletedo : HKCU\Software\filescout
Chave Deletedo : HKCU\Software\Funmoods
Chave Deletedo : HKCU\Software\IM
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Minibar
Chave Deletedo : HKCU\Software\Optimizer Pro
Chave Deletedo : HKCU\Software\performersoft llc
Chave Deletedo : HKCU\Software\powerpack
Chave Deletedo : HKCU\Software\smartbar
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\Somoto
Chave Deletedo : HKCU\Software\visualbee
Chave Deletedo : HKCU\Software\Webplayer
Chave Deletedo : HKCU\Software\wnlt
Chave Deletedo : HKCU\Software\AppDataLow\SProtector
Chave Deletedo : HKCU\Software\AppDataLow\Toolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\lyrixeeker
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKCU\Software\AppDataLow\Software\Search Settings
Chave Deletedo : HKCU\Software\AppDataLow\Software\simplytech
Chave Deletedo : HKCU\Software\AppDataLow\Software\smartbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\BittorrentBar_PT
Chave Deletedo : HKLM\Software\BonanzaDealsLive
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\delta-homesSoftware
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\Minibar
Chave Deletedo : HKLM\Software\omigaplusSvc
Chave Deletedo : HKLM\Software\portaldositesSoftware
Chave Deletedo : HKLM\Software\qvo6Software
Chave Deletedo : HKLM\Software\SP Global
Chave Deletedo : HKLM\Software\SProtector
Chave Deletedo : HKLM\Software\Umbrella
Chave Deletedo : HKLM\Software\V9
Chave Deletedo : HKLM\Software\visualbee
Chave Deletedo : HKLM\Software\BittorrentBar_PT
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_PT Toolbar
Chave Deletedo : [x64] HKLM\SOFTWARE\Tarma Installer
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Chave Deletedo : HKLM\Software\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16428
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
-\\ Mozilla Firefox v26.0 (pt-BR)
[ Arquivo : C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\prefs.js ]
Linha deletada : user_pref("CT2849856_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1368105430420,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Linha deletada : user_pref("CT2851643_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1368105430434,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Linha deletada : user_pref("aol_toolbar.default.homepage.check", false);
Linha deletada : user_pref("aol_toolbar.default.search.check", false);
Linha deletada : user_pref("browser.search.defaultengine", "Web Search");
Linha deletada : user_pref("browser.search.defaultthis.engineName", "WebSearch");
Linha deletada : user_pref("browser.search.order.1", "qvo6");
Linha deletada : user_pref("extensions.50f07bb1cba22.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe[...]
Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);
Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Linha deletada : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "pt");
Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.BabylonToolbar.id", "9c5f5073000000000000c0cb38955c75");
Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15954");
Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar.newTab", false);
Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar.rvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9c5f5073000000000000c0cb38955c75&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.6");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.617:19:17");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.6");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=121084&tsp=4997");
Linha deletada : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar_i.newTab", false);
Linha deletada : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.216:51:38");
Linha deletada : user_pref("extensions.a75c9b989a6e64455971f45304161eb2302648b9149b24d7f99ef7e959a8e6505com33438.33438.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//sd-cf.softonic.com.br/[...]
Linha deletada : user_pref("extensions.crossrider.bic", "14031dd956d41891a655ae004040027a");
Linha deletada : user_pref("extensions.delta.admin", false);
Linha deletada : user_pref("extensions.delta.aflt", "babsst");
Linha deletada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Linha deletada : user_pref("extensions.delta.autoRvrt", "false");
Linha deletada : user_pref("extensions.delta.dfltLng", "pt");
Linha deletada : user_pref("extensions.delta.excTlbr", false);
Linha deletada : user_pref("extensions.delta.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.delta.id", "9c5f5073000000000000c0cb38955c75");
Linha deletada : user_pref("extensions.delta.instlDay", "15916");
Linha deletada : user_pref("extensions.delta.instlRef", "sst");
Linha deletada : user_pref("extensions.delta.lastVrsnTs", "1.8.22.019:58:22");
Linha deletada : user_pref("extensions.delta.newTab", false);
Linha deletada : user_pref("extensions.delta.prdct", "delta");
Linha deletada : user_pref("extensions.delta.prtnrId", "delta");
Linha deletada : user_pref("extensions.delta.rvrt", "false");
Linha deletada : user_pref("extensions.delta.smplGrp", "none");
Linha deletada : user_pref("extensions.delta.tlbrId", "base");
Linha deletada : user_pref("extensions.delta.tlbrSrchUrl", "");
Linha deletada : user_pref("extensions.delta.vrsn", "1.8.22.0");
Linha deletada : user_pref("extensions.delta.vrsnTs", "1.8.22.019:58:22");
Linha deletada : user_pref("extensions.delta.vrsni", "1.8.22.0");
Linha deletada : user_pref("extensions.delta_i.babExt", "");
Linha deletada : user_pref("extensions.delta_i.babTrack", "affID=123886&tsp=4959");
Linha deletada : user_pref("extensions.delta_i.srcExt", "ss");
Linha deletada : user_pref("extensions.funmoods.aflt", "1543n");
Linha deletada : user_pref("extensions.funmoods.appId", "{EA28B360-05E0-4F93-8150-02891F1D8D3C}");
Linha deletada : user_pref("extensions.funmoods.cd", "2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EzztAzytC0EyDtDyBtAtN0D0Tzu0CyCtAzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1CzutCyDyE");
Linha deletada : user_pref("extensions.funmoods.cntry", "BR");
Linha deletada : user_pref("extensions.funmoods.cr", "821617488");
Linha deletada : user_pref("extensions.funmoods.cv", "cv5");
Linha deletada : user_pref("extensions.funmoods.dfltLng", "");
Linha deletada : user_pref("extensions.funmoods.dfltSrch", true);
Linha deletada : user_pref("extensions.funmoods.dnsErr", true);
Linha deletada : user_pref("extensions.funmoods.excTlbr", false);
Linha deletada : user_pref("extensions.funmoods.hdrMd5", "AF1EDB579DAD26146F268DB8C6DD5EC9");
Linha deletada : user_pref("extensions.funmoods.hmpg", true);
Linha deletada : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=1543n&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EzztAzytC0EyDtDyBtAtN0D0Tzu0CyCtAzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1CzutCyDyE&cr=82161748[...]
Linha deletada : user_pref("extensions.funmoods.id", "F04DA2E8391E5073");
Linha deletada : user_pref("extensions.funmoods.instlDay", "15977");
Linha deletada : user_pref("extensions.funmoods.instlRef", "");
Linha deletada : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=1543n&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EzztAzytC0EyDtDyBtAtN0D0Tzu0CyCtAzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1CzutCyDyE&cr=821617[...]
Linha deletada : user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"237\",\"lastVrsn\":\"237\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Linha deletada : user_pref("extensions.funmoods.prdct", "funmoods");
Linha deletada : user_pref("extensions.funmoods.prtnrId", "funmoods");
Linha deletada : user_pref("extensions.funmoods.sg", "none");
Linha deletada : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Linha deletada : user_pref("extensions.funmoods.tlbrId", "base");
Linha deletada : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=1543n&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EzztAzytC0EyDtDyBtAtN0D0Tzu0CyCtAzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1CzutCyDyE&cr=8216[...]
Linha deletada : user_pref("extensions.funmoods.vrsn", "1.8.11.0");
Linha deletada : user_pref("extensions.funmoods.vrsni", "1.8.11.0");
Linha deletada : user_pref("extensions.funmoods_i.hmpg", true);
Linha deletada : user_pref("extensions.funmoods_i.newTab", false);
Linha deletada : user_pref("extensions.funmoods_i.smplGrp", "none");
Linha deletada : user_pref("extensions.funmoods_i.vrsnTs", "1.8.11.014:24:18");
Linha deletada : user_pref("extensions.helperbar.DockingPositionDown", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarDisabled", false);
Linha deletada : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Linha deletada : user_pref("extensions.helperbar.Visibility", false);
Linha deletada : user_pref("extensions.helperbar.countryiso", "br");
Linha deletada : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
Linha deletada : user_pref("extensions.helperbar.installationid", "b42237e3-acad-51f9-445c-a536ed4cfcd8");
Linha deletada : user_pref("extensions.helperbar.installdate", "30/08/2013");
Linha deletada : user_pref("extensions.helperbar.publisher", "quickobrw");
Linha deletada : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1389533665560");
Linha deletada : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001");
Linha deletada : user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");
Linha deletada : user_pref("smartbar.machineId", "4SXQO2+AAK1YWD9XDTAK1YRSQLLNFEF1XP4JQDFS4CCGTSXKTY11HMMUXIG5NSLVOICCF0RSUMRXNJJVOCZ0XG");
Linha deletada : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Linha deletada : user_pref("sweetim.toolbar.SearchBoxLogo", "");
Linha deletada : user_pref("sweetim.toolbar.SearchBoxText", "");
Linha deletada : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Linha deletada : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1360274556842");
Linha deletada : user_pref("sweetim.toolbar.Visibility.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Linha deletada : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.defaultProvider", "");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Linha deletada : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Linha deletada : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Linha deletada : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Linha deletada : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Linha deletada : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Linha deletada : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Linha deletada : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Linha deletada : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Linha deletada : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Linha deletada : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Linha deletada : user_pref("sweetim.toolbar.mode.debug", "false");
Linha deletada : user_pref("sweetim.toolbar.newtab.created", "false");
Linha deletada : user_pref("sweetim.toolbar.newtab.enable", "true");
Linha deletada : user_pref("sweetim.toolbar.newtab.url", "hxxp://home.sweetim.com/?src=97&barid=$toolbar_id;");
Linha deletada : user_pref("sweetim.toolbar.rc.url", "hxxp://tbsrv1.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://([Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Linha deletada : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Linha deletada : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://([Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Linha deletada : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.callback", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Linha deletada : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Linha deletada : user_pref("sweetim.toolbar.search.external", "
Linha deletada : user_pref("sweetim.toolbar.searchguard.enable", "false");
Linha deletada : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Linha deletada : user_pref("sweetim.toolbar.simapp_id", "{2D35440B-60A2-11E2-9C59-F04DA2E8391E}");
Linha deletada : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://www.sweetim.com/uninstallbar.asp?barid=$toolbar_id;");
Linha deletada : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.sweetim.com/help_contact.asp");
Linha deletada : user_pref("sweetim.toolbar.urls.homepage", "hxxp://www.sweetim.com");
Linha deletada : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.sweetim.com/eula.html#privacy");
Linha deletada : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://search.sweetim.com/search.asp?barid=$toolbar_id;");
Linha deletada : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/");
Linha deletada : user_pref("sweetim.toolbar.version", "1.11.0.2");
*************************
AdwCleaner[R0].txt - [49793 octets] - [28/01/2014 19:51:41]
AdwCleaner[S0].txt - [45443 octets] - [28/01/2014 19:52:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [45504 octets] ##########
rkiss- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 28/01/2014
Re: Remoção awesomehp
por Power Max Ter 28 Jan 2014, 20:41
Vários problemas foram removidos.___________________________________________________
Siga, por gentileza, as dicas do tutoria abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste, por gentileza, o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção awesomehp
por rkiss Qua 29 Jan 2014, 09:37
Power esse awesomehp que nao some...
Segue log do Junkware...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by RKiss on 28/01/2014 at 21:03:39,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1879488085-2394445424-1124259813-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\cloud software ltd"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\RKiss\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\RKiss\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\RKiss\appdata\local\webplayer"
Successfully deleted: [Folder] "C:\Program Files (x86)\fighters"
Successfully deleted: [Folder] "C:\Program Files (x86)\secure speed dial"
~~~ FireFox
Successfully deleted the following from C:\Users\RKiss\AppData\Roaming\mozilla\firefox\profiles\j4irpo73.default\prefs.js
user_pref("extensions.lastpass.cae8acc22ef8e36b9a55794018dbdd326fd13e548250b18a4b259086a76412a2.searchforsiteswithinaddressbar", true);
user_pref("extensions.lastpass.searchforsiteswithinaddressbar", true);
Emptied folder: C:\Users\RKiss\AppData\Roaming\mozilla\firefox\profiles\j4irpo73.default\minidumps [429 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/01/2014 at 21:31:21,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Segue log do Junkware...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by RKiss on 28/01/2014 at 21:03:39,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1879488085-2394445424-1124259813-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\cloud software ltd"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\RKiss\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\RKiss\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\RKiss\appdata\local\webplayer"
Successfully deleted: [Folder] "C:\Program Files (x86)\fighters"
Successfully deleted: [Folder] "C:\Program Files (x86)\secure speed dial"
~~~ FireFox
Successfully deleted the following from C:\Users\RKiss\AppData\Roaming\mozilla\firefox\profiles\j4irpo73.default\prefs.js
user_pref("extensions.lastpass.cae8acc22ef8e36b9a55794018dbdd326fd13e548250b18a4b259086a76412a2.searchforsiteswithinaddressbar", true);
user_pref("extensions.lastpass.searchforsiteswithinaddressbar", true);
Emptied folder: C:\Users\RKiss\AppData\Roaming\mozilla\firefox\profiles\j4irpo73.default\minidumps [429 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/01/2014 at 21:31:21,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rkiss- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 28/01/2014
Re: Remoção awesomehp
por Power Max Qua 29 Jan 2014, 10:01
Mais problemas foram removidos.______________________________________
Siga também esta dica, por gentileza:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Depois disto é só você postar o relatório do Zoek que estará em C:\zoek-results aqui em seu tópico.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção awesomehp
por rkiss Qua 29 Jan 2014, 13:00
Segue abaixo o log gerado... enquanto isso o awesomeho positivo e operante...
Abx
Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by RKiss on 29/01/2014 at 11:50:33,98.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\RKiss\Downloads\zoek.exe [Scan all users] [Checkboxes used]
==== System Restore Info ======================
29/01/2014 11:55:02 Zoek.exe System Restore Point Created Succesfully.
==== Creating Sample_012014_1221.zip ======================
Copied file C:\Users\RKiss\AppData\Roaming\unins000.exe to sample\unins000.exe
Copied file C:\Users\RKiss\setup_av_free.exe to sample\setup_av_free.exe
Copied file C:\Users\RKiss\SkypeSetup.exe to sample\SkypeSetup.exe
Copied file C:\Users\RKiss\SkypeSetupFull.exe to sample\SkypeSetupFull.exe
sample\setup_av_free.exe renamed to 3A79D756F8977E8C5D887B8D3E732C2D
sample\SkypeSetup.exe renamed to 946AA2A825C9ADAA334DB62DB7DEAFFF
sample\SkypeSetupFull.exe renamed to 5151C17D942E3E5C18D6DB1C4500511A
sample\unins000.exe renamed to F88889972BAD4CE5CEC690CA883BC0EE
C:\Users\Public\Desktop\sample_012014_1221.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1879488085-2394445424-1124259813-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-1879488085-2394445424-1124259813-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BCECFEF7-3C1F-44F1-8E2B-238DC2A412AF} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Installed Programs ======================
æTorrent
7-Zip 9.21 (x64 edition)
AccelerateTab
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06) - Portuguˆs
Advanced SystemCare 7
Apple Mobile Device Support
avast Free Antivirus
Bonjour
Brother MFL-Pro Suite MFC-9320CW
CutePDF Writer 3.0
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell System Detect
Dell Touchpad
Dell Wireless HSPA Mini-Card Drivers
DigitalPersona WBF Fingerprint Support
Driver Booster
Dropbox
Embassy Security Center - Dell Vostro Edition
EMBASSY Security Center Lite
EMBASSY Security Setup
ESC Home Page Plugin
FLV Player
FlvPlayer
GuardiÆo Banco Ita£
IePluginService12.27.0.3326
Intel PROSet Wireless
Intel(R) Processor Graphics
IObit Malware Fighter
IObit Uninstaller
IRPF2013 - Declara‡Æo de Ajuste Anual, Final de Esp¢lio e Sa¡da Definitiva do Pa¡s
iTunes
Java 7 Update 45
Java 7 Update 51 (64-bit)
Java Auto Updater
K-Lite Codec Pack 9.6.5 (64-bit)
K-Lite Mega Codec Pack 9.9.0
LastPass(uninstall only)
Malwarebytes Anti-Malware versÆo 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (Portuguˆs do Brasil)
Microsoft .NET Framework 4.5.1 (PTB)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 26.0 (x86 pt-BR)
Mozilla Maintenance Service
MP3 Cutter 1.9
MSVC90_x64
MSVC90_x86
My Dell
Nokia Connectivity Cable Driver
Nokia PC Suite
OptimizerPro Updater
Orban/Coding Technologies AAC/aacPlus Player PluginT 1.0
Pacote de Driver do Windows - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
Pacote de Driver do Windows - Nokia Modem (02/25/2011 4.7)
Pacote de Driver do Windows - Nokia Modem (02/25/2011 7.01.0.9)
Pacote de Driver do Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
PC Connectivity Solution
PDF Creator
PDF Creator Packages
Poker Mania v3.2.1
Quickset64
QuickTime
Receitanet
SAMSUNG Intelli-studio
Secure Update
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Skype Web Plugin
Smart Defrag 3
Software Intel(R) PROSet/Wireless WiFi
Software WIDCOMM Bluetooth
SoulSeek 157 NS 13e
Start Menu Cleanup
Suporte para Aplicativos Apple
SupTab
Surfing Protection
TeamViewer 8
Trusted Drive Manager
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition
UpdaterEX
UPEKmsi
Validity Sensors DDK
Validity WBF DDK
VersÆo de 64 bits do Microsoft Outlook Hotmail Connector
VLC media player 2.1.2
Wave Infrastructure Installer
Wave Support Software
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (12/01/2009 6.2.0.9411)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Media Player Firefox Plugin
WinZipper
==== Running Processes ======================
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\ProgramData\IePluginService\PluginService.exe
C:\ProgramData\WPM\wprotectmanager.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Windows\SysWOW64\WebUpdateSvc4.exe
C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\Dell\NetReady\MacheenService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\RKiss\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IePluginService deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default
user.js not found
---- Lines spigot removed from prefs.js ----
user_pref("startpage.ntsearch_url", "http://br.search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=198484&p={searchTerms}");
---- Lines awesomehp removed from prefs.js ----
user_pref("browser.newtab.url", "http://www.awesomehp.com/newtab/?type=nt&ts=1390930045&from=tugs&uid=ST9320423AS_5VH5W4ASXXXX5VH5W4AS");
---- Lines imbooster removed from prefs.js ----
user_pref("id_imbooster4web_v6.cache.tbs_include_xml_006938", "0/17/19/0/113");
user_pref("id_imbooster4web_v6.firstlaunch", "0");
user_pref("id_imbooster4web_v6.guid", "%7B37154499-4328-316B-6AAA-E762BD966E33%7D");
user_pref("id_imbooster4web_v6.userId", "%12");
user_pref("id_imbooster4web_v6.Var1", "0");
user_pref("id_imbooster4web_v6.Var10", "0");
user_pref("id_imbooster4web_v6.Var2", "0");
user_pref("id_imbooster4web_v6.Var3", "0");
user_pref("id_imbooster4web_v6.Var4", "0");
user_pref("id_imbooster4web_v6.Var5", "0");
user_pref("id_imbooster4web_v6.Var6", "0");
user_pref("id_imbooster4web_v6.Var7", "0");
user_pref("id_imbooster4web_v6.Var8", "0");
user_pref("id_imbooster4web_v6.Var9", "0");
user_pref("id_imbooster4web_v6_installed_version", "1.0.1018.0");
---- FireFox user.js and prefs.js backups ----
prefs_012014_1228_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe"
==== Deleting Files \ Folders ======================
C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted
C:\PROGRA~2\GUME6F4.tmp deleted
C:\PROGRA~2\FromDocToPDF_65EI deleted
C:\found.000 deleted
C:\User Data\Default\Extensions deleted
C:\Users\RKiss\AppData\Roaming\Wondershare deleted
C:\Users\RKiss\AppData\Roaming\default.ico deleted
C:\ProgramData\IePluginService deleted
C:\ProgramData\CloudSoft deleted
C:\ProgramData\WPM deleted
C:\ProgramData\ProductData deleted
C:\ProgramData\InstallMate deleted
C:\Users\RKiss\AppData\Local\Wondershare deleted
C:\Users\RKiss\AppData\Local\emaze deleted
C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk deleted
C:\windows\SysNative\Tasks\SomotoUpdateCheckerAutoStart deleted
C:\Users\RKiss\Downloads\rcpsetup_softonic_soft_util_728_90_pdtop.exe deleted
C:\Users\RKiss\Downloads\FileConverter_1.1.exe deleted
C:\Users\RKiss\Downloads\SoftonicDownloader_para_media-player-codec-pack.exe deleted
C:\Users\RKiss\Downloads\SoftonicDownloader_para_soulseek.exe deleted
C:\Users\RKiss\AppData\LocalLow\ADSRemoval deleted
C:\Users\RKiss\AppData\LocalLow\FromDocToPDF_65EI deleted
C:\Users\RKiss\AppData\LocalLow\smartdownloader deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\IObit Apps deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\PriceGong deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\Windows\Launcher.exe deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\jetpack deleted
C:\Users\RKiss\AppData\Roaming\unins000.exe deleted
C:\Users\RKiss\setup_av_free.exe deleted
C:\Users\RKiss\SkypeSetup.exe deleted
C:\Users\RKiss\SkypeSetupFull.exe deleted
"C:\Windows\Installer\658719b.msi" deleted
"C:\Windows\Installer\65871a0.msi" deleted
"C:\PROGRA~2\Mozilla Firefox\searchplugins\awesomehp.xml" deleted
"C:\Users\RKiss\AppData\Roaming\gdp" deleted
"C:\Users\RKiss\AppData\Roaming\pokerth" deleted
"C:\PROGRA~2\COMMON~1\Wondershare" deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\BittorrentBar_PT" deleted
==== System Specs ======================
Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3895 MB
CPU Info: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
CPU Speed: 2594,4 MHz
Sound Card: Fones de ouvido independentes ( |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Monitor Genérico PnP |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Miniplaca de WLAN de meia altura DW1501 Wireless-N | Dispositivo Bluetooth (Rede Pessoal) | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVD+-RW GT32N
Ports: COM5 | COM8 | COM11 | COM4 | COM7 | COM10 | COM6 | COM9 | COM12 | COM3 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 298,0GB
Hard Disks - Free: C: 236,2GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 01/09/10 | DELL - 1072009
Time Zone: Hora oficial do Brasil
Motherboard *: Dell Inc. 056TK2
Country: Brasil
Language: PTB
==== System Specs (Software) ======================
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: IObit Malware Fighter disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Firefox 26.0
Internet Explorer Version: 11.0.9600.16476
Mozilla Firefox version: 26.0 (x86 pt-BR)
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_45 (32-bit)
Sun Java version: 1.7.0_51 (64-bit)
Flash Player version: 12.0.0.43
Shockwave Player version: 11.6.8r638
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\RKiss\AppData\Local\Temp ====
2014-01-29 12:47:46 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is701137889\2145759_stp.EXE
2014-01-29 12:39:46 DA1BE35653631BFD399466A4832D7702 630232 ----a-w- C:\Users\RKiss\AppData\Local\Temp\ICReinstall_7-zip-64-bits--921-32-bits.exe
2014-01-29 12:37:53 BF8A32BE2E09FAE28F33EC2A9DC92141 1443840 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is701137889\1552285_stp.MSI
2014-01-28 23:03:25 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-01-28 18:09:13 5C28E508C83A3B0DDBB224B04B1418B9 47329360 ----a-w- C:\Users\RKiss\AppData\Local\Temp\SHSetup.exe
2014-01-28 17:26:46 3C1D5913380288B7408EC14E4AAF659F 333312 ----a-w- C:\Users\RKiss\AppData\Local\Temp\79bc82fc-42f3-4e15-bce3-4ab2e8210e64\software\Launcher.exe
2014-01-27 22:26:47 B60C92984443F7DA951E7E895EFB5E9D 626888 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\31755994_stp.EXE
2014-01-27 22:26:43 776D01BCBC71F1F90654FFC3AD4150F7 762440 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\31755807_stp.EXE
2014-01-27 22:19:06 04DEB693052EF2F14B92A9E84573B62A 1211240 ----a-w- C:\Users\RKiss\AppData\Local\Temp\BavPro_Setup_Mini_116.exe
2014-01-27 22:19:05 471CDED25F71F415129CAF7C32E02281 1038588 ----a-w- C:\Users\RKiss\AppData\Local\Temp\baidu_bundle_br.exe
2014-01-27 18:33:22 2D10A980CC1539C4CA29387E82267B4D 279752 ----a-w- C:\Users\RKiss\AppData\Local\Temp\FLVPlayerSetup.exe
2014-01-27 18:33:18 21E9A9E7295795CF37E03106FD39A3BB 285608 ----a-w- C:\Users\RKiss\AppData\Local\Temp\appshat_generic.exe
2014-01-27 18:33:14 26F0BF722C99A7F06EC277C577F5C0CE 918856 ----a-w- C:\Users\RKiss\AppData\Local\Temp\BeamriseSetup.exe
2014-01-27 18:33:12 EF7D1863F4980AB0C8BDA142FEE67F92 200072 ----a-w- C:\Users\RKiss\AppData\Local\Temp\UpdateCheckerSetup.exe
2014-01-27 18:22:18 B60C92984443F7DA951E7E895EFB5E9D 626888 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\17084577_stp.EXE
2014-01-27 18:22:11 776D01BCBC71F1F90654FFC3AD4150F7 762440 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\17084400_stp.EXE
2014-01-23 03:54:20 9E343AE10F8B2F8C75B957E065D004D4 100864 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\QQBrowserFrame.dll
2014-01-23 03:54:20 2EEE15B1927EADFF45013E94B0CB0D94 131640 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\QQBrowser.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-01-18 16:24:24 9F2AEF6DC4E11307B065FD38D1DF00B8 312744 ----a-w- C:\Windows\Sysnative\javaws.exe
2014-01-18 16:24:18 AA2F3D9F789F071F90B398CC7D40330E 189352 ----a-w- C:\Windows\Sysnative\java.exe
2014-01-18 16:24:18 83EEFE83438AEF9FBB7613A106C5E5BB 189352 ----a-w- C:\Windows\Sysnative\javaw.exe
2014-01-18 16:24:18 1D1761BC856B17BFC5569D228F4FCD1D 108968 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll
2014-01-17 11:59:22 4D5D8058F17C873B4F0792678BAA6534 34080 ----a-w- C:\Windows\Sysnative\SmartDefragBootTime.exe
2014-01-17 11:59:04 6A6E91C06ACDBE1D85A4EC469BBB8EBB 121856 ----a-w- C:\Windows\Sysnative\IObitSmartDefragExtension.dll
====== C:\Windows\Sysnative\drivers =====
2014-01-29 12:48:40 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-01-17 11:59:03 E77CB3736A702D46A6FB15FB4A9894E3 21184 ----a-w- C:\Windows\Sysnative\drivers\SmartDefragDriver.sys
2014-01-15 12:20:22 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys
2014-01-15 12:20:22 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys
2014-01-15 12:20:22 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys
2014-01-15 12:20:22 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys
2014-01-15 12:20:22 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys
2014-01-15 12:20:22 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys
2014-01-15 12:20:22 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys
2014-01-15 12:20:19 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys
2014-01-14 12:28:54 C458A0B66D11CBABD113EAC828276A8C 12312928 ----a-w- C:\Windows\Sysnative\drivers\igdkmd64.sys
2014-01-11 13:49:50 AC4CA62572CA516945AB92D6C9F501F4 888536 ----a-w- C:\Windows\Sysnative\drivers\Rt64win7.sys
2014-01-09 13:38:03 DD587A55390ED2295BCE6D36AD567DA9 158976 ----a-w- C:\Windows\Sysnative\drivers\Impcd.sys
2014-01-09 13:37:00 AE594CC17C33AC146739494615E14851 317440 ----a-w- C:\Windows\Sysnative\drivers\IntcDAud.sys
====== C:\Windows\Tasks ======
2014-01-23 12:32:01 9A0CAA8645C34FEBA123BC0DA672ACC2 2898 ----a-w- C:\Windows\Sysnative\Tasks\AutoKMS
2014-01-17 11:59:25 E535EC427BB8C5F89C18A6582AF024C4 3166 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefrag3_Startup
2014-01-17 11:59:24 0450E5C9B205E42181EBC686F3C672DB 3164 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefrag3_Update
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-01-29 12:39:06 -------- d-----w- C:\Program Files\7-Zip
2014-01-28 18:16:30 -------- d-----w- C:\Program Files\Enigma Software Group
2014-01-07 21:41:56 -------- d-----w- C:\Program Files\Microsoft Silverlight
======= C:\PROGRA~2 =====
2014-01-28 18:15:29 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2014-01-09 13:36:50 -------- d-----w- C:\PROGRA~2\COMMON~1\Intel
2014-01-07 21:41:56 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight
======= C: =====
2014-01-29 13:44:49 D93A82D0FF42712FDA79FF66DE2ECFE1 1024 ----a-w- C:\.rnd
2014-01-28 18:17:15 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
====== C:\Users\RKiss\AppData\Roaming ======
2014-01-28 16:11:27 -------- d-----w- C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos Bluetooth
2014-01-14 21:31:36 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google
====== C:\Users\RKiss ======
2014-01-29 12:39:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-29 12:37:36 DA1BE35653631BFD399466A4832D7702 630232 ----a-w- C:\Users\RKiss\Downloads\7-zip-64-bits--921-32-bits.exe
2014-01-28 23:03:14 EE386D5ACB945089BCD91766697224BB 1037068 ----a-w- C:\Users\RKiss\Downloads\JRT.exe
2014-01-28 21:51:05 54DB2B8C60F04C5ADE6D711D47EABA75 1166132 ----a-w- C:\Users\RKiss\Downloads\adwcleaner.exe
2014-01-28 21:12:09 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\RKiss\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-28 18:08:55 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\RKiss\Downloads\SpyHunter-Installer.exe
2014-01-28 17:23:32 16350517AB7153BFF9B36F0FAB0EA5A5 319400 ----a-w- C:\Users\RKiss\Downloads\Setup.exe
2014-01-28 16:42:39 05921BDEA1DF17548F9A8511D8F11687 211939 ----a-w- C:\Users\RKiss\IPVA Megane 19mar13.pdf
2014-01-28 16:41:58 3263AC254FE5645C2BE978EFCBE8E214 210943 ----a-w- C:\Users\RKiss\Ipva megane 21jul14.pdf
2014-01-28 16:41:12 15D93986BA42C859D4BD84DB5471A4BC 210957 ----a-w- C:\Users\RKiss\Ipva megane 20jun14.pdf
2014-01-28 16:40:32 DC786234DAAE829EFD3C7D6DF66788AE 211175 ----a-w- C:\Users\RKiss\Ipva megane 19mai14.pdf
2014-01-28 16:39:51 53671A79230C953C352ED6FE4D1E8ECE 211618 ----a-w- C:\Users\RKiss\Ipva megane 22abr14.pdf
2014-01-27 22:26:18 915EFF6116207717E23FD71F4A75CD96 1107656 ----a-w- C:\Users\RKiss\Downloads\FlvPlayerSetup(1).exe
2014-01-27 19:04:00 9AE30DACD14914703A5D916D91DAC6B6 657072 ----a-w- C:\Users\RKiss\Downloads\flashplayer(1).exe
2014-01-27 18:32:48 F269E54C5273E9DBAF81C940635DB19B 167520 ----a-w- C:\Users\RKiss\Downloads\FLVPlayerSetup-3Y3dXOL.exe
2014-01-27 18:22:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
2014-01-27 18:21:58 1592EC14EA4874023F6739691ADC6FA8 1107656 ----a-w- C:\Users\RKiss\Downloads\FlvPlayerSetup.exe
2014-01-27 18:16:43 F00E32373B84B9F442ACB49AE5CFEC29 45221 ----a-w- C:\Users\RKiss\Downloads\flashplayer [1].exe
2014-01-27 18:14:45 7D30FAC9672236293F1559F5D4D43438 657072 ----a-w- C:\Users\RKiss\Downloads\flashplayer.exe
2014-01-23 14:03:32 12BAEDB2C33C60BEB264C12095B44159 172176 ----a-w- C:\Users\RKiss\NF THG 51 RK.pdf
2014-01-21 14:24:02 DCEEB07F5F033227A0C91FA383AE7A81 622 ----a-w- C:\Users\RKiss\TAM 28jan (2).lnk
2014-01-21 14:24:02 B82BD713B846F6D6C8EB84B0428FFA57 151048 ----a-w- C:\Users\RKiss\TAM 28jan.pdf
2014-01-20 11:47:17 2E42E2A7DD92E935D59725D0FFCC31CF 213713 ----a-w- C:\Users\RKiss\fatura_vivo_0114.pdf
2014-01-18 16:21:37 B0F3A9C0F4C2C66127223BA3644B54F6 30796712 ----a-w- C:\Users\RKiss\Downloads\jre-7u51-windows-x64.exe
2014-01-18 16:06:00 66214913C51C9F7589E8FE3BCF66B05F 18126032 ----a-w- C:\Users\RKiss\Downloads\AdobeAIRInstaller(2).exe
2014-01-17 18:10:20 1F25E78D56CFFCCC079F45F304EA63E9 105001 ----a-w- C:\Users\RKiss\DSPJ Inativa 2014 Kapazitat.pdf
2014-01-17 18:07:09 E443E12AA5C9A8B46F9BA5A04407F5E3 103579 ----a-w- C:\Users\RKiss\DSPJ Inativa RKISS.pdf
2014-01-17 16:24:39 657110E9176AEA86BDB46C027CC6AD13 102603 ----a-w- C:\Users\RKiss\boleto-000130103785011-1389975789620.pdf
2014-01-17 11:59:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2014-01-09 17:57:34 15024FEBC3CF4555035D163555AE0002 158124 ----a-w- C:\Users\RKiss\TAM 15jan14.pdf
2014-01-07 21:42:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-01-03 13:14:21 6E236CB1456B27FFD7420FD39E761B8F 682112 ----a-w- C:\Users\RKiss\vivo.png
2014-01-02 22:44:56 46CAACF19CA16C7AC5CA6738E511F484 118112 ----a-w- C:\Users\RKiss\Image-1.png
====== C: exe-files ==
2014-01-29 12:47:46 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is701137889\2145759_stp.EXE
2014-01-29 12:39:46 DA1BE35653631BFD399466A4832D7702 630232 ----a-w- C:\Users\RKiss\AppData\Local\Temp\ICReinstall_7-zip-64-bits--921-32-bits.exe
2014-01-29 12:37:36 DA1BE35653631BFD399466A4832D7702 630232 ----a-w- C:\Users\RKiss\Downloads\7-zip-64-bits--921-32-bits.exe
2014-01-28 23:03:25 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-01-28 23:03:14 EE386D5ACB945089BCD91766697224BB 1037068 ----a-w- C:\Users\RKiss\Downloads\JRT.exe
2014-01-28 22:05:00 EDB10586A061A621BBA2CB32E5E3220B 190429 ----a-w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.exe
2014-01-28 22:05:00 25D473D7805261C752DA738B13E35816 185271 ----a-w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla31.exe
2014-01-28 21:51:05 54DB2B8C60F04C5ADE6D711D47EABA75 1166132 ----a-w- C:\Users\RKiss\Downloads\adwcleaner.exe
2014-01-28 21:12:09 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\RKiss\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-28 18:09:13 5C28E508C83A3B0DDBB224B04B1418B9 47329360 ----a-w- C:\Users\RKiss\AppData\Local\Temp\SHSetup.exe
2014-01-28 18:08:55 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\RKiss\Downloads\SpyHunter-Installer.exe
2014-01-28 17:26:46 3C1D5913380288B7408EC14E4AAF659F 333312 ----a-w- C:\Users\RKiss\AppData\Local\Temp\79bc82fc-42f3-4e15-bce3-4ab2e8210e64\software\Launcher.exe
2014-01-28 17:23:32 16350517AB7153BFF9B36F0FAB0EA5A5 319400 ----a-w- C:\Users\RKiss\Downloads\Setup.exe
2014-01-27 22:26:47 B60C92984443F7DA951E7E895EFB5E9D 626888 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\31755994_stp.EXE
2014-01-27 22:26:43 776D01BCBC71F1F90654FFC3AD4150F7 762440 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\31755807_stp.EXE
2014-01-27 22:26:18 915EFF6116207717E23FD71F4A75CD96 1107656 ----a-w- C:\Users\RKiss\Downloads\FlvPlayerSetup(1).exe
2014-01-27 22:19:06 04DEB693052EF2F14B92A9E84573B62A 1211240 ----a-w- C:\Users\RKiss\AppData\Local\Temp\BavPro_Setup_Mini_116.exe
2014-01-27 22:19:05 471CDED25F71F415129CAF7C32E02281 1038588 ----a-w- C:\Users\RKiss\AppData\Local\Temp\baidu_bundle_br.exe
2014-01-27 19:04:00 9AE30DACD14914703A5D916D91DAC6B6 657072 ----a-w- C:\Users\RKiss\Downloads\flashplayer(1).exe
2014-01-27 18:33:22 2D10A980CC1539C4CA29387E82267B4D 279752 ----a-w- C:\Users\RKiss\AppData\Local\Temp\FLVPlayerSetup.exe
2014-01-27 18:33:18 21E9A9E7295795CF37E03106FD39A3BB 285608 ----a-w- C:\Users\RKiss\AppData\Local\Temp\appshat_generic.exe
2014-01-27 18:33:14 26F0BF722C99A7F06EC277C577F5C0CE 918856 ----a-w- C:\Users\RKiss\AppData\Local\Temp\BeamriseSetup.exe
2014-01-27 18:33:12 EF7D1863F4980AB0C8BDA142FEE67F92 200072 ----a-w- C:\Users\RKiss\AppData\Local\Temp\UpdateCheckerSetup.exe
2014-01-27 18:32:48 F269E54C5273E9DBAF81C940635DB19B 167520 ----a-w- C:\Users\RKiss\Downloads\FLVPlayerSetup-3Y3dXOL.exe
2014-01-27 18:22:18 B60C92984443F7DA951E7E895EFB5E9D 626888 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\17084577_stp.EXE
2014-01-27 18:22:11 776D01BCBC71F1F90654FFC3AD4150F7 762440 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\17084400_stp.EXE
2014-01-27 18:21:58 1592EC14EA4874023F6739691ADC6FA8 1107656 ----a-w- C:\Users\RKiss\Downloads\FlvPlayerSetup.exe
2014-01-27 18:16:43 F00E32373B84B9F442ACB49AE5CFEC29 45221 ----a-w- C:\Users\RKiss\Downloads\flashplayer [1].exe
2014-01-27 18:14:45 7D30FAC9672236293F1559F5D4D43438 657072 ----a-w- C:\Users\RKiss\Downloads\flashplayer.exe
2014-01-23 03:54:20 2EEE15B1927EADFF45013E94B0CB0D94 131640 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\QQBrowser.exe
=== C: other files ==
2014-01-29 14:31:13 7EA30B2F6D7BBF7C04E76106556EC1E6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1879488085-2394445424-1124259813-1000\$IZLDX0E.zip
2014-01-29 14:21:36 E4C7BF0B9AB4727499A129266CE00999 86251952 ----a-w- C:\$Recycle.Bin\S-1-5-21-1879488085-2394445424-1124259813-1000\$RZLDX0E.zip
2014-01-29 12:48:40 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-28 23:03:25 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\modules.bat
2014-01-28 23:03:25 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\chrome.bat
2014-01-28 23:03:25 BAD6C67C870CC81C48DBA53089929884 153331 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\firefox.bat
2014-01-28 23:03:25 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\FWPolicy.bat
2014-01-28 23:03:25 B7D46D5BC21F69EFEEFFC15060E423AC 154167 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\misc.bat
2014-01-28 23:03:25 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\ask.bat
2014-01-28 23:03:25 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\ev_clear.bat
2014-01-28 23:03:25 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\iexplore.bat
2014-01-28 23:03:25 7178963AEE641F3E47E1CE22416F8A3A 9295 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\runvalues.bat
2014-01-28 23:03:25 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\delorphans.bat
2014-01-28 23:03:25 5AE8F4442CA6D69FE9A6738E8DB411F2 10261 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\JRT.bat
2014-01-28 23:03:25 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\prelim.bat
2014-01-28 23:03:25 55D97CE5B1A61AD51F887E46550029F6 16063 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\get.bat
2014-01-28 23:03:25 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\searchlnk.bat
2014-01-28 23:03:25 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\TDL4.bat
2014-01-28 23:03:25 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\medfos.bat
2014-01-28 23:03:25 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\delfolders.bat
2014-01-28 18:17:15 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
2014-01-28 17:27:33 BF3174CE13B0B48EBDFA9BEC315E11D2 1439487 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\tmp\package2.zip
2014-01-28 17:26:57 8B1CF33F55233819DBB24A22BCCDFFB1 1877248 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\package1.zip
2014-01-23 04:00:04 F62F504CF99CA43295D7F5DC29CF2B56 270391 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\ep.xpi
2014-01-23 03:56:40 5A7DDB525B9AF48D9EFCE00B78829C83 680183 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\lpd#1.0.5.7.xpi
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1879488085-2394445424-1124259813-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe /MINIMIZED"
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe /MINIMIZED"
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeFallProtection"="C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe"
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
"EmbassySecurityCheck"="C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SysTrayApp"="%ProgramFiles%\IDT\WDM\sttray64.exe "
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CommonToolkitTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CommonToolkitTray"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Fighters\\Tray\\FightersTray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SearchSettings"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Spigot\\Search Settings\\SearchSettings.exe\""
==== Startup Folders ======================
2013-12-12 23:56:43 1049 ----a-w- C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-01-10 15:07:18 1268 ----a-w- C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2013-01-04 11:43:39 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
2013-02-05 11:17:19 2114 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
2013-02-05 11:17:15 2114 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [28/01/2014 20:15]
C:\Windows\tasks\AutoKMS.job --a------ [Undetermined Task]
C:\Windows\tasks\Driver Booster Startup.job --a------ C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [10/01/2014 17:57]
C:\Windows\tasks\Driver Booster Update.job --a------ [Undetermined Task]
C:\Windows\tasks\Wise PC 1stAid Task.job --a------ C:\Program Files (x86)\Wise\Wise PC 1stAid\WisePCAid.exe []
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASC7_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe]
"C:\Windows\SysNative\tasks\ASC7_SkipUac_RKiss" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac]
"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe]
"C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]
"C:\Windows\SysNative\tasks\Driver Booster Startup" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"]
"C:\Windows\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"]
"C:\Windows\SysNative\tasks\SmartDefrag3_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe]
"C:\Windows\SysNative\tasks\SmartDefrag3_Update" [C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]
"C:\Windows\SysNative\tasks\Wise PC 1stAid Task" [C:\Program Files (x86)\Wise\Wise PC 1stAid\WisePCAid.exe]
"C:\Windows\SysNative\tasks\{BFE3FB3A-7D6D-4AB6-81C1-57788B9A1BB1}" [C:\Users\RKiss\Downloads\Windows-XP-Media-Center-Edition.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"lightningnewtab@gmail.com"="C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\extensions\lightningnewtab@gmail.com.xpi" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\RKiss\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [28/01/2014 15:59]
Abx
Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by RKiss on 29/01/2014 at 11:50:33,98.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\RKiss\Downloads\zoek.exe [Scan all users] [Checkboxes used]
==== System Restore Info ======================
29/01/2014 11:55:02 Zoek.exe System Restore Point Created Succesfully.
==== Creating Sample_012014_1221.zip ======================
Copied file C:\Users\RKiss\AppData\Roaming\unins000.exe to sample\unins000.exe
Copied file C:\Users\RKiss\setup_av_free.exe to sample\setup_av_free.exe
Copied file C:\Users\RKiss\SkypeSetup.exe to sample\SkypeSetup.exe
Copied file C:\Users\RKiss\SkypeSetupFull.exe to sample\SkypeSetupFull.exe
sample\setup_av_free.exe renamed to 3A79D756F8977E8C5D887B8D3E732C2D
sample\SkypeSetup.exe renamed to 946AA2A825C9ADAA334DB62DB7DEAFFF
sample\SkypeSetupFull.exe renamed to 5151C17D942E3E5C18D6DB1C4500511A
sample\unins000.exe renamed to F88889972BAD4CE5CEC690CA883BC0EE
C:\Users\Public\Desktop\sample_012014_1221.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1879488085-2394445424-1124259813-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-1879488085-2394445424-1124259813-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BCECFEF7-3C1F-44F1-8E2B-238DC2A412AF} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Installed Programs ======================
æTorrent
7-Zip 9.21 (x64 edition)
AccelerateTab
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06) - Portuguˆs
Advanced SystemCare 7
Apple Mobile Device Support
avast Free Antivirus
Bonjour
Brother MFL-Pro Suite MFC-9320CW
CutePDF Writer 3.0
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell System Detect
Dell Touchpad
Dell Wireless HSPA Mini-Card Drivers
DigitalPersona WBF Fingerprint Support
Driver Booster
Dropbox
Embassy Security Center - Dell Vostro Edition
EMBASSY Security Center Lite
EMBASSY Security Setup
ESC Home Page Plugin
FLV Player
FlvPlayer
GuardiÆo Banco Ita£
IePluginService12.27.0.3326
Intel PROSet Wireless
Intel(R) Processor Graphics
IObit Malware Fighter
IObit Uninstaller
IRPF2013 - Declara‡Æo de Ajuste Anual, Final de Esp¢lio e Sa¡da Definitiva do Pa¡s
iTunes
Java 7 Update 45
Java 7 Update 51 (64-bit)
Java Auto Updater
K-Lite Codec Pack 9.6.5 (64-bit)
K-Lite Mega Codec Pack 9.9.0
LastPass(uninstall only)
Malwarebytes Anti-Malware versÆo 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (Portuguˆs do Brasil)
Microsoft .NET Framework 4.5.1 (PTB)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 26.0 (x86 pt-BR)
Mozilla Maintenance Service
MP3 Cutter 1.9
MSVC90_x64
MSVC90_x86
My Dell
Nokia Connectivity Cable Driver
Nokia PC Suite
OptimizerPro Updater
Orban/Coding Technologies AAC/aacPlus Player PluginT 1.0
Pacote de Driver do Windows - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
Pacote de Driver do Windows - Nokia Modem (02/25/2011 4.7)
Pacote de Driver do Windows - Nokia Modem (02/25/2011 7.01.0.9)
Pacote de Driver do Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
PC Connectivity Solution
PDF Creator
PDF Creator Packages
Poker Mania v3.2.1
Quickset64
QuickTime
Receitanet
SAMSUNG Intelli-studio
Secure Update
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Skype Web Plugin
Smart Defrag 3
Software Intel(R) PROSet/Wireless WiFi
Software WIDCOMM Bluetooth
SoulSeek 157 NS 13e
Start Menu Cleanup
Suporte para Aplicativos Apple
SupTab
Surfing Protection
TeamViewer 8
Trusted Drive Manager
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition
UpdaterEX
UPEKmsi
Validity Sensors DDK
Validity WBF DDK
VersÆo de 64 bits do Microsoft Outlook Hotmail Connector
VLC media player 2.1.2
Wave Infrastructure Installer
Wave Support Software
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (12/01/2009 6.2.0.9411)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Media Player Firefox Plugin
WinZipper
==== Running Processes ======================
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\ProgramData\IePluginService\PluginService.exe
C:\ProgramData\WPM\wprotectmanager.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
C:\Windows\SysWOW64\WebUpdateSvc4.exe
C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\Dell\NetReady\MacheenService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\RKiss\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IePluginService deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default
user.js not found
---- Lines spigot removed from prefs.js ----
user_pref("startpage.ntsearch_url", "http://br.search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=198484&p={searchTerms}");
---- Lines awesomehp removed from prefs.js ----
user_pref("browser.newtab.url", "http://www.awesomehp.com/newtab/?type=nt&ts=1390930045&from=tugs&uid=ST9320423AS_5VH5W4ASXXXX5VH5W4AS");
---- Lines imbooster removed from prefs.js ----
user_pref("id_imbooster4web_v6.cache.tbs_include_xml_006938", "0/17/19/0/113");
user_pref("id_imbooster4web_v6.firstlaunch", "0");
user_pref("id_imbooster4web_v6.guid", "%7B37154499-4328-316B-6AAA-E762BD966E33%7D");
user_pref("id_imbooster4web_v6.userId", "%12");
user_pref("id_imbooster4web_v6.Var1", "0");
user_pref("id_imbooster4web_v6.Var10", "0");
user_pref("id_imbooster4web_v6.Var2", "0");
user_pref("id_imbooster4web_v6.Var3", "0");
user_pref("id_imbooster4web_v6.Var4", "0");
user_pref("id_imbooster4web_v6.Var5", "0");
user_pref("id_imbooster4web_v6.Var6", "0");
user_pref("id_imbooster4web_v6.Var7", "0");
user_pref("id_imbooster4web_v6.Var8", "0");
user_pref("id_imbooster4web_v6.Var9", "0");
user_pref("id_imbooster4web_v6_installed_version", "1.0.1018.0");
---- FireFox user.js and prefs.js backups ----
prefs_012014_1228_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe"
==== Deleting Files \ Folders ======================
C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted
C:\PROGRA~2\GUME6F4.tmp deleted
C:\PROGRA~2\FromDocToPDF_65EI deleted
C:\found.000 deleted
C:\User Data\Default\Extensions deleted
C:\Users\RKiss\AppData\Roaming\Wondershare deleted
C:\Users\RKiss\AppData\Roaming\default.ico deleted
C:\ProgramData\IePluginService deleted
C:\ProgramData\CloudSoft deleted
C:\ProgramData\WPM deleted
C:\ProgramData\ProductData deleted
C:\ProgramData\InstallMate deleted
C:\Users\RKiss\AppData\Local\Wondershare deleted
C:\Users\RKiss\AppData\Local\emaze deleted
C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk deleted
C:\windows\SysNative\Tasks\SomotoUpdateCheckerAutoStart deleted
C:\Users\RKiss\Downloads\rcpsetup_softonic_soft_util_728_90_pdtop.exe deleted
C:\Users\RKiss\Downloads\FileConverter_1.1.exe deleted
C:\Users\RKiss\Downloads\SoftonicDownloader_para_media-player-codec-pack.exe deleted
C:\Users\RKiss\Downloads\SoftonicDownloader_para_soulseek.exe deleted
C:\Users\RKiss\AppData\LocalLow\ADSRemoval deleted
C:\Users\RKiss\AppData\LocalLow\FromDocToPDF_65EI deleted
C:\Users\RKiss\AppData\LocalLow\smartdownloader deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\IObit Apps deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\PriceGong deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\Windows\Launcher.exe deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\jetpack deleted
C:\Users\RKiss\AppData\Roaming\unins000.exe deleted
C:\Users\RKiss\setup_av_free.exe deleted
C:\Users\RKiss\SkypeSetup.exe deleted
C:\Users\RKiss\SkypeSetupFull.exe deleted
"C:\Windows\Installer\658719b.msi" deleted
"C:\Windows\Installer\65871a0.msi" deleted
"C:\PROGRA~2\Mozilla Firefox\searchplugins\awesomehp.xml" deleted
"C:\Users\RKiss\AppData\Roaming\gdp" deleted
"C:\Users\RKiss\AppData\Roaming\pokerth" deleted
"C:\PROGRA~2\COMMON~1\Wondershare" deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\BittorrentBar_PT" deleted
==== System Specs ======================
Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3895 MB
CPU Info: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
CPU Speed: 2594,4 MHz
Sound Card: Fones de ouvido independentes ( |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Monitor Genérico PnP |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Miniplaca de WLAN de meia altura DW1501 Wireless-N | Dispositivo Bluetooth (Rede Pessoal) | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVD+-RW GT32N
Ports: COM5 | COM8 | COM11 | COM4 | COM7 | COM10 | COM6 | COM9 | COM12 | COM3 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 298,0GB
Hard Disks - Free: C: 236,2GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 01/09/10 | DELL - 1072009
Time Zone: Hora oficial do Brasil
Motherboard *: Dell Inc. 056TK2
Country: Brasil
Language: PTB
==== System Specs (Software) ======================
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: IObit Malware Fighter disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Firefox 26.0
Internet Explorer Version: 11.0.9600.16476
Mozilla Firefox version: 26.0 (x86 pt-BR)
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_45 (32-bit)
Sun Java version: 1.7.0_51 (64-bit)
Flash Player version: 12.0.0.43
Shockwave Player version: 11.6.8r638
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\RKiss\AppData\Local\Temp ====
2014-01-29 12:47:46 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is701137889\2145759_stp.EXE
2014-01-29 12:39:46 DA1BE35653631BFD399466A4832D7702 630232 ----a-w- C:\Users\RKiss\AppData\Local\Temp\ICReinstall_7-zip-64-bits--921-32-bits.exe
2014-01-29 12:37:53 BF8A32BE2E09FAE28F33EC2A9DC92141 1443840 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is701137889\1552285_stp.MSI
2014-01-28 23:03:25 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-01-28 18:09:13 5C28E508C83A3B0DDBB224B04B1418B9 47329360 ----a-w- C:\Users\RKiss\AppData\Local\Temp\SHSetup.exe
2014-01-28 17:26:46 3C1D5913380288B7408EC14E4AAF659F 333312 ----a-w- C:\Users\RKiss\AppData\Local\Temp\79bc82fc-42f3-4e15-bce3-4ab2e8210e64\software\Launcher.exe
2014-01-27 22:26:47 B60C92984443F7DA951E7E895EFB5E9D 626888 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\31755994_stp.EXE
2014-01-27 22:26:43 776D01BCBC71F1F90654FFC3AD4150F7 762440 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\31755807_stp.EXE
2014-01-27 22:19:06 04DEB693052EF2F14B92A9E84573B62A 1211240 ----a-w- C:\Users\RKiss\AppData\Local\Temp\BavPro_Setup_Mini_116.exe
2014-01-27 22:19:05 471CDED25F71F415129CAF7C32E02281 1038588 ----a-w- C:\Users\RKiss\AppData\Local\Temp\baidu_bundle_br.exe
2014-01-27 18:33:22 2D10A980CC1539C4CA29387E82267B4D 279752 ----a-w- C:\Users\RKiss\AppData\Local\Temp\FLVPlayerSetup.exe
2014-01-27 18:33:18 21E9A9E7295795CF37E03106FD39A3BB 285608 ----a-w- C:\Users\RKiss\AppData\Local\Temp\appshat_generic.exe
2014-01-27 18:33:14 26F0BF722C99A7F06EC277C577F5C0CE 918856 ----a-w- C:\Users\RKiss\AppData\Local\Temp\BeamriseSetup.exe
2014-01-27 18:33:12 EF7D1863F4980AB0C8BDA142FEE67F92 200072 ----a-w- C:\Users\RKiss\AppData\Local\Temp\UpdateCheckerSetup.exe
2014-01-27 18:22:18 B60C92984443F7DA951E7E895EFB5E9D 626888 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\17084577_stp.EXE
2014-01-27 18:22:11 776D01BCBC71F1F90654FFC3AD4150F7 762440 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\17084400_stp.EXE
2014-01-23 03:54:20 9E343AE10F8B2F8C75B957E065D004D4 100864 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\QQBrowserFrame.dll
2014-01-23 03:54:20 2EEE15B1927EADFF45013E94B0CB0D94 131640 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\QQBrowser.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-01-18 16:24:24 9F2AEF6DC4E11307B065FD38D1DF00B8 312744 ----a-w- C:\Windows\Sysnative\javaws.exe
2014-01-18 16:24:18 AA2F3D9F789F071F90B398CC7D40330E 189352 ----a-w- C:\Windows\Sysnative\java.exe
2014-01-18 16:24:18 83EEFE83438AEF9FBB7613A106C5E5BB 189352 ----a-w- C:\Windows\Sysnative\javaw.exe
2014-01-18 16:24:18 1D1761BC856B17BFC5569D228F4FCD1D 108968 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll
2014-01-17 11:59:22 4D5D8058F17C873B4F0792678BAA6534 34080 ----a-w- C:\Windows\Sysnative\SmartDefragBootTime.exe
2014-01-17 11:59:04 6A6E91C06ACDBE1D85A4EC469BBB8EBB 121856 ----a-w- C:\Windows\Sysnative\IObitSmartDefragExtension.dll
====== C:\Windows\Sysnative\drivers =====
2014-01-29 12:48:40 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-01-17 11:59:03 E77CB3736A702D46A6FB15FB4A9894E3 21184 ----a-w- C:\Windows\Sysnative\drivers\SmartDefragDriver.sys
2014-01-15 12:20:22 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys
2014-01-15 12:20:22 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys
2014-01-15 12:20:22 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys
2014-01-15 12:20:22 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys
2014-01-15 12:20:22 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys
2014-01-15 12:20:22 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys
2014-01-15 12:20:22 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys
2014-01-15 12:20:19 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys
2014-01-14 12:28:54 C458A0B66D11CBABD113EAC828276A8C 12312928 ----a-w- C:\Windows\Sysnative\drivers\igdkmd64.sys
2014-01-11 13:49:50 AC4CA62572CA516945AB92D6C9F501F4 888536 ----a-w- C:\Windows\Sysnative\drivers\Rt64win7.sys
2014-01-09 13:38:03 DD587A55390ED2295BCE6D36AD567DA9 158976 ----a-w- C:\Windows\Sysnative\drivers\Impcd.sys
2014-01-09 13:37:00 AE594CC17C33AC146739494615E14851 317440 ----a-w- C:\Windows\Sysnative\drivers\IntcDAud.sys
====== C:\Windows\Tasks ======
2014-01-23 12:32:01 9A0CAA8645C34FEBA123BC0DA672ACC2 2898 ----a-w- C:\Windows\Sysnative\Tasks\AutoKMS
2014-01-17 11:59:25 E535EC427BB8C5F89C18A6582AF024C4 3166 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefrag3_Startup
2014-01-17 11:59:24 0450E5C9B205E42181EBC686F3C672DB 3164 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefrag3_Update
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-01-29 12:39:06 -------- d-----w- C:\Program Files\7-Zip
2014-01-28 18:16:30 -------- d-----w- C:\Program Files\Enigma Software Group
2014-01-07 21:41:56 -------- d-----w- C:\Program Files\Microsoft Silverlight
======= C:\PROGRA~2 =====
2014-01-28 18:15:29 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2014-01-09 13:36:50 -------- d-----w- C:\PROGRA~2\COMMON~1\Intel
2014-01-07 21:41:56 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight
======= C: =====
2014-01-29 13:44:49 D93A82D0FF42712FDA79FF66DE2ECFE1 1024 ----a-w- C:\.rnd
2014-01-28 18:17:15 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
====== C:\Users\RKiss\AppData\Roaming ======
2014-01-28 16:11:27 -------- d-----w- C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos Bluetooth
2014-01-14 21:31:36 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google
====== C:\Users\RKiss ======
2014-01-29 12:39:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-29 12:37:36 DA1BE35653631BFD399466A4832D7702 630232 ----a-w- C:\Users\RKiss\Downloads\7-zip-64-bits--921-32-bits.exe
2014-01-28 23:03:14 EE386D5ACB945089BCD91766697224BB 1037068 ----a-w- C:\Users\RKiss\Downloads\JRT.exe
2014-01-28 21:51:05 54DB2B8C60F04C5ADE6D711D47EABA75 1166132 ----a-w- C:\Users\RKiss\Downloads\adwcleaner.exe
2014-01-28 21:12:09 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\RKiss\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-28 18:08:55 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\RKiss\Downloads\SpyHunter-Installer.exe
2014-01-28 17:23:32 16350517AB7153BFF9B36F0FAB0EA5A5 319400 ----a-w- C:\Users\RKiss\Downloads\Setup.exe
2014-01-28 16:42:39 05921BDEA1DF17548F9A8511D8F11687 211939 ----a-w- C:\Users\RKiss\IPVA Megane 19mar13.pdf
2014-01-28 16:41:58 3263AC254FE5645C2BE978EFCBE8E214 210943 ----a-w- C:\Users\RKiss\Ipva megane 21jul14.pdf
2014-01-28 16:41:12 15D93986BA42C859D4BD84DB5471A4BC 210957 ----a-w- C:\Users\RKiss\Ipva megane 20jun14.pdf
2014-01-28 16:40:32 DC786234DAAE829EFD3C7D6DF66788AE 211175 ----a-w- C:\Users\RKiss\Ipva megane 19mai14.pdf
2014-01-28 16:39:51 53671A79230C953C352ED6FE4D1E8ECE 211618 ----a-w- C:\Users\RKiss\Ipva megane 22abr14.pdf
2014-01-27 22:26:18 915EFF6116207717E23FD71F4A75CD96 1107656 ----a-w- C:\Users\RKiss\Downloads\FlvPlayerSetup(1).exe
2014-01-27 19:04:00 9AE30DACD14914703A5D916D91DAC6B6 657072 ----a-w- C:\Users\RKiss\Downloads\flashplayer(1).exe
2014-01-27 18:32:48 F269E54C5273E9DBAF81C940635DB19B 167520 ----a-w- C:\Users\RKiss\Downloads\FLVPlayerSetup-3Y3dXOL.exe
2014-01-27 18:22:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
2014-01-27 18:21:58 1592EC14EA4874023F6739691ADC6FA8 1107656 ----a-w- C:\Users\RKiss\Downloads\FlvPlayerSetup.exe
2014-01-27 18:16:43 F00E32373B84B9F442ACB49AE5CFEC29 45221 ----a-w- C:\Users\RKiss\Downloads\flashplayer [1].exe
2014-01-27 18:14:45 7D30FAC9672236293F1559F5D4D43438 657072 ----a-w- C:\Users\RKiss\Downloads\flashplayer.exe
2014-01-23 14:03:32 12BAEDB2C33C60BEB264C12095B44159 172176 ----a-w- C:\Users\RKiss\NF THG 51 RK.pdf
2014-01-21 14:24:02 DCEEB07F5F033227A0C91FA383AE7A81 622 ----a-w- C:\Users\RKiss\TAM 28jan (2).lnk
2014-01-21 14:24:02 B82BD713B846F6D6C8EB84B0428FFA57 151048 ----a-w- C:\Users\RKiss\TAM 28jan.pdf
2014-01-20 11:47:17 2E42E2A7DD92E935D59725D0FFCC31CF 213713 ----a-w- C:\Users\RKiss\fatura_vivo_0114.pdf
2014-01-18 16:21:37 B0F3A9C0F4C2C66127223BA3644B54F6 30796712 ----a-w- C:\Users\RKiss\Downloads\jre-7u51-windows-x64.exe
2014-01-18 16:06:00 66214913C51C9F7589E8FE3BCF66B05F 18126032 ----a-w- C:\Users\RKiss\Downloads\AdobeAIRInstaller(2).exe
2014-01-17 18:10:20 1F25E78D56CFFCCC079F45F304EA63E9 105001 ----a-w- C:\Users\RKiss\DSPJ Inativa 2014 Kapazitat.pdf
2014-01-17 18:07:09 E443E12AA5C9A8B46F9BA5A04407F5E3 103579 ----a-w- C:\Users\RKiss\DSPJ Inativa RKISS.pdf
2014-01-17 16:24:39 657110E9176AEA86BDB46C027CC6AD13 102603 ----a-w- C:\Users\RKiss\boleto-000130103785011-1389975789620.pdf
2014-01-17 11:59:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2014-01-09 17:57:34 15024FEBC3CF4555035D163555AE0002 158124 ----a-w- C:\Users\RKiss\TAM 15jan14.pdf
2014-01-07 21:42:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-01-03 13:14:21 6E236CB1456B27FFD7420FD39E761B8F 682112 ----a-w- C:\Users\RKiss\vivo.png
2014-01-02 22:44:56 46CAACF19CA16C7AC5CA6738E511F484 118112 ----a-w- C:\Users\RKiss\Image-1.png
====== C: exe-files ==
2014-01-29 12:47:46 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is701137889\2145759_stp.EXE
2014-01-29 12:39:46 DA1BE35653631BFD399466A4832D7702 630232 ----a-w- C:\Users\RKiss\AppData\Local\Temp\ICReinstall_7-zip-64-bits--921-32-bits.exe
2014-01-29 12:37:36 DA1BE35653631BFD399466A4832D7702 630232 ----a-w- C:\Users\RKiss\Downloads\7-zip-64-bits--921-32-bits.exe
2014-01-28 23:03:25 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-01-28 23:03:14 EE386D5ACB945089BCD91766697224BB 1037068 ----a-w- C:\Users\RKiss\Downloads\JRT.exe
2014-01-28 22:05:00 EDB10586A061A621BBA2CB32E5E3220B 190429 ----a-w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.exe
2014-01-28 22:05:00 25D473D7805261C752DA738B13E35816 185271 ----a-w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla31.exe
2014-01-28 21:51:05 54DB2B8C60F04C5ADE6D711D47EABA75 1166132 ----a-w- C:\Users\RKiss\Downloads\adwcleaner.exe
2014-01-28 21:12:09 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\RKiss\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-28 18:09:13 5C28E508C83A3B0DDBB224B04B1418B9 47329360 ----a-w- C:\Users\RKiss\AppData\Local\Temp\SHSetup.exe
2014-01-28 18:08:55 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\RKiss\Downloads\SpyHunter-Installer.exe
2014-01-28 17:26:46 3C1D5913380288B7408EC14E4AAF659F 333312 ----a-w- C:\Users\RKiss\AppData\Local\Temp\79bc82fc-42f3-4e15-bce3-4ab2e8210e64\software\Launcher.exe
2014-01-28 17:23:32 16350517AB7153BFF9B36F0FAB0EA5A5 319400 ----a-w- C:\Users\RKiss\Downloads\Setup.exe
2014-01-27 22:26:47 B60C92984443F7DA951E7E895EFB5E9D 626888 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\31755994_stp.EXE
2014-01-27 22:26:43 776D01BCBC71F1F90654FFC3AD4150F7 762440 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\31755807_stp.EXE
2014-01-27 22:26:18 915EFF6116207717E23FD71F4A75CD96 1107656 ----a-w- C:\Users\RKiss\Downloads\FlvPlayerSetup(1).exe
2014-01-27 22:19:06 04DEB693052EF2F14B92A9E84573B62A 1211240 ----a-w- C:\Users\RKiss\AppData\Local\Temp\BavPro_Setup_Mini_116.exe
2014-01-27 22:19:05 471CDED25F71F415129CAF7C32E02281 1038588 ----a-w- C:\Users\RKiss\AppData\Local\Temp\baidu_bundle_br.exe
2014-01-27 19:04:00 9AE30DACD14914703A5D916D91DAC6B6 657072 ----a-w- C:\Users\RKiss\Downloads\flashplayer(1).exe
2014-01-27 18:33:22 2D10A980CC1539C4CA29387E82267B4D 279752 ----a-w- C:\Users\RKiss\AppData\Local\Temp\FLVPlayerSetup.exe
2014-01-27 18:33:18 21E9A9E7295795CF37E03106FD39A3BB 285608 ----a-w- C:\Users\RKiss\AppData\Local\Temp\appshat_generic.exe
2014-01-27 18:33:14 26F0BF722C99A7F06EC277C577F5C0CE 918856 ----a-w- C:\Users\RKiss\AppData\Local\Temp\BeamriseSetup.exe
2014-01-27 18:33:12 EF7D1863F4980AB0C8BDA142FEE67F92 200072 ----a-w- C:\Users\RKiss\AppData\Local\Temp\UpdateCheckerSetup.exe
2014-01-27 18:32:48 F269E54C5273E9DBAF81C940635DB19B 167520 ----a-w- C:\Users\RKiss\Downloads\FLVPlayerSetup-3Y3dXOL.exe
2014-01-27 18:22:18 B60C92984443F7DA951E7E895EFB5E9D 626888 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\17084577_stp.EXE
2014-01-27 18:22:11 776D01BCBC71F1F90654FFC3AD4150F7 762440 ----a-w- C:\Users\RKiss\AppData\Local\Temp\is249094764\17084400_stp.EXE
2014-01-27 18:21:58 1592EC14EA4874023F6739691ADC6FA8 1107656 ----a-w- C:\Users\RKiss\Downloads\FlvPlayerSetup.exe
2014-01-27 18:16:43 F00E32373B84B9F442ACB49AE5CFEC29 45221 ----a-w- C:\Users\RKiss\Downloads\flashplayer [1].exe
2014-01-27 18:14:45 7D30FAC9672236293F1559F5D4D43438 657072 ----a-w- C:\Users\RKiss\Downloads\flashplayer.exe
2014-01-23 03:54:20 2EEE15B1927EADFF45013E94B0CB0D94 131640 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\QQBrowser.exe
=== C: other files ==
2014-01-29 14:31:13 7EA30B2F6D7BBF7C04E76106556EC1E6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1879488085-2394445424-1124259813-1000\$IZLDX0E.zip
2014-01-29 14:21:36 E4C7BF0B9AB4727499A129266CE00999 86251952 ----a-w- C:\$Recycle.Bin\S-1-5-21-1879488085-2394445424-1124259813-1000\$RZLDX0E.zip
2014-01-29 12:48:40 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-28 23:03:25 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\modules.bat
2014-01-28 23:03:25 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\chrome.bat
2014-01-28 23:03:25 BAD6C67C870CC81C48DBA53089929884 153331 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\firefox.bat
2014-01-28 23:03:25 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\FWPolicy.bat
2014-01-28 23:03:25 B7D46D5BC21F69EFEEFFC15060E423AC 154167 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\misc.bat
2014-01-28 23:03:25 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\ask.bat
2014-01-28 23:03:25 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\ev_clear.bat
2014-01-28 23:03:25 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\iexplore.bat
2014-01-28 23:03:25 7178963AEE641F3E47E1CE22416F8A3A 9295 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\runvalues.bat
2014-01-28 23:03:25 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\delorphans.bat
2014-01-28 23:03:25 5AE8F4442CA6D69FE9A6738E8DB411F2 10261 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\JRT.bat
2014-01-28 23:03:25 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\prelim.bat
2014-01-28 23:03:25 55D97CE5B1A61AD51F887E46550029F6 16063 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\get.bat
2014-01-28 23:03:25 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\searchlnk.bat
2014-01-28 23:03:25 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\TDL4.bat
2014-01-28 23:03:25 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\medfos.bat
2014-01-28 23:03:25 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\RKiss\AppData\Local\Temp\jrt\delfolders.bat
2014-01-28 18:17:15 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
2014-01-28 17:27:33 BF3174CE13B0B48EBDFA9BEC315E11D2 1439487 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\tmp\package2.zip
2014-01-28 17:26:57 8B1CF33F55233819DBB24A22BCCDFFB1 1877248 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\package1.zip
2014-01-23 04:00:04 F62F504CF99CA43295D7F5DC29CF2B56 270391 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\ep.xpi
2014-01-23 03:56:40 5A7DDB525B9AF48D9EFCE00B78829C83 680183 ----a-w- C:\Users\RKiss\AppData\Local\Temp\fullpackage_temp1390930015\lpd#1.0.5.7.xpi
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1879488085-2394445424-1124259813-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe /MINIMIZED"
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe /MINIMIZED"
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeFallProtection"="C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe"
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
"EmbassySecurityCheck"="C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SysTrayApp"="%ProgramFiles%\IDT\WDM\sttray64.exe "
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CommonToolkitTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CommonToolkitTray"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Fighters\\Tray\\FightersTray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SearchSettings"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Spigot\\Search Settings\\SearchSettings.exe\""
==== Startup Folders ======================
2013-12-12 23:56:43 1049 ----a-w- C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-01-10 15:07:18 1268 ----a-w- C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2013-01-04 11:43:39 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
2013-02-05 11:17:19 2114 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
2013-02-05 11:17:15 2114 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [28/01/2014 20:15]
C:\Windows\tasks\AutoKMS.job --a------ [Undetermined Task]
C:\Windows\tasks\Driver Booster Startup.job --a------ C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [10/01/2014 17:57]
C:\Windows\tasks\Driver Booster Update.job --a------ [Undetermined Task]
C:\Windows\tasks\Wise PC 1stAid Task.job --a------ C:\Program Files (x86)\Wise\Wise PC 1stAid\WisePCAid.exe []
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASC7_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe]
"C:\Windows\SysNative\tasks\ASC7_SkipUac_RKiss" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac]
"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe]
"C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]
"C:\Windows\SysNative\tasks\Driver Booster Startup" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"]
"C:\Windows\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"]
"C:\Windows\SysNative\tasks\SmartDefrag3_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe]
"C:\Windows\SysNative\tasks\SmartDefrag3_Update" [C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]
"C:\Windows\SysNative\tasks\Wise PC 1stAid Task" [C:\Program Files (x86)\Wise\Wise PC 1stAid\WisePCAid.exe]
"C:\Windows\SysNative\tasks\{BFE3FB3A-7D6D-4AB6-81C1-57788B9A1BB1}" [C:\Users\RKiss\Downloads\Windows-XP-Media-Center-Edition.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"lightningnewtab@gmail.com"="C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\extensions\lightningnewtab@gmail.com.xpi" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\RKiss\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [28/01/2014 15:59]
rkiss- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 28/01/2014
Re: Remoção awesomehp
por Power Max Qua 29 Jan 2014, 13:19
O log do Zoek está incompleto. Veja se há mais uma parte dele e poste o restante, por gentileza.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção awesomehp
por rkiss Qua 29 Jan 2014, 14:47
estou tentando enviar o novo log porem recebo a mensagem de largura excedente...
algum outro caminho?
Abx
RKISS
algum outro caminho?
Abx
RKISS
rkiss- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 28/01/2014
Re: Remoção awesomehp
por Power Max Qua 29 Jan 2014, 14:53
Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > clique em Escolher arquivo, selecione o log e clique em Abrir > Clique no botão Créer le lien Cjoint > Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção awesomehp
por rkiss Qua 29 Jan 2014, 15:02
Link criado. Segue abaixo conforme orientado.
Abx
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
OK?
Abx
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
OK?
rkiss- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 28/01/2014
Re: Remoção awesomehp
por Power Max Qua 29 Jan 2014, 15:13
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Copie todo este script que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o novo log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Copie todo este script que te passei e cole-o no espaço em branco do Zoek.*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o novo log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção awesomehp
por rkiss Qua 29 Jan 2014, 16:48
Segue log conforme ultimo script
Abx
Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by RKiss on 29/01/2014 at 15:30:32,07.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\RKiss\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-01-29-144057.log 39155 bytes
C:\zoek-results2014-01-29-164017.log 68772 bytes
==== System Restore Info ======================
29/01/2014 15:32:18 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1879488085-2394445424-1124259813-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\prefs.js:
user_pref("browser.search.selectedEngine", "Google");
user_pref("keyword.url", "http://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=");
Added to C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----
prefs_012014_1557_.backup
==== Deleting Files \ Folders ======================
C:\Users\RKiss\AppData\LocalLow\ADSRemoval deleted
C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\extensions\adsremoval@adsremoval.net deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [28/12/2013 15:27]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\RKiss\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [28/01/2014 15:59]
==== Firefox Extensions ======================
ProfilePath: C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - %ProfilePath%\extensions\cae8acc22ef8e36b9a55794018dbdd326fd13e548250b18a4b259086a76412a2_lp.key
- Undetermined - %ProfilePath%\extensions\cae8acc22ef8e36b9a55794018dbdd326fd13e548250b18a4b259086a76412a2_lp.key
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- DoNotTrackMe: Online Privacy Protection - %ProfilePath%\extensions\donottrackplus@abine.com
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- Self-Destructing Cookies - %ProfilePath%\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default
2557FBC582910A71CDEB0F22886D118D - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash
1F096EDEDC302DACC6787D45B9C537E4 - C:\Users\RKiss\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
308CCC725DCC98821D66C59597DEFA60 - C:\Users\RKiss\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[28/12/2013 15:26]
hdokiejnpimakedhajhdlcegeplioahd - C:\Program Files (x86)\LastPass\lpchrome.crx[05/02/2013 09:17]
nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePluginFor6.crx[]
Ads Removal - RKiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
==== Chrome Fix ======================
C:\Users\RKiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{33BB0A4E-99AF-4226-BDF6-49120163DE86} awesomehp Url="http://www.awesomehp.com/web/?type=ds&ts=1390930045&from=tugs&uid=ST9320423AS_5VH5W4ASXXXX5VH5W4AS&q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk - C:\Program Files (x86)\7-Zip\7zFM.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk - C:\Program Files (x86)\7-Zip\7-zip.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk - C:\Windows\System32\fsquirt.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Advanced SystemCare 7.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\My Dell\PC Checkup.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster\Desinstalar Driver Booster.lnk - C:\Program Files (x86)\IObit\Driver Booster\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster\Driver Booster.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Desinstalar Smart Defrag 3.lnk - C:\Program Files (x86)\IObit\Smart Defrag 3\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Smart Defrag 3.lnk - C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\RKiss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\RKiss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\RKiss\Documents\Documents\020806_1050 (E)\install\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\RKiss\AppData\Local\Mozilla\Firefox\Profiles\j4irpo73.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1355 folders=157 138297855 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\RKiss\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\RKiss\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 29/01/2014 at 16:38:21,01 ======================
Abx
Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by RKiss on 29/01/2014 at 15:30:32,07.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\RKiss\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-01-29-144057.log 39155 bytes
C:\zoek-results2014-01-29-164017.log 68772 bytes
==== System Restore Info ======================
29/01/2014 15:32:18 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1879488085-2394445424-1124259813-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\prefs.js:
user_pref("browser.search.selectedEngine", "Google");
user_pref("keyword.url", "http://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=");
Added to C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----
prefs_012014_1557_.backup
==== Deleting Files \ Folders ======================
C:\Users\RKiss\AppData\LocalLow\ADSRemoval deleted
C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\extensions\adsremoval@adsremoval.net deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [28/12/2013 15:27]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\RKiss\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [28/01/2014 15:59]
==== Firefox Extensions ======================
ProfilePath: C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - %ProfilePath%\extensions\cae8acc22ef8e36b9a55794018dbdd326fd13e548250b18a4b259086a76412a2_lp.key
- Undetermined - %ProfilePath%\extensions\cae8acc22ef8e36b9a55794018dbdd326fd13e548250b18a4b259086a76412a2_lp.key
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- DoNotTrackMe: Online Privacy Protection - %ProfilePath%\extensions\donottrackplus@abine.com
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- Self-Destructing Cookies - %ProfilePath%\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default
2557FBC582910A71CDEB0F22886D118D - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash
1F096EDEDC302DACC6787D45B9C537E4 - C:\Users\RKiss\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
308CCC725DCC98821D66C59597DEFA60 - C:\Users\RKiss\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[28/12/2013 15:26]
hdokiejnpimakedhajhdlcegeplioahd - C:\Program Files (x86)\LastPass\lpchrome.crx[05/02/2013 09:17]
nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePluginFor6.crx[]
Ads Removal - RKiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
==== Chrome Fix ======================
C:\Users\RKiss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{33BB0A4E-99AF-4226-BDF6-49120163DE86} awesomehp Url="http://www.awesomehp.com/web/?type=ds&ts=1390930045&from=tugs&uid=ST9320423AS_5VH5W4ASXXXX5VH5W4AS&q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk - C:\Program Files (x86)\7-Zip\7zFM.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk - C:\Program Files (x86)\7-Zip\7-zip.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk - C:\Windows\System32\fsquirt.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Advanced SystemCare 7.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\My Dell\PC Checkup.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster\Desinstalar Driver Booster.lnk - C:\Program Files (x86)\IObit\Driver Booster\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster\Driver Booster.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Desinstalar Smart Defrag 3.lnk - C:\Program Files (x86)\IObit\Smart Defrag 3\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Smart Defrag 3.lnk - C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\RKiss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\RKiss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\RKiss\Documents\Documents\020806_1050 (E)\install\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\RKiss\AppData\Local\Mozilla\Firefox\Profiles\j4irpo73.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1355 folders=157 138297855 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\RKiss\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\RKiss\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 29/01/2014 at 16:38:21,01 ======================
rkiss- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 28/01/2014
Re: Remoção awesomehp
por Power Max Qua 29 Jan 2014, 17:56
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )|- Salve-o no disco local! ( C ou D )
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção awesomehp
por rkiss Qua 29 Jan 2014, 18:06
Olá meu caro!
Segue log ultimo script
Abx
~ Relatório do ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Iniciado por RKiss (29/01/2014 18:02:30)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.3.0.29342 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3894 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 236 GB (79%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: RKISS-PC
~ User Name: RKiss
~ All Users Names: RKiss, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\RKiss\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\RKiss\AppData\Roaming\
~ %Desktop% : C:\Users\RKiss\Desktop\
~ %Favorites% : C:\Users\RKiss\Favorites\
~ %LocalAppData% : C:\Users\RKiss\AppData\Local\
~ %StartMenu% : C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 236 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/11/2013 - 04:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/698
~ Mes musiques (My Musics) : 5/343
~ Mes Videos (My Videos) : 2/13
~ Mes Favoris (My Favorites) : 1/30
~ Mes Documents (My Documents) : 2/2081
~ Mon Bureau (My Desktop) : 4/829
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.65E1E2771C0973268F45825BCFAD0B61] - (.IObit - Driver Booster.) -- C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [3744064] [PID.3764]
[MD5.AF3DA0C60DE8A312328F247FF2FA6239] - (.IObit - Advanced SystemCare 7 Monitor.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [775968] [PID.4088]
[MD5.F943BE41C2960D45EE183ABA1609CA0E] - (.IObit - Smart Defrag v3.) -- C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [3529504] [PID.3112]
[MD5.62481AEC780B08A891A7158997887E84] - (.No owner - FF_Protection MFC Application.) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896] [PID.4724]
[MD5.F3D7BBAB6DB69B0A9F64818468C92492] - (.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe [882520] [PID.4044] =>P2P.BitTorrent
[MD5.574C7158E51A951CA457D4FA4E3EEF14] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2285344] [PID.2968]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.4564]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4228]
[MD5.ACA040125DA4AF658B347DBD821F3E1D] - (.Broadcom Corporation. - Bluetooth Headset Skype Proxy.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe [13600] [PID.4240]
[MD5.58FC1B36032F03342E4C02813F80DAC1] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\RKiss\AppData\Roaming\Dropbox\bin\Dropbox.exe [30714328] [PID.5316]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3492]
[MD5.0DD74786D22EDFF0CE5B8E1B1E398618] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.6088]
[MD5.A9D8D4DF0EF4199A701137E0B5E9921A] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe [1863048] [PID.5724]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.6956]
[MD5.F5456293D2604BCE2BEC07FC6186A341] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881440] [PID.824]
[MD5.F6E8CCF14B84507497D3108518DBB4CC] - (.AuthenTec, Inc. - AFSS Service.) -- C:\Program Files (x86)\Fingerprint Sensor\AtService.exe [1803512] [PID.904]
[MD5.B121E4EBB785D9EDCED4A36CC59843AE] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [451640] [PID.924]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1524]
[MD5.EAEA4B0005869A4ABE6070BD364143B7] - (.IObit - IObit Malware Fighter Service.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [341824] [PID.1884]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1128]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1456]
[MD5.5460828F8951D310B42B442877603B8D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.2468]
[MD5.7C8DD5576695B3362202EF09B20C425E] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [3574624] [PID.2812]
[MD5.507D80C0ACCC3B4FC123BD99D0AF3F97] - (.Data Perceptions / PowerProgrammer - Software Update Wizard Service (V4.x).) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe [278800] [PID.1124]
[MD5.E1E0B1EFAB0A1BA7DF4778D9AE517F7C] - (...) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [444416] [PID.4060]
[MD5.1B7B925448187118F0455C05D9DCB6EB] - (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1573184] [PID.5520]
[MD5.AFA556B544ABD675646CF5149E009E00] - (.Macheen - MacheenService.) -- C:\Program Files (x86)\Dell\NetReady\MacheenService.exe [29440] [PID.644]
[MD5.9E89C2D6945389270DE067CE51FF7425] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.6704]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\prefs.js
M2 - MFEP: prefs.js [RKiss - j4irpo73.default\adsremoval@adsremoval.net] [] Ads Removal v1.0.0 (..)
M2 - MFEP: prefs.js [RKiss - j4irpo73.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\RKiss\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 26 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: LastPass Vault [64Bits] - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} . (.No owner - LastPass Toolbar.) -- C:\Program Files (x86)\LastPass\LPToolbar.dll =>Toolbar.LastPass
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 16 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: LastPass Toolbar - [HKLM]{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} . (.No owner - LastPass Toolbar.) -- C:\Program Files (x86)\LastPass\LPToolbar_x64.dll =>Toolbar.LastPass
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E0301295-AB3E-4AF3-979F-3D453C5F9F48} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [RKiss]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [RKiss]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\QuickLaunch [RKiss]: My LastPass Vault.lnk - Chave orfã
O4 - GS\QuickLaunch [RKiss]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [RKiss]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\TaskBar [RKiss]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\Program [RKiss]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\SystemTools [RKiss]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ Global Startup: 60 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Bluetooth.lnk . (...) -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe (.not file.)
O4 - GS\Startup [Public]: Install LastPass FF RunOnce.lnk . (.LastPass - LastPass Installer.) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - GS\Startup [Public]: Install LastPass IE RunOnce.lnk . (.LastPass - LastPass Installer.) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - GS\Startup [RKiss]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\RKiss\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - GS\Startup [RKiss]: OneNote 2010 Screen Clipper and Launcher.lnk . (...) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe (.not file.)
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe (.not file.)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [FreeFallProtection] . (.No owner - FF_Protection MFC Application.) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
O4 - HKLM\..\Run: [SecureUpgrade] . (.Wave Systems Corp. - Check For Later Product Line.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [EmbassySecurityCheck] . (.Wave Systems Corp. - ESC Embassy Security Check.) -- C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKCU\..\Run: [DellSystemDetect] . (...) -- C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1879488085-2394445424-1124259813-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-1879488085-2394445424-1124259813-1000\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-1879488085-2394445424-1124259813-1000\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKUS\S-1-5-21-1879488085-2394445424-1124259813-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-1879488085-2394445424-1124259813-1000\..\Run: [DellSystemDetect] . (...) -- C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: LastPass [64Bits] - {43699cd0-e34f-11de-8a39-0800200c9a66} . (.No owner - LastPass Toolbar.) -- C:\Program Files (x86)\LastPass\LPToolbar_x64.dll =>Toolbar.LastPass
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB03AEB-E91B-4AC1-B43E-5213E2AFCA1E}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CCS\Services\Tcpip\..\{D06D3A52-7FB8-4308-8A18-0C4155F7E6A0}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6DB03AEB-E91B-4AC1-B43E-5213E2AFCA1E}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{D06D3A52-7FB8-4308-8A18-0C4155F7E6A0}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6DB03AEB-E91B-4AC1-B43E-5213E2AFCA1E}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CS2\Services\Tcpip\..\{D06D3A52-7FB8-4308-8A18-0C4155F7E6A0}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.4.0.146 189.4.0.141
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: Macheen Service (MacheenService) . (.Macheen - MacheenService.) - C:\Program Files (x86)\Dell\NetReady\MacheenService.exe
O23 - Service: SecureUpdate (SecureUpdateSvc) . (...) - C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe (.not file.)
O23 - Service: Suite Service (Suite Service) . (...) - C:\Program Files (x86)\Fighters\FighterSuiteService.exe (.not file.)
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) . (.Data Perceptions / PowerProgrammer - Software Update Wizard Service (V4.x).) - C:\Windows\SysWOW64\WebUpdateSvc4.exe
O23 - Service: Mobile Broadband Core Service (WMCoreService) . (...) - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
~ Services: 26 Legitimates Filtered in 00mn 05s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [268]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Driver Booster Startup.job [296]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Driver Booster Update.job [284]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Wise PC 1stAid Task.job [418]
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [Wise PC 1stAid Task] (...) -- C:\Program Files (x86)\Wise\Wise PC 1stAid\WisePCAid.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{35833B63-9488-4F77-8589-DE3125D9194B}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0] =>Adware.BDSearch
[MD5.8E94130A330EE9CBCE196947BE850D03] [APT] [{48EE9114-315D-400C-B7D9-6CF21602E504}] (...) -- C:\Users\RKiss\Downloads\pokerm.exe [1416237]
[MD5.1B552592E7860F61196770CBE937EB3B] [APT] [{BFE3FB3A-7D6D-4AB6-81C1-57788B9A1BB1}] (.UltraDownloads.) -- C:\Users\RKiss\Downloads\Windows-XP-Media-Center-Edition.exe [1172576]
[MD5.00000000000000000000000000000000] [APT] [{D84B0905-2BE1-4194-A813-D702E6612234}] (...) -- C:\Users\RKiss\Desktop\slsk157NS13e.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E6863999-3B35-4E17-A72B-31E3EF42E7F4}] (...) -- D:\setup.exe (.not file.) [0]
~ Scheduled Task: 28 Legitimates Filtered in 00mn 05s
---\\ Software instalados (042)
O42 - Logiciel: AccelerateTab - (.AccelerateTab.) [HKLM][64Bits] -- AccelerateTab_is1 =>PUP.SpeedDial
O42 - Logiciel: Guardião Banco Itaú - (...) [HKCU][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IePluginService12.27.0.3326 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- IePlugins =>Trojan.SProtector
O42 - Logiciel: OptimizerPro Updater - (.CloudSoft.) [HKLM][64Bits] -- OptimizerPro Updater =>PUP.OptimizerPro
O42 - Logiciel: Poker Mania v3.2.1 - (...) [HKLM][64Bits] -- Poker Mania_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: SoulSeek 157 NS 13e - (...) [HKLM][64Bits] -- Soulseek2 =>P2P.SoulSeek
O42 - Logiciel: UpdaterEX - (.UpdaterEX.) [HKCU][64Bits] -- UpdaterEX =>PUP.Dealply
~ Logic: 21 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Adorika]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\DownloadAstro]
[HKCU\Software\GbAs]
[HKCU\Software\Orban]
[HKCU\Software\SERPRO]
[HKCU\Software\SoulSeek] =>P2P.SoulSeek
[HKCU\Software\Soulseek2] =>P2P.SoulSeek
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\ADBlock]
[HKLM\Software\Wow6432Node\ADSRemoval]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Macheen]
[HKLM\Software\Wow6432Node\VBMZ] =>PUP.Duuqu
[HKLM\Software\Wow6432Node\W4]
[HKLM\Software\Wow6432Node\WUW]
[HKLM\Software\Wow6432Node\Web Update Wizard]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab]
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
[HKLM\Software\v7slicldr]
~ Key Software: 353 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/09/2013 - 15:53:09 - [0,959] ----D C:\Program Files (x86)\Ares
O43 - CFD: 04/01/2013 - 16:28:12 - [0] ----D C:\Program Files (x86)\CompanyDir
O43 - CFD: 01/06/2013 - 12:12:13 - [1,762] ----D C:\Program Files (x86)\Orban
O43 - CFD: 29/01/2014 - 16:22:01 - [0,769] ----D C:\Program Files (x86)\Poker Mania
O43 - CFD: 25/02/2013 - 21:28:16 - [8,843] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 02/09/2013 - 17:50:05 - [3,591] ----D C:\Program Files (x86)\SoulseekNS =>P2P.SoulSeek
O43 - CFD: 04/01/2013 - 16:28:18 - [2,919] ----D C:\ProgramData\MacheenService
O43 - CFD: 08/01/2013 - 14:56:43 - [0] ----D C:\ProgramData\Soulseek =>P2P.SoulSeek
O43 - CFD: 04/06/2013 - 20:48:43 - [0] ----D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
O43 - CFD: 04/06/2013 - 20:48:44 - [0] ----D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
O43 - CFD: 26/09/2013 - 18:00:51 - [2,774] ----D C:\Users\RKiss\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 26/09/2013 - 18:00:48 - [0] ----D C:\Users\RKiss\AppData\Roaming\eDownloader_x86_x64_setup =>PUP.SoftwareEngine
O43 - CFD: 26/09/2013 - 18:00:34 - [0,079] ----D C:\Users\RKiss\AppData\Roaming\im_etapas_cdedvd
O43 - CFD: 02/09/2013 - 17:46:01 - [0,063] ----D C:\Users\RKiss\AppData\Local\Ares
O43 - CFD: 28/01/2014 - 11:34:21 - [54,181] ----D C:\Users\RKiss\AppData\Local\NetReady
O43 - CFD: 26/09/2013 - 18:00:48 - [0,001] ----D C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ccDownloader
O43 - CFD: 04/01/2013 - 09:32:39 - [0,003] ----D C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ferramenta de diagnóstico de modem
O43 - CFD: 25/02/2013 - 21:26:06 - [0,004] ----D C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 02/09/2013 - 17:50:05 - [0] ----D C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS =>P2P.SoulSeek
~ Program Folder: 221 Legitimates Filtered in 00mn 10s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.82CC69B6681C964EC331669C6F38337D] - 22/01/2014 - 09:56:23 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148746]
O44 - LFC:[MD5.072491829404D2A5ABF7C634752C0D0B] - 22/01/2014 - 09:56:23 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [708966]
O44 - LFC:[MD5.6811DFE4A402DB306C7230BB60A76733] - 23/01/2014 - 12:41:04 ---A- . (...) -- C:\Windows\BRWMARK.INI [441]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 28/01/2014 - 15:17:15 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.4BF5A770C152609432F5DFC2FB8CDE34] - 29/01/2014 - 11:40:57 ---A- . (...) -- C:\zoek-results2014-01-29-144057.log [39155]
O44 - LFC:[MD5.14A5FC724911F155D8D12959CAE86ACB] - 29/01/2014 - 13:40:17 ---A- . (...) -- C:\zoek-results2014-01-29-164017.log [68772]
O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 29/01/2014 - 14:30:20 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.786605A80732DF121EB854A907463B38] - 29/01/2014 - 15:37:17 ---A- . (...) -- C:\.rnd [1024]
O44 - LFC:[MD5.1E59194A23F1AA16779716EE82A07450] - 29/01/2014 - 15:38:21 ---A- . (...) -- C:\zoek-results.log [13936]
~ Files: 36 Legitimates Filtered in 00mn 04s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{64d82fe2-5cbd-11e2-aab4-f04da2e8391e}\AutoRun\command. (...) -- E:\iLinker.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.BC647F1F9DCE55B05B54683260ECE4FB] - 31/05/2012 - 20:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:[MD5.E388503069001F0797EC200CE19B265E] - 27/11/2009 - 12:38:22 ---A- . (.ST Microelectronics - Accelerometer Port I/O.) -- C:\Windows\System32\Drivers\Acceler.sys [25136]
O58 - SDL:[MD5.EB008A36206BF9D0DE3C5F9DF67D20D8] - 09/07/2010 - 10:41:42 ---A- . (.ST Microelectronics - Accelerometer Port I/O.) -- C:\Windows\System32\Drivers\Accelern.sys [43888]
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 19/11/2013 - 13:08:45 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 28/12/2013 - 14:27:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.3D69F5F3BEB8AA28D7F46F5548B8D6D7] - 27/11/2009 - 12:38:14 ---A- . (.ST Microelectronics - Disk Filter Driver for Accelerometer.) -- C:\Windows\System32\Drivers\stdflt.sys [19504]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.C2499D80ABF9D0A69072E0B365E20B45] - 05/01/2010 - 19:30:10 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [505856]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 29/01/2014 - 15:37:21 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 18 Legitimates Filtered in 00mn 21s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 27/11/2009 - C:\Windows\System32\DRIVERS\stdflt.sys (stdflt) .(.ST Microelectronics - Disk Filter Driver for Accelerometer.) - LEGACY_STDFLT
~ Legacy: 92 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (awesomehp) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.0985D6AFDFC3F0C21E743EDACBA283D4] [SPRF][29/01/2014] (...) -- C:\Users\RKiss\AppData\Local\Temp\ExchangePerflog_8484fa31794e128fcfcccd43.dat [28]
[MD5.868292BA9D5BDADFE64B66B586B6BA0A] [SPRF][28/11/2013] (...) -- C:\Users\RKiss\AppData\Roaming\unins000.dat [15952]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{DC5790A7-DFB8-416D-B876-21DDC0C22B01}C:\users\rkiss\appdata\local\temp\keygen.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\rkiss\appdata\local\temp\keygen.exe (.not file.)
O87 - FAEL: "UDP Query User{6E1C891F-F44A-4C1B-8482-EF124AA4F991}C:\users\rkiss\appdata\local\temp\keygen.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\rkiss\appdata\local\temp\keygen.exe (.not file.)
O87 - FAEL: "TCP Query User{00878594-D8E3-479A-BD62-E3FF634E81E9}C:\program files (x86)\soulseekns\slsk.exe" | In - Private - P6 - TRUE | .(.No owner - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe =>P2P.SoulSeek
O87 - FAEL: "UDP Query User{2EC5251F-26AD-498F-803A-872A78CD6CAD}C:\program files (x86)\soulseekns\slsk.exe" | In - Private - P17 - TRUE | .(.No owner - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe =>P2P.SoulSeek
O87 - FAEL: "{C10FB2AC-09B0-4B9C-A581-91D2E096E5B1}" |In - Private - P6 - TRUE | .(...) -- C:\Users\RKiss\AppData\Local\Temp\7zS291C\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{CCD439C6-44E9-442E-AB41-F587E7C2DDC9}" |In - Private - P17 - TRUE | .(...) -- C:\Users\RKiss\AppData\Local\Temp\7zS291C\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{EE513561-C4A1-4A38-BBC6-11BE96D40831}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{6C4836DF-B390-4169-9602-4562E7187F14}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{3AD6F151-7465-4D39-A63B-C9C1CAD2F8FF}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{AE492F5F-78AD-48BB-8566-F2385DC4404A}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{EC4A1D9D-2942-4522-925D-CC153E7C824F}" |In - Private - P6 - TRUE | .(...) -- C:\Users\RKiss\Downloads\sweetimsetup(1).exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{10572E0A-4844-4B07-BE1E-85E91CE7DE41}" |In - Private - P17 - TRUE | .(...) -- C:\Users\RKiss\Downloads\sweetimsetup(1).exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "TCP Query User{4956766B-B1EB-4875-A025-CBD2794D33F6}C:\program files (x86)\soulseekqt\soulseekqt.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\soulseekqt\soulseekqt.exe (.not file.) =>P2P.SoulSeek
O87 - FAEL: "UDP Query User{BD53298D-FC32-4A5F-BD97-5A770B4CFDAD}C:\program files (x86)\soulseekqt\soulseekqt.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\soulseekqt\soulseekqt.exe (.not file.) =>P2P.SoulSeek
O87 - FAEL: "{AE580A6F-FB9B-4B7D-9B3F-4ACDA9AC82A6}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{73583429-1E34-4FF6-B752-7EBDA15A26B1}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{4E108412-ED8A-4A5E-8681-2042E114E42E}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{AD6D369D-759B-47C9-9093-33F7761D9D48}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{FA4EF48E-E46B-4E8E-8FA2-8D23E5CEA71F}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
O87 - FAEL: "TCP Query User{06156C18-D19B-40D3-A528-DBE446BDEF32}C:\program files (x86)\ares\ares.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "UDP Query User{2C758F7C-D6DE-4483-8948-1BCC2F47F74D}C:\program files (x86)\ares\ares.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "TCP Query User{F6C9E5FC-0CB9-4ABE-BACD-FED6E6E4BA6E}C:\Program Files (x86)\Ares\Ares.exe" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Ares\Ares.exe (.not file.)
O87 - FAEL: "UDP Query User{61CA4ED4-4752-4421-B36B-E24CB39400DF}C:\Program Files (x86)\Ares\Ares.exe" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Ares\Ares.exe (.not file.)
O87 - FAEL: "TCP Query User{4B718043-A20B-4722-A72D-8E5532F293E6}C:\program files (x86)\soulseekns\slsk.exe" | In - Public - P6 - TRUE | .(.No owner - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe =>P2P.SoulSeek
O87 - FAEL: "UDP Query User{45CA6BD7-B68F-49B9-819D-B4AA24EBA59E}C:\program files (x86)\soulseekns\slsk.exe" | In - Public - P17 - TRUE | .(.No owner - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe =>P2P.SoulSeek
~ Firewall: 269 Legitimates Filtered in 00mn 01s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "15B33395C3AEB7D4A9EF69DA153B2C66" . (.Fingerprint Sensor Minimum Install.) -- C:\Windows\Installer\{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}\ARPPRODUCTICON.exe
O90 - PUC: "1A8A78613F0FAA44D98ABAEA6645AA4F" . (.Start Menu Cleanup.) -- C:\Windows\Installer\{1687A8A1-F0F3-44AA-9DA8-ABAE6654AAF4}\ARPPRODUCTICON.exe
O90 - PUC: "293A837E096FD9A408E8B7FA080E3B89" . (.ESC Home Page Plugin.) -- C:\Windows\Installer\{E738A392-F690-4A9D-808E-7BAF80E0B398}\ARPPRODUCTICON.exe
O90 - PUC: "5E6C3959E5023C547B5850FC41C67AA6" . (.biolsp patch.) -- C:\Windows\Installer\{9593C6E5-205E-45C3-B785-05CF146CA76A}\ARPPRODUCTICON.exe
O90 - PUC: "9E928E1D8B886C747AE5D0042E0CD905" . (.Secure Update.) -- C:\Windows\Installer\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\ARPPRODUCTICON.exe
~ Update Products: 75 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BF8A32BE2E09FAE28F33EC2A9DC92141] [WIS][29/01/2014] (.Igor Pavlov - 7-Zip (x64 edition) Package.) -- C:\Windows\Installer\18c267.msi [1443840]
[MD5.22FB3F39E59041770FE68030DFDC272A] [WIS][15/11/2008] (.NTRU Cryptosystems - NTRU TCG Software Stack.) -- C:\Windows\Installer\2f982.msi [3345408]
~ WIS: 79 Legitimates Filtered in 00mn 21s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 28/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 10/07/1658 0 | (Common Toolkit Tools) . (...) - C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe
SS - | Disabled 29/11/2009 59904 | (InstallFilterService) . (...) - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Auto 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 09/10/2006 724992 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 03/06/2009 1555456 | (SecureStorageService) . (.Wave Systems Corp..) - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
SS - | Auto 10/07/1658 0 | (SecureUpdateSvc) . (...) - C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
SS - | Demand 11/06/2012 724376 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 10/07/1658 0 | (Suite Service) . (...) - C:\Program Files (x86)\Fighters\FighterSuiteService.exe
SS - | Auto 12/11/2008 1273856 | (tcsd_win32.exe) . (...) - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/12/2013 881440 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 15/05/2009 1803512 | (ATService) . (.AuthenTec, Inc..) - C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
SR - | Auto 28/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 20/10/2009 873248 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 21/09/2009 1420560 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 25/09/2013 451640 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 11/11/2013 341824 | (IMFservice) . (.IObit.) - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
SR - | Demand 01/11/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 04/11/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 13/04/2012 29440 | (MacheenService) . (.Macheen.) - C:\Program Files (x86)\Dell\NetReady\MacheenService.exe
SR - | Auto 21/09/2009 831760 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 05/01/2010 244736 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe
SR - | Auto 21/08/2009 2515456 | (TdmService) . (.Wave Systems Corp..) - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
SR - | Auto 23/04/2013 3574624 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 04/11/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 12/07/2009 1924400 | (vcsFPService) . (.Validity Sensors, Inc..) - C:\Windows\system32\vcsFPService.exe
SR - | Auto 18/08/2010 278800 | (WebUpdate4) . (.Data Perceptions / PowerProgrammer.) - C:\Windows\SysWOW64\WebUpdateSvc4.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 28/10/2009 444416 | (WMCoreService) . (...) - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 23s
---\\ Scâner Aditional (088)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 19
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 7
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}] =>Toolbar.LastPass^
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AccelerateTab_is1] =>PUP.SpeedDial^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins] =>Trojan.SProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro Updater] =>PUP.OptimizerPro^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soulseek2] =>P2P.SoulSeek^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX] =>PUP.Dealply^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater] =>Hijacker.BabSolution
[HKLM\Software\Wow6432Node\VBMZ] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Classes\Installer\Features\436DABD223008E24A8404BFC5C60E20B] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Installer\Features\436DABD223008E24A8404BFC5C60E20B] =>Adware.IMBooster
[HKLM\Software\v7slicldr] =>Trojan.Dropper
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Classes\SpeedDial.TSpeedDial] =>PUP.SpeedDial
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply] =>PUP.DealPly
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} =>Toolbar.LastPass^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BitTorrent =>P2P.BitTorrent^
C:\Program Files (x86)\SoulseekNS =>P2P.SoulSeek^
C:\ProgramData\Soulseek =>P2P.SoulSeek^
C:\Users\RKiss\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\RKiss\AppData\Roaming\eDownloader_x86_x64_setup =>PUP.SoftwareEngine^
C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS =>P2P.SoulSeek^
C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\SoulSeek] =>P2P.SoulSeek^
[HKCU\Software\Soulseek2] =>P2P.SoulSeek^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\RKiss\Downloads\VLC_Media_Player_Setup.exe =>Adware.iBryte
~ Additionnel Scan: 317858 Items scanned in 00mn 32s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.LastPass
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SpeedDial
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.SProtector
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.OptimizerPro
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Duuqu
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SoftwareEngine
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetIM
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Spyware.ProtectedSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.eSafeSecurity
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.V9Software
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.BabSolution
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Dropper
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.iBryte
~ MSI: 22 link(s) detected in 00mn 32s
~ 1326 Legitimates filtered by white list
End of the scan (650 lines in 02mn 05s)(0)
Segue log ultimo script
Abx
~ Relatório do ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Iniciado por RKiss (29/01/2014 18:02:30)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.3.0.29342 =>P2P.µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3894 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 236 GB (79%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: RKISS-PC
~ User Name: RKiss
~ All Users Names: RKiss, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\RKiss\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\RKiss\AppData\Roaming\
~ %Desktop% : C:\Users\RKiss\Desktop\
~ %Favorites% : C:\Users\RKiss\Favorites\
~ %LocalAppData% : C:\Users\RKiss\AppData\Local\
~ %StartMenu% : C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 236 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/11/2013 - 04:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/698
~ Mes musiques (My Musics) : 5/343
~ Mes Videos (My Videos) : 2/13
~ Mes Favoris (My Favorites) : 1/30
~ Mes Documents (My Documents) : 2/2081
~ Mon Bureau (My Desktop) : 4/829
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.65E1E2771C0973268F45825BCFAD0B61] - (.IObit - Driver Booster.) -- C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [3744064] [PID.3764]
[MD5.AF3DA0C60DE8A312328F247FF2FA6239] - (.IObit - Advanced SystemCare 7 Monitor.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [775968] [PID.4088]
[MD5.F943BE41C2960D45EE183ABA1609CA0E] - (.IObit - Smart Defrag v3.) -- C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [3529504] [PID.3112]
[MD5.62481AEC780B08A891A7158997887E84] - (.No owner - FF_Protection MFC Application.) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896] [PID.4724]
[MD5.F3D7BBAB6DB69B0A9F64818468C92492] - (.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe [882520] [PID.4044] =>P2P.BitTorrent
[MD5.574C7158E51A951CA457D4FA4E3EEF14] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2285344] [PID.2968]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.4564]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4228]
[MD5.ACA040125DA4AF658B347DBD821F3E1D] - (.Broadcom Corporation. - Bluetooth Headset Skype Proxy.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe [13600] [PID.4240]
[MD5.58FC1B36032F03342E4C02813F80DAC1] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\RKiss\AppData\Roaming\Dropbox\bin\Dropbox.exe [30714328] [PID.5316]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3492]
[MD5.0DD74786D22EDFF0CE5B8E1B1E398618] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.6088]
[MD5.A9D8D4DF0EF4199A701137E0B5E9921A] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe [1863048] [PID.5724]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.6956]
[MD5.F5456293D2604BCE2BEC07FC6186A341] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881440] [PID.824]
[MD5.F6E8CCF14B84507497D3108518DBB4CC] - (.AuthenTec, Inc. - AFSS Service.) -- C:\Program Files (x86)\Fingerprint Sensor\AtService.exe [1803512] [PID.904]
[MD5.B121E4EBB785D9EDCED4A36CC59843AE] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [451640] [PID.924]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1524]
[MD5.EAEA4B0005869A4ABE6070BD364143B7] - (.IObit - IObit Malware Fighter Service.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [341824] [PID.1884]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1128]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1456]
[MD5.5460828F8951D310B42B442877603B8D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.2468]
[MD5.7C8DD5576695B3362202EF09B20C425E] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [3574624] [PID.2812]
[MD5.507D80C0ACCC3B4FC123BD99D0AF3F97] - (.Data Perceptions / PowerProgrammer - Software Update Wizard Service (V4.x).) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe [278800] [PID.1124]
[MD5.E1E0B1EFAB0A1BA7DF4778D9AE517F7C] - (...) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [444416] [PID.4060]
[MD5.1B7B925448187118F0455C05D9DCB6EB] - (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1573184] [PID.5520]
[MD5.AFA556B544ABD675646CF5149E009E00] - (.Macheen - MacheenService.) -- C:\Program Files (x86)\Dell\NetReady\MacheenService.exe [29440] [PID.644]
[MD5.9E89C2D6945389270DE067CE51FF7425] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.6704]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\RKiss\AppData\Roaming\Mozilla\Firefox\Profiles\j4irpo73.default\prefs.js
M2 - MFEP: prefs.js [RKiss - j4irpo73.default\adsremoval@adsremoval.net] [] Ads Removal v1.0.0 (..)
M2 - MFEP: prefs.js [RKiss - j4irpo73.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (...) -- C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\RKiss\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 26 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: LastPass Vault [64Bits] - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} . (.No owner - LastPass Toolbar.) -- C:\Program Files (x86)\LastPass\LPToolbar.dll =>Toolbar.LastPass
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 16 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: LastPass Toolbar - [HKLM]{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} . (.No owner - LastPass Toolbar.) -- C:\Program Files (x86)\LastPass\LPToolbar_x64.dll =>Toolbar.LastPass
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E0301295-AB3E-4AF3-979F-3D453C5F9F48} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [RKiss]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [RKiss]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\QuickLaunch [RKiss]: My LastPass Vault.lnk - Chave orfã
O4 - GS\QuickLaunch [RKiss]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [RKiss]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\TaskBar [RKiss]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\Program [RKiss]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\SystemTools [RKiss]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ Global Startup: 60 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Bluetooth.lnk . (...) -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe (.not file.)
O4 - GS\Startup [Public]: Install LastPass FF RunOnce.lnk . (.LastPass - LastPass Installer.) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - GS\Startup [Public]: Install LastPass IE RunOnce.lnk . (.LastPass - LastPass Installer.) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - GS\Startup [RKiss]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\RKiss\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - GS\Startup [RKiss]: OneNote 2010 Screen Clipper and Launcher.lnk . (...) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe (.not file.)
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe (.not file.)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [FreeFallProtection] . (.No owner - FF_Protection MFC Application.) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
O4 - HKLM\..\Run: [SecureUpgrade] . (.Wave Systems Corp. - Check For Later Product Line.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [EmbassySecurityCheck] . (.Wave Systems Corp. - ESC Embassy Security Check.) -- C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKCU\..\Run: [DellSystemDetect] . (...) -- C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1879488085-2394445424-1124259813-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-1879488085-2394445424-1124259813-1000\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-1879488085-2394445424-1124259813-1000\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKUS\S-1-5-21-1879488085-2394445424-1124259813-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-1879488085-2394445424-1124259813-1000\..\Run: [DellSystemDetect] . (...) -- C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: LastPass [64Bits] - {43699cd0-e34f-11de-8a39-0800200c9a66} . (.No owner - LastPass Toolbar.) -- C:\Program Files (x86)\LastPass\LPToolbar_x64.dll =>Toolbar.LastPass
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB03AEB-E91B-4AC1-B43E-5213E2AFCA1E}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CCS\Services\Tcpip\..\{D06D3A52-7FB8-4308-8A18-0C4155F7E6A0}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6DB03AEB-E91B-4AC1-B43E-5213E2AFCA1E}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{D06D3A52-7FB8-4308-8A18-0C4155F7E6A0}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6DB03AEB-E91B-4AC1-B43E-5213E2AFCA1E}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CS2\Services\Tcpip\..\{D06D3A52-7FB8-4308-8A18-0C4155F7E6A0}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.4.0.146 189.4.0.141
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: Macheen Service (MacheenService) . (.Macheen - MacheenService.) - C:\Program Files (x86)\Dell\NetReady\MacheenService.exe
O23 - Service: SecureUpdate (SecureUpdateSvc) . (...) - C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe (.not file.)
O23 - Service: Suite Service (Suite Service) . (...) - C:\Program Files (x86)\Fighters\FighterSuiteService.exe (.not file.)
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) . (.Data Perceptions / PowerProgrammer - Software Update Wizard Service (V4.x).) - C:\Windows\SysWOW64\WebUpdateSvc4.exe
O23 - Service: Mobile Broadband Core Service (WMCoreService) . (...) - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
~ Services: 26 Legitimates Filtered in 00mn 05s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [268]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Driver Booster Startup.job [296]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Driver Booster Update.job [284]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Wise PC 1stAid Task.job [418]
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [Wise PC 1stAid Task] (...) -- C:\Program Files (x86)\Wise\Wise PC 1stAid\WisePCAid.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{35833B63-9488-4F77-8589-DE3125D9194B}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0] =>Adware.BDSearch
[MD5.8E94130A330EE9CBCE196947BE850D03] [APT] [{48EE9114-315D-400C-B7D9-6CF21602E504}] (...) -- C:\Users\RKiss\Downloads\pokerm.exe [1416237]
[MD5.1B552592E7860F61196770CBE937EB3B] [APT] [{BFE3FB3A-7D6D-4AB6-81C1-57788B9A1BB1}] (.UltraDownloads.) -- C:\Users\RKiss\Downloads\Windows-XP-Media-Center-Edition.exe [1172576]
[MD5.00000000000000000000000000000000] [APT] [{D84B0905-2BE1-4194-A813-D702E6612234}] (...) -- C:\Users\RKiss\Desktop\slsk157NS13e.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E6863999-3B35-4E17-A72B-31E3EF42E7F4}] (...) -- D:\setup.exe (.not file.) [0]
~ Scheduled Task: 28 Legitimates Filtered in 00mn 05s
---\\ Software instalados (042)
O42 - Logiciel: AccelerateTab - (.AccelerateTab.) [HKLM][64Bits] -- AccelerateTab_is1 =>PUP.SpeedDial
O42 - Logiciel: Guardião Banco Itaú - (...) [HKCU][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IePluginService12.27.0.3326 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- IePlugins =>Trojan.SProtector
O42 - Logiciel: OptimizerPro Updater - (.CloudSoft.) [HKLM][64Bits] -- OptimizerPro Updater =>PUP.OptimizerPro
O42 - Logiciel: Poker Mania v3.2.1 - (...) [HKLM][64Bits] -- Poker Mania_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: SoulSeek 157 NS 13e - (...) [HKLM][64Bits] -- Soulseek2 =>P2P.SoulSeek
O42 - Logiciel: UpdaterEX - (.UpdaterEX.) [HKCU][64Bits] -- UpdaterEX =>PUP.Dealply
~ Logic: 21 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Adorika]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\DownloadAstro]
[HKCU\Software\GbAs]
[HKCU\Software\Orban]
[HKCU\Software\SERPRO]
[HKCU\Software\SoulSeek] =>P2P.SoulSeek
[HKCU\Software\Soulseek2] =>P2P.SoulSeek
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\ADBlock]
[HKLM\Software\Wow6432Node\ADSRemoval]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Macheen]
[HKLM\Software\Wow6432Node\VBMZ] =>PUP.Duuqu
[HKLM\Software\Wow6432Node\W4]
[HKLM\Software\Wow6432Node\WUW]
[HKLM\Software\Wow6432Node\Web Update Wizard]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab]
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
[HKLM\Software\v7slicldr]
~ Key Software: 353 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/09/2013 - 15:53:09 - [0,959] ----D C:\Program Files (x86)\Ares
O43 - CFD: 04/01/2013 - 16:28:12 - [0] ----D C:\Program Files (x86)\CompanyDir
O43 - CFD: 01/06/2013 - 12:12:13 - [1,762] ----D C:\Program Files (x86)\Orban
O43 - CFD: 29/01/2014 - 16:22:01 - [0,769] ----D C:\Program Files (x86)\Poker Mania
O43 - CFD: 25/02/2013 - 21:28:16 - [8,843] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 02/09/2013 - 17:50:05 - [3,591] ----D C:\Program Files (x86)\SoulseekNS =>P2P.SoulSeek
O43 - CFD: 04/01/2013 - 16:28:18 - [2,919] ----D C:\ProgramData\MacheenService
O43 - CFD: 08/01/2013 - 14:56:43 - [0] ----D C:\ProgramData\Soulseek =>P2P.SoulSeek
O43 - CFD: 04/06/2013 - 20:48:43 - [0] ----D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
O43 - CFD: 04/06/2013 - 20:48:44 - [0] ----D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
O43 - CFD: 26/09/2013 - 18:00:51 - [2,774] ----D C:\Users\RKiss\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 26/09/2013 - 18:00:48 - [0] ----D C:\Users\RKiss\AppData\Roaming\eDownloader_x86_x64_setup =>PUP.SoftwareEngine
O43 - CFD: 26/09/2013 - 18:00:34 - [0,079] ----D C:\Users\RKiss\AppData\Roaming\im_etapas_cdedvd
O43 - CFD: 02/09/2013 - 17:46:01 - [0,063] ----D C:\Users\RKiss\AppData\Local\Ares
O43 - CFD: 28/01/2014 - 11:34:21 - [54,181] ----D C:\Users\RKiss\AppData\Local\NetReady
O43 - CFD: 26/09/2013 - 18:00:48 - [0,001] ----D C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ccDownloader
O43 - CFD: 04/01/2013 - 09:32:39 - [0,003] ----D C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ferramenta de diagnóstico de modem
O43 - CFD: 25/02/2013 - 21:26:06 - [0,004] ----D C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 02/09/2013 - 17:50:05 - [0] ----D C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS =>P2P.SoulSeek
~ Program Folder: 221 Legitimates Filtered in 00mn 10s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.82CC69B6681C964EC331669C6F38337D] - 22/01/2014 - 09:56:23 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148746]
O44 - LFC:[MD5.072491829404D2A5ABF7C634752C0D0B] - 22/01/2014 - 09:56:23 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [708966]
O44 - LFC:[MD5.6811DFE4A402DB306C7230BB60A76733] - 23/01/2014 - 12:41:04 ---A- . (...) -- C:\Windows\BRWMARK.INI [441]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 28/01/2014 - 15:17:15 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.4BF5A770C152609432F5DFC2FB8CDE34] - 29/01/2014 - 11:40:57 ---A- . (...) -- C:\zoek-results2014-01-29-144057.log [39155]
O44 - LFC:[MD5.14A5FC724911F155D8D12959CAE86ACB] - 29/01/2014 - 13:40:17 ---A- . (...) -- C:\zoek-results2014-01-29-164017.log [68772]
O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 29/01/2014 - 14:30:20 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.786605A80732DF121EB854A907463B38] - 29/01/2014 - 15:37:17 ---A- . (...) -- C:\.rnd [1024]
O44 - LFC:[MD5.1E59194A23F1AA16779716EE82A07450] - 29/01/2014 - 15:38:21 ---A- . (...) -- C:\zoek-results.log [13936]
~ Files: 36 Legitimates Filtered in 00mn 04s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{64d82fe2-5cbd-11e2-aab4-f04da2e8391e}\AutoRun\command. (...) -- E:\iLinker.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.BC647F1F9DCE55B05B54683260ECE4FB] - 31/05/2012 - 20:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:[MD5.E388503069001F0797EC200CE19B265E] - 27/11/2009 - 12:38:22 ---A- . (.ST Microelectronics - Accelerometer Port I/O.) -- C:\Windows\System32\Drivers\Acceler.sys [25136]
O58 - SDL:[MD5.EB008A36206BF9D0DE3C5F9DF67D20D8] - 09/07/2010 - 10:41:42 ---A- . (.ST Microelectronics - Accelerometer Port I/O.) -- C:\Windows\System32\Drivers\Accelern.sys [43888]
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 19/11/2013 - 13:08:45 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 28/12/2013 - 14:27:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.3D69F5F3BEB8AA28D7F46F5548B8D6D7] - 27/11/2009 - 12:38:14 ---A- . (.ST Microelectronics - Disk Filter Driver for Accelerometer.) -- C:\Windows\System32\Drivers\stdflt.sys [19504]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.C2499D80ABF9D0A69072E0B365E20B45] - 05/01/2010 - 19:30:10 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [505856]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 29/01/2014 - 15:37:21 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 18 Legitimates Filtered in 00mn 21s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 27/11/2009 - C:\Windows\System32\DRIVERS\stdflt.sys (stdflt) .(.ST Microelectronics - Disk Filter Driver for Accelerometer.) - LEGACY_STDFLT
~ Legacy: 92 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (awesomehp) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.0985D6AFDFC3F0C21E743EDACBA283D4] [SPRF][29/01/2014] (...) -- C:\Users\RKiss\AppData\Local\Temp\ExchangePerflog_8484fa31794e128fcfcccd43.dat [28]
[MD5.868292BA9D5BDADFE64B66B586B6BA0A] [SPRF][28/11/2013] (...) -- C:\Users\RKiss\AppData\Roaming\unins000.dat [15952]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{DC5790A7-DFB8-416D-B876-21DDC0C22B01}C:\users\rkiss\appdata\local\temp\keygen.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\rkiss\appdata\local\temp\keygen.exe (.not file.)
O87 - FAEL: "UDP Query User{6E1C891F-F44A-4C1B-8482-EF124AA4F991}C:\users\rkiss\appdata\local\temp\keygen.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\rkiss\appdata\local\temp\keygen.exe (.not file.)
O87 - FAEL: "TCP Query User{00878594-D8E3-479A-BD62-E3FF634E81E9}C:\program files (x86)\soulseekns\slsk.exe" | In - Private - P6 - TRUE | .(.No owner - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe =>P2P.SoulSeek
O87 - FAEL: "UDP Query User{2EC5251F-26AD-498F-803A-872A78CD6CAD}C:\program files (x86)\soulseekns\slsk.exe" | In - Private - P17 - TRUE | .(.No owner - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe =>P2P.SoulSeek
O87 - FAEL: "{C10FB2AC-09B0-4B9C-A581-91D2E096E5B1}" |In - Private - P6 - TRUE | .(...) -- C:\Users\RKiss\AppData\Local\Temp\7zS291C\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{CCD439C6-44E9-442E-AB41-F587E7C2DDC9}" |In - Private - P17 - TRUE | .(...) -- C:\Users\RKiss\AppData\Local\Temp\7zS291C\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{EE513561-C4A1-4A38-BBC6-11BE96D40831}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{6C4836DF-B390-4169-9602-4562E7187F14}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{3AD6F151-7465-4D39-A63B-C9C1CAD2F8FF}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{AE492F5F-78AD-48BB-8566-F2385DC4404A}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{EC4A1D9D-2942-4522-925D-CC153E7C824F}" |In - Private - P6 - TRUE | .(...) -- C:\Users\RKiss\Downloads\sweetimsetup(1).exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{10572E0A-4844-4B07-BE1E-85E91CE7DE41}" |In - Private - P17 - TRUE | .(...) -- C:\Users\RKiss\Downloads\sweetimsetup(1).exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "TCP Query User{4956766B-B1EB-4875-A025-CBD2794D33F6}C:\program files (x86)\soulseekqt\soulseekqt.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\soulseekqt\soulseekqt.exe (.not file.) =>P2P.SoulSeek
O87 - FAEL: "UDP Query User{BD53298D-FC32-4A5F-BD97-5A770B4CFDAD}C:\program files (x86)\soulseekqt\soulseekqt.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\soulseekqt\soulseekqt.exe (.not file.) =>P2P.SoulSeek
O87 - FAEL: "{AE580A6F-FB9B-4B7D-9B3F-4ACDA9AC82A6}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{73583429-1E34-4FF6-B752-7EBDA15A26B1}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{4E108412-ED8A-4A5E-8681-2042E114E42E}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{AD6D369D-759B-47C9-9093-33F7761D9D48}" |Out - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Protected Search\ProtectedSearch.exe (.not file.) =>Spyware.ProtectedSearch
O87 - FAEL: "{FA4EF48E-E46B-4E8E-8FA2-8D23E5CEA71F}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
O87 - FAEL: "TCP Query User{06156C18-D19B-40D3-A528-DBE446BDEF32}C:\program files (x86)\ares\ares.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "UDP Query User{2C758F7C-D6DE-4483-8948-1BCC2F47F74D}C:\program files (x86)\ares\ares.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\ares\ares.exe (.not file.)
O87 - FAEL: "TCP Query User{F6C9E5FC-0CB9-4ABE-BACD-FED6E6E4BA6E}C:\Program Files (x86)\Ares\Ares.exe" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Ares\Ares.exe (.not file.)
O87 - FAEL: "UDP Query User{61CA4ED4-4752-4421-B36B-E24CB39400DF}C:\Program Files (x86)\Ares\Ares.exe" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Ares\Ares.exe (.not file.)
O87 - FAEL: "TCP Query User{4B718043-A20B-4722-A72D-8E5532F293E6}C:\program files (x86)\soulseekns\slsk.exe" | In - Public - P6 - TRUE | .(.No owner - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe =>P2P.SoulSeek
O87 - FAEL: "UDP Query User{45CA6BD7-B68F-49B9-819D-B4AA24EBA59E}C:\program files (x86)\soulseekns\slsk.exe" | In - Public - P17 - TRUE | .(.No owner - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe =>P2P.SoulSeek
~ Firewall: 269 Legitimates Filtered in 00mn 01s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "15B33395C3AEB7D4A9EF69DA153B2C66" . (.Fingerprint Sensor Minimum Install.) -- C:\Windows\Installer\{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}\ARPPRODUCTICON.exe
O90 - PUC: "1A8A78613F0FAA44D98ABAEA6645AA4F" . (.Start Menu Cleanup.) -- C:\Windows\Installer\{1687A8A1-F0F3-44AA-9DA8-ABAE6654AAF4}\ARPPRODUCTICON.exe
O90 - PUC: "293A837E096FD9A408E8B7FA080E3B89" . (.ESC Home Page Plugin.) -- C:\Windows\Installer\{E738A392-F690-4A9D-808E-7BAF80E0B398}\ARPPRODUCTICON.exe
O90 - PUC: "5E6C3959E5023C547B5850FC41C67AA6" . (.biolsp patch.) -- C:\Windows\Installer\{9593C6E5-205E-45C3-B785-05CF146CA76A}\ARPPRODUCTICON.exe
O90 - PUC: "9E928E1D8B886C747AE5D0042E0CD905" . (.Secure Update.) -- C:\Windows\Installer\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\ARPPRODUCTICON.exe
~ Update Products: 75 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BF8A32BE2E09FAE28F33EC2A9DC92141] [WIS][29/01/2014] (.Igor Pavlov - 7-Zip (x64 edition) Package.) -- C:\Windows\Installer\18c267.msi [1443840]
[MD5.22FB3F39E59041770FE68030DFDC272A] [WIS][15/11/2008] (.NTRU Cryptosystems - NTRU TCG Software Stack.) -- C:\Windows\Installer\2f982.msi [3345408]
~ WIS: 79 Legitimates Filtered in 00mn 21s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 28/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 10/07/1658 0 | (Common Toolkit Tools) . (...) - C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe
SS - | Disabled 29/11/2009 59904 | (InstallFilterService) . (...) - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Auto 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 09/10/2006 724992 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 03/06/2009 1555456 | (SecureStorageService) . (.Wave Systems Corp..) - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
SS - | Auto 10/07/1658 0 | (SecureUpdateSvc) . (...) - C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
SS - | Demand 11/06/2012 724376 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 10/07/1658 0 | (Suite Service) . (...) - C:\Program Files (x86)\Fighters\FighterSuiteService.exe
SS - | Auto 12/11/2008 1273856 | (tcsd_win32.exe) . (...) - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/12/2013 881440 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\AESTSr64.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 15/05/2009 1803512 | (ATService) . (.AuthenTec, Inc..) - C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
SR - | Auto 28/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 20/10/2009 873248 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 21/09/2009 1420560 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 25/09/2013 451640 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 11/11/2013 341824 | (IMFservice) . (.IObit.) - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
SR - | Demand 01/11/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 04/11/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 13/04/2012 29440 | (MacheenService) . (.Macheen.) - C:\Program Files (x86)\Dell\NetReady\MacheenService.exe
SR - | Auto 21/09/2009 831760 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 05/01/2010 244736 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1583ee0fbe559aff\STacSV64.exe
SR - | Auto 21/08/2009 2515456 | (TdmService) . (.Wave Systems Corp..) - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
SR - | Auto 23/04/2013 3574624 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 04/11/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 12/07/2009 1924400 | (vcsFPService) . (.Validity Sensors, Inc..) - C:\Windows\system32\vcsFPService.exe
SR - | Auto 18/08/2010 278800 | (WebUpdate4) . (.Data Perceptions / PowerProgrammer.) - C:\Windows\SysWOW64\WebUpdateSvc4.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 28/10/2009 444416 | (WMCoreService) . (...) - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 23s
---\\ Scâner Aditional (088)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 19
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 7
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}] =>Toolbar.LastPass^
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AccelerateTab_is1] =>PUP.SpeedDial^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins] =>Trojan.SProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro Updater] =>PUP.OptimizerPro^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soulseek2] =>P2P.SoulSeek^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX] =>PUP.Dealply^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater] =>Hijacker.BabSolution
[HKLM\Software\Wow6432Node\VBMZ] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Classes\Installer\Features\436DABD223008E24A8404BFC5C60E20B] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Installer\Features\436DABD223008E24A8404BFC5C60E20B] =>Adware.IMBooster
[HKLM\Software\v7slicldr] =>Trojan.Dropper
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Classes\SpeedDial.TSpeedDial] =>PUP.SpeedDial
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply] =>PUP.DealPly
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} =>Toolbar.LastPass^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BitTorrent =>P2P.BitTorrent^
C:\Program Files (x86)\SoulseekNS =>P2P.SoulSeek^
C:\ProgramData\Soulseek =>P2P.SoulSeek^
C:\Users\RKiss\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\RKiss\AppData\Roaming\eDownloader_x86_x64_setup =>PUP.SoftwareEngine^
C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS =>P2P.SoulSeek^
C:\Program Files (x86)\BitTorrent\BitTorrent.exe =>P2P.BitTorrent^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\SoulSeek] =>P2P.SoulSeek^
[HKCU\Software\Soulseek2] =>P2P.SoulSeek^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\RKiss\Downloads\VLC_Media_Player_Setup.exe =>Adware.iBryte
~ Additionnel Scan: 317858 Items scanned in 00mn 32s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.LastPass
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SpeedDial
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.SProtector
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.OptimizerPro
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Duuqu
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SoftwareEngine
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetIM
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Spyware.ProtectedSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.eSafeSecurity
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.V9Software
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.BabSolution
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Dropper
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.iBryte
~ MSI: 22 link(s) detected in 00mn 32s
~ 1326 Legitimates filtered by white list
End of the scan (650 lines in 02mn 05s)(0)
rkiss- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 28/01/2014
Re: Remoção awesomehp
por Power Max Qua 29 Jan 2014, 22:04
Copie todo este script que te passei.Vá no menu: Iniciar > Todos os programas > ZHP > ZHPFix > Na tela que abrir cole o que você copiou (Ctrl + V) > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção awesomehp
por rkiss Qui 30 Jan 2014, 11:11
Bom dia meu caro,
Segue log do script ZHPFix.
Abx
Rapport de ZHPFix 2014.1.17.2 par Nicolas Coolman, Update du 17/01/2014
Fichier d'export Registre :
Run by RKiss at 30/01/2014 11:09:02
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 03s)
========== Softwares ==========
AUSENTE Uninstall Process: c:\programdata\iepluginservice\pluginservice.exe
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\RKiss\Downloads\pokerm.exe
ELIMINÉ: Memory Process: C:\Users\RKiss\Downloads\Windows-XP-Media-Center-Edition.exe
ELIMINÉ: Memory Process: C:\Users\RKiss\Downloads\VLC_Media_Player_Setup.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins]
ELIMINÉ: Mozilla Plugin: @lightspark.github.com/Lightspark;version=1
ELIMINÉ: CLSID BHO: {95D9ECF5-2A4D-4550-BE49-70D42F71296E}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}]
ELIMINÉ:* CLSID Extra Buttons: {43699cd0-e34f-11de-8a39-0800200c9a66}
ELIMINÉ: Service: SecureUpdateSvc
ELIMINÉ: Service: Suite Service
ELIMINÉ: HKCU\Software\Adorika
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: HKLM\Software\Wow6432Node\VBMZ
ELIMINÉ: HKLM\Software\Wow6432Node\Wpm
ELIMINÉ: HKLM\Software\Wow6432Node\supTab
ELIMINÉ: HKLM\Software\Wow6432Node\supWPM
ELIMINÉ:* HKLM\Software\v7slicldr
ELIMINÉ CLSID MPSK: {64d82fe2-5cbd-11e2-aab4-f04da2e8391e}
ELIMINÉ: SearchScopes :{33BB0A4E-99AF-4226-BDF6-49120163DE86}
ELIMINÉ: Service: Bonjour Service
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro Updater
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
ELIMINÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ: HKLM\Software\Classes\Installer\Features\436DABD223008E24A8404BFC5C60E20B
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
ELIMINÉ: HKLM\Software\Classes\SpeedDial.TSpeedDial
ELIMINÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}
ELIMINÉ: Toolbar: {E0301295-AB3E-4AF3-979F-3D453C5F9F48}
ELIMINÉ RunValue: SysTrayApp
ELIMINÉ RunValue: SynTPEnh
ELIMINÉ RunValue: iTunesHelper
ELIMINÉ MWPS Value: EnableLUA
ELIMINÉ MWPS Value: EnableUIADesktopToggle
ELIMINÉ MWPS Value: PromptOnSecureDesktop
ELIMINÉ MWPS Value: FilterAdministratorToken
ELIMINÉ MWPE Value: NoActiveDesktopChanges
ELIMINÉ: TCP Query User{DC5790A7-DFB8-416D-B876-21DDC0C22B01}C:\users\rkiss\appdata\local\temp\keygen.exe
ELIMINÉ: UDP Query User{6E1C891F-F44A-4C1B-8482-EF124AA4F991}C:\users\rkiss\appdata\local\temp\keygen.exe
ELIMINÉ: {C10FB2AC-09B0-4B9C-A581-91D2E096E5B1}
ELIMINÉ: {CCD439C6-44E9-442E-AB41-F587E7C2DDC9}
ELIMINÉ: {EE513561-C4A1-4A38-BBC6-11BE96D40831}
ELIMINÉ: {6C4836DF-B390-4169-9602-4562E7187F14}
ELIMINÉ: {3AD6F151-7465-4D39-A63B-C9C1CAD2F8FF}
ELIMINÉ: {AE492F5F-78AD-48BB-8566-F2385DC4404A}
ELIMINÉ: {EC4A1D9D-2942-4522-925D-CC153E7C824F}
ELIMINÉ: {10572E0A-4844-4B07-BE1E-85E91CE7DE41}
ELIMINÉ: {AE580A6F-FB9B-4B7D-9B3F-4ACDA9AC82A6}
ELIMINÉ: {73583429-1E34-4FF6-B752-7EBDA15A26B1}
ELIMINÉ: {4E108412-ED8A-4A5E-8681-2042E114E42E}
ELIMINÉ: {AD6D369D-759B-47C9-9093-33F7761D9D48}
ELIMINÉ: {FA4EF48E-E46B-4E8E-8FA2-8D23E5CEA71F}
ELIMINÉ: TCP Query User{06156C18-D19B-40D3-A528-DBE446BDEF32}C:\program files (x86)\ares\ares.exe
ELIMINÉ: UDP Query User{2C758F7C-D6DE-4483-8948-1BCC2F47F74D}C:\program files (x86)\ares\ares.exe
ELIMINÉ: TCP Query User{F6C9E5FC-0CB9-4ABE-BACD-FED6E6E4BA6E}C:\Program Files (x86)\Ares\Ares.exe
ELIMINÉ: UDP Query User{61CA4ED4-4752-4421-B36B-E24CB39400DF}C:\Program Files (x86)\Ares\Ares.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
SUBSTITUI Value Start_ShowMyGames : Good (1) - Bad (0)
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\program files (x86)\lastpass\lptoolbar.dll
ELIMINÉ: c:\users\rkiss\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\RKiss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
ELIMINÉ: c:\users\rkiss\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\RKiss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
ELIMINÉ: c:\users\rkiss\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\mozilla firefox.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\RKiss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
ELIMINÉ: c:\users\rkiss\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
ELIMINÉ: c:\users\rkiss\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\internet explorer (no add-ons).lnk (http://www.awesomehp.com)
CRIADO: C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\startup\bluetooth.lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\startup\install lastpass ff runonce.lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\startup\install lastpass ie runonce.lnk
ELIMINÉ: c:\users\rkiss\appdata\roaming\microsoft\windows\start menu\programs\startup\onenote 2010 screen clipper and launcher.lnk
ELIMINA REINICIAR: c:\program files (x86)\itunes\ituneshelper.exe
ELIMINÉ: c:\windows\tasks\autokms.job
ELIMINÉ: c:\windows\tasks\wise pc 1staid task.job
ELIMINA REINICIAR: c:\windows\system32\drivers\360fltoem.sys
ELIMINA REINICIAR: c:\program files\bonjour\mdnsresponder.exe
ELIMINÉ Temporários windows (11) (1.094.958 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: AutoKMS
ELIMINÉ: AutoKMS
ELIMINÉ: Wise PC 1stAid Task
ELIMINÉ: {35833B63-9488-4F77-8589-DE3125D9194B}
ELIMINÉ: {48EE9114-315D-400C-B7D9-6CF21602E504}
ELIMINÉ: {BFE3FB3A-7D6D-4AB6-81C1-57788B9A1BB1}
ELIMINÉ: {D84B0905-2BE1-4194-A813-D702E6612234}
ELIMINÉ: {E6863999-3B35-4E17-A72B-31E3EF42E7F4}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
3 : Processo memória
30 : Chaves do Registo
35 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
22 : Ficheiros
1 : Softwares
8 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 43s
========== Caminho do ficheiro do relatório ==========
C:\Users\RKiss\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/01/2014 11:09:06 [7828]
Segue log do script ZHPFix.
Abx
Rapport de ZHPFix 2014.1.17.2 par Nicolas Coolman, Update du 17/01/2014
Fichier d'export Registre :
Run by RKiss at 30/01/2014 11:09:02
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 03s)
========== Softwares ==========
AUSENTE Uninstall Process: c:\programdata\iepluginservice\pluginservice.exe
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\RKiss\Downloads\pokerm.exe
ELIMINÉ: Memory Process: C:\Users\RKiss\Downloads\Windows-XP-Media-Center-Edition.exe
ELIMINÉ: Memory Process: C:\Users\RKiss\Downloads\VLC_Media_Player_Setup.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins]
ELIMINÉ: Mozilla Plugin: @lightspark.github.com/Lightspark;version=1
ELIMINÉ: CLSID BHO: {95D9ECF5-2A4D-4550-BE49-70D42F71296E}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}]
ELIMINÉ:* CLSID Extra Buttons: {43699cd0-e34f-11de-8a39-0800200c9a66}
ELIMINÉ: Service: SecureUpdateSvc
ELIMINÉ: Service: Suite Service
ELIMINÉ: HKCU\Software\Adorika
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: HKLM\Software\Wow6432Node\VBMZ
ELIMINÉ: HKLM\Software\Wow6432Node\Wpm
ELIMINÉ: HKLM\Software\Wow6432Node\supTab
ELIMINÉ: HKLM\Software\Wow6432Node\supWPM
ELIMINÉ:* HKLM\Software\v7slicldr
ELIMINÉ CLSID MPSK: {64d82fe2-5cbd-11e2-aab4-f04da2e8391e}
ELIMINÉ: SearchScopes :{33BB0A4E-99AF-4226-BDF6-49120163DE86}
ELIMINÉ: Service: Bonjour Service
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro Updater
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
ELIMINÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ: HKLM\Software\Classes\Installer\Features\436DABD223008E24A8404BFC5C60E20B
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
ELIMINÉ: HKLM\Software\Classes\SpeedDial.TSpeedDial
ELIMINÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}
ELIMINÉ: Toolbar: {E0301295-AB3E-4AF3-979F-3D453C5F9F48}
ELIMINÉ RunValue: SysTrayApp
ELIMINÉ RunValue: SynTPEnh
ELIMINÉ RunValue: iTunesHelper
ELIMINÉ MWPS Value: EnableLUA
ELIMINÉ MWPS Value: EnableUIADesktopToggle
ELIMINÉ MWPS Value: PromptOnSecureDesktop
ELIMINÉ MWPS Value: FilterAdministratorToken
ELIMINÉ MWPE Value: NoActiveDesktopChanges
ELIMINÉ: TCP Query User{DC5790A7-DFB8-416D-B876-21DDC0C22B01}C:\users\rkiss\appdata\local\temp\keygen.exe
ELIMINÉ: UDP Query User{6E1C891F-F44A-4C1B-8482-EF124AA4F991}C:\users\rkiss\appdata\local\temp\keygen.exe
ELIMINÉ: {C10FB2AC-09B0-4B9C-A581-91D2E096E5B1}
ELIMINÉ: {CCD439C6-44E9-442E-AB41-F587E7C2DDC9}
ELIMINÉ: {EE513561-C4A1-4A38-BBC6-11BE96D40831}
ELIMINÉ: {6C4836DF-B390-4169-9602-4562E7187F14}
ELIMINÉ: {3AD6F151-7465-4D39-A63B-C9C1CAD2F8FF}
ELIMINÉ: {AE492F5F-78AD-48BB-8566-F2385DC4404A}
ELIMINÉ: {EC4A1D9D-2942-4522-925D-CC153E7C824F}
ELIMINÉ: {10572E0A-4844-4B07-BE1E-85E91CE7DE41}
ELIMINÉ: {AE580A6F-FB9B-4B7D-9B3F-4ACDA9AC82A6}
ELIMINÉ: {73583429-1E34-4FF6-B752-7EBDA15A26B1}
ELIMINÉ: {4E108412-ED8A-4A5E-8681-2042E114E42E}
ELIMINÉ: {AD6D369D-759B-47C9-9093-33F7761D9D48}
ELIMINÉ: {FA4EF48E-E46B-4E8E-8FA2-8D23E5CEA71F}
ELIMINÉ: TCP Query User{06156C18-D19B-40D3-A528-DBE446BDEF32}C:\program files (x86)\ares\ares.exe
ELIMINÉ: UDP Query User{2C758F7C-D6DE-4483-8948-1BCC2F47F74D}C:\program files (x86)\ares\ares.exe
ELIMINÉ: TCP Query User{F6C9E5FC-0CB9-4ABE-BACD-FED6E6E4BA6E}C:\Program Files (x86)\Ares\Ares.exe
ELIMINÉ: UDP Query User{61CA4ED4-4752-4421-B36B-E24CB39400DF}C:\Program Files (x86)\Ares\Ares.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
SUBSTITUI Value Start_ShowMyGames : Good (1) - Bad (0)
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\program files (x86)\lastpass\lptoolbar.dll
ELIMINÉ: c:\users\rkiss\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\RKiss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
ELIMINÉ: c:\users\rkiss\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\RKiss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
ELIMINÉ: c:\users\rkiss\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\mozilla firefox.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\RKiss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
ELIMINÉ: c:\users\rkiss\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
ELIMINÉ: c:\users\rkiss\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\internet explorer (no add-ons).lnk (http://www.awesomehp.com)
CRIADO: C:\Users\RKiss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\startup\bluetooth.lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\startup\install lastpass ff runonce.lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\startup\install lastpass ie runonce.lnk
ELIMINÉ: c:\users\rkiss\appdata\roaming\microsoft\windows\start menu\programs\startup\onenote 2010 screen clipper and launcher.lnk
ELIMINA REINICIAR: c:\program files (x86)\itunes\ituneshelper.exe
ELIMINÉ: c:\windows\tasks\autokms.job
ELIMINÉ: c:\windows\tasks\wise pc 1staid task.job
ELIMINA REINICIAR: c:\windows\system32\drivers\360fltoem.sys
ELIMINA REINICIAR: c:\program files\bonjour\mdnsresponder.exe
ELIMINÉ Temporários windows (11) (1.094.958 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: AutoKMS
ELIMINÉ: AutoKMS
ELIMINÉ: Wise PC 1stAid Task
ELIMINÉ: {35833B63-9488-4F77-8589-DE3125D9194B}
ELIMINÉ: {48EE9114-315D-400C-B7D9-6CF21602E504}
ELIMINÉ: {BFE3FB3A-7D6D-4AB6-81C1-57788B9A1BB1}
ELIMINÉ: {D84B0905-2BE1-4194-A813-D702E6612234}
ELIMINÉ: {E6863999-3B35-4E17-A72B-31E3EF42E7F4}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
3 : Processo memória
30 : Chaves do Registo
35 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
22 : Ficheiros
1 : Softwares
8 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 43s
========== Caminho do ficheiro do relatório ==========
C:\Users\RKiss\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/01/2014 11:09:06 [7828]
rkiss- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 28/01/2014
Re: Remoção awesomehp
por Power Max Qui 30 Jan 2014, 11:19
Vários problemas foram removidos. Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Obs: Embora no tutorial acima esteja dizendo que é para se fazer o escaneamento pelo navegador Internet Explorer, você pode fazer ele usando qualquer navegador.
Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:
C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt
Na sua próxima resposta poste este log do Nod32 Online
Ficamos no aguardo de sua resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção awesomehp
por rkiss Qui 30 Jan 2014, 14:16
Prezado
Segue abaixo log do script rodado e o log do antivirus Nod32 Online:
Abx
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1bc1ec738ab24f4a86fed5dab0f99b8a
# engine=16865
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-30 03:42:38
# local_time=2014-01-30 01:42:38 (-0300, Horário brasileiro de verão)
# country="Brazil"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 1923050 1923343 0 0
# compatibility_mode=5893 16776573 100 94 0 142643608 0 0
# scanned=146066
# found=86
# cleaned=83
# scan_time=6630
sh=BE646C6CFF817AEF33DD0BCBB9B549D4D1406491 ft=1 fh=ee37cf4e4ca74df9 vn="multiple threats" ac=I fn="C:\Users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe"
sh=BE646C6CFF817AEF33DD0BCBB9B549D4D1406491 ft=1 fh=ee37cf4e4ca74df9 vn="multiple threats" ac=I fn="C:\Users\Todos os Usuários\IObit\ASCDownloader\Advanced SystemCare.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BittorrentBar_PT\BittorrentBar_PTToolbarHelper.exe.vir"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BittorrentBar_PT\ldrtbBit0.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BittorrentBar_PT\ldrtbBitt.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BittorrentBar_PT\prxtbBitt.dll.vir"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BittorrentBar_PT\tbBit0.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BittorrentBar_PT\tbBitt.dll.vir"
sh=374E378A91209732B48C8416D1E9805E98FDCFA9 ft=1 fh=6da58ad1308c1c96 vn="Win64/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll.vir"
sh=8A2D5E5B32376A40F33D6C9881001425EC025205 ft=1 fh=aee95ab8a3a4911d vn="Win32/Adware.MultiPlug.I application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browse2Save\50f07bb1cbb0c.dll.vir"
sh=2650D953D67EB6269457045BDE238C2384C3ABC7 ft=1 fh=61ae4bfec220c6da vn="a variant of Win32/ELEX.M application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\eSafe\eSafeSvc.exe.vir"
sh=6270B1B9CDFC8C8155EAA6CA89F74BCCFF16E4A1 ft=1 fh=1f1ae8bf1242efa2 vn="Win32/Toolbar.Conduit.F application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\Local\Conduit\CT2849856\BittorrentBar_PTAutoUpdateHelper.exe.vir"
sh=E3F8B8FE0BBC22CBB743C688ED79E0BF73FCCFE5 ft=1 fh=a81abe411291deb5 vn="a variant of Win32/Somoto.D application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\LocalLow\BittorrentBar_PT\ldrtbBitt.dll.vir"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\LocalLow\BittorrentBar_PT\tbBitt.dll.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=2B71A57C96480FE13CB46A9F319794A0AF697642 ft=1 fh=296865a4b95bf4e8 vn="a variant of Win32/Toolbar.Babylon.W application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir"
sh=73FFB342D4EA5BF56D263C86D6851ADCD20AE77F ft=1 fh=f634f44630457a34 vn="a variant of Win32/ELEX.Q application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\Roaming\eIntaller\92BDB7C7AA08467bAFF56CE5BC77ADA4\Desk365.exe.vir"
sh=2650D953D67EB6269457045BDE238C2384C3ABC7 ft=1 fh=61ae4bfec220c6da vn="a variant of Win32/ELEX.M application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\Roaming\eIntaller\92BDB7C7AA08467bAFF56CE5BC77ADA4\eGdpSvc.exe.vir"
sh=E3421516DD0E8F4376840D02E382F9D4E733E787 ft=1 fh=c63038eb1a3ea385 vn="Win32/ELEX.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\IObit\Advanced SystemCare 6\gdp\gdpinstall.exe"
sh=D957B0EC634B5C52AA2B8934223A6248D5152807 ft=1 fh=4c2491a4bea30714 vn="a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\PDFCreator\message.exe"
sh=BE646C6CFF817AEF33DD0BCBB9B549D4D1406491 ft=1 fh=ee37cf4e4ca74df9 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe"
sh=F9CC1F1E362B575985B0A835215AE72031CEBCB6 ft=1 fh=9ff6c1495536ad2f vn="a variant of Win32/InstallCore.AZ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\AppData\Roaming\PDF Creator Packages\uninstaller.exe"
sh=03A6DB1C352B959F3C37ABBD8CDE97D4C6B14F23 ft=1 fh=b00bdf3f2529f377 vn="a variant of Win32/Adware.iBryte.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\AppData\Roaming\ZHP\Quarantine\vlc_media_player_setup.exe.VIR"
sh=FAC07192BCEBDE6A731A21FB364BD78A3FD85DB0 ft=1 fh=3bb0612e68b220b1 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Desktop\Atalho para Arquivos\media-player-codec-pack-v4-2-5-setup.exe"
sh=CAB448DE10869710274E48B2FF0D395DCC61D02D ft=1 fh=9179499e8d305092 vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Documents\Documents\Downloads\DefragSetup.exe"
sh=482F22449715DAC12FC4D7896707C68058443446 ft=1 fh=5fc6f32fe96e6e20 vn="a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Documents\Documents\Downloads\SoftonicDownloader17993.exe"
sh=8E8AD9076B051BD6EF89F84877D995EEFB928E10 ft=1 fh=dac7f14c941b72d7 vn="a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Documents\Documents\Downloads\SoftonicDownloader23941.exe"
sh=C257D5F5973AC28BDB373FB001701BF835E8AE6C ft=1 fh=e8ad7f864b542a83 vn="Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Documents\Documents\Downloads\VDownloaderInitializer.exe"
sh=221210B19AC0B17F0F222443101B0099F7BD3E64 ft=1 fh=f5816da3f7c5bfd3 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\612-asc7-setup.exe"
sh=5F5B1F11A4293E01ACACE63475AB1EFF8AE73B60 ft=1 fh=c71c00117ce6cee5 vn="a variant of Win32/InstallCore.JB application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\7-zip-64-bits--921-32-bits.exe"
sh=01F8E685A0F1C501E1FD9CAC6E0703E72E43CAFF ft=1 fh=c71c00112d6c5de9 vn="a variant of Win32/InstallCore.DO application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\advanced-systemcare-705360-32-bits.exe"
sh=BACD35F9FA9DB3800DD435E1B3F858C3662C90CE ft=1 fh=780152f3b65cd4f2 vn="Win32/ELEX.A.Gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\AdvancedSystemCare6.0_brbxk(1).exe"
sh=BFFC4EAEF8E2163F9F1C041EDD3AB90178D68391 ft=1 fh=8bb61de933db9378 vn="Win32/InstallCore.BL application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\ailt_pdf_to_powerpoint_converter__en.exe"
sh=7DDD4E12CAF0A398B2D62DB2760268F593576918 ft=1 fh=735d435699ab2bdf vn="a variant of Win32/InstallCore.CH application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\ares-galaxy-225-32-bits.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\asc-setup(1).exe"
sh=8B2AB94DF6AE2DAACAEEB58E7C9269F728D38AF4 ft=1 fh=68e264bee2d89730 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\asc-setup(2).exe"
sh=8B2AB94DF6AE2DAACAEEB58E7C9269F728D38AF4 ft=1 fh=68e264bee2d89730 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\asc-setup(3).exe"
sh=1F895D657BD3B5E94F62A8A3081CCC564A07AF00 ft=1 fh=305b827b7ab1d346 vn="a variant of Win32/InstallCore.CA.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\boxoft-pdf-to-powerpoint-10-32-bits(1).exe"
sh=1F895D657BD3B5E94F62A8A3081CCC564A07AF00 ft=1 fh=305b827b7ab1d346 vn="a variant of Win32/InstallCore.CA.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\boxoft-pdf-to-powerpoint-10-32-bits.exe"
sh=5BAFD51453714E4815F80C01DA03F9DEF0CDE8C9 ft=1 fh=5b92e1356f69874e vn="Win32/DownloadAdmin.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\cbsidlm-tr1_8-Nokia_PC_Suite-ORG2-10598525.exe"
sh=C7B97780749AE93048C2B6F745FAA10FE0AF2DF6 ft=1 fh=ff1a31df1ddf0a34 vn="Win32/Adware.PCMega.L application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\Download%20%e2%80%93%20nitro%20pc%20%20%20crack%202009%20(completo).zip.exe"
sh=AC07A8B1259A111A97B0997964ACA755CB7284F9 ft=1 fh=4e84981a92a41ec2 vn="Win32/InstallMate application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\DownloadSetup.exe"
sh=033736CF5EFB70477C757857F08649B4094F9E9C ft=1 fh=c6af5358d9a2bf2f vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\driverbooster-cnet-setup.exe"
sh=69ED55634A2A663A7EB6387A8BE7C2E228BBA0A3 ft=1 fh=d6c4398625351359 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\driver_booster_setup.exe"
sh=0981571ECCC5030084E7A4B31E24A6542BDE6BD4 ft=1 fh=e2b861f4ac466efe vn="a variant of Win32/InstallCore.IJ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\flashplayer(1).exe"
sh=9E62DEB402AEFE80673389B57D6A93671EA78AAB ft=1 fh=74ab5cd9cc085e5b vn="a variant of Win32/InstallCore.IJ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\flashplayer.exe"
sh=7595F123F7EA7E22ECF8758D4DEABFE08E9F6293 ft=1 fh=723eb92e22601a3d vn="a variant of Win32/InstallCore.IK application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\FlvPlayerSetup(1).exe"
sh=5A6878AA95C99047E100793AA8138A02DB8FFFA2 ft=1 fh=cc3c20642ac9f9fc vn="Win32/Somoto.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\FLVPlayerSetup-3Y3dXOL.exe"
sh=80B39A7F0ADE7828DC70B5F90FDC5A6C86E986FC ft=1 fh=bbc4792622601a3d vn="a variant of Win32/InstallCore.IK application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\FlvPlayerSetup.exe"
sh=4EACF251A3B587BBC4DBEEC05A899B621BBD4494 ft=1 fh=0cfaeee3bdf2e0da vn="Win32/InstallCore.BL application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\free-pdf-to-word-doc-converter--baixaki-32-bits.exe"
sh=094CB730639C229C1CEA68D3EDA8F6E5510E99AB ft=1 fh=3527575d9d5568b6 vn="probably a variant of Win32/FreeNew.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\FreeNewDownloader_for_Advanced_SystemCare_6.exe"
sh=8E17583BBC1EDE391E33E4F2FB3865959A8C6421 ft=1 fh=1f2b7175da7b6555 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\imf-setup(1).exe"
sh=8E9E88ADEACC5F94769636B57B71774315BC5292 ft=1 fh=0dc2db5d9e89ddf5 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\imf-setup(2).exe"
sh=10D0EE63A8563AECFE31C918119F86D68E43B57C ft=1 fh=deb06642de48f742 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\imf-setup.exe"
sh=00A1B1A3111AE48AE80B4FC62C4E413E2F238EAA ft=1 fh=9f0fd483bdf2e0da vn="Win32/InstallCore.BL application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\k-lite-mega-codec-pack-990-baixaki-32-bits.exe"
sh=1ECC36CCED6D0E1366663BA4107E9A423A1501E8 ft=1 fh=45b4aacf6c6bf3e4 vn="a variant of Win32/AdWare.iBryte.K.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\mplayer_Setup(1).exe"
sh=09870EA0DA606D10DEB85A5D42934B068A353DE2 ft=1 fh=273a50c301ad1a8c vn="a variant of Win32/AdWare.iBryte.K.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\mplayer_Setup.exe"
sh=2D2726E1CA54D0D52CFAEE590DC46493EBE91ED5 ft=1 fh=ef0868c221fccf17 vn="Win32/Somoto.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\PDFCreatorSetup(1).exe"
sh=6CCAF0E822AB80F20784F3A22C34D5CE8228E665 ft=1 fh=fc571840b2186230 vn="a variant of Win32/InstallCore.BC application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\PDFCreatorSetup.exe"
sh=3B4337B87FD0992D049F4BF5DE16663D8557E492 ft=1 fh=c71c0011a304728b vn="a variant of Win32/InstallCore.ES application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\poker-mania-330002-32-bits.exe"
sh=854E91203CCBBE2F0B95D29578ED89678F970B82 ft=1 fh=c71c0011a304728b vn="a variant of Win32/InstallCore.ES application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\pokerth-101-32-bits.exe"
sh=C43593FDE66DDC46D492C55803608A4929A1D86E ft=1 fh=04fcfc269e3de2ea vn="Win32/Bundled.Toolbar.Google.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\rcsetup141.exe"
sh=5F55D21ECCB62249EC949C7B5719DBC011C07CA7 ft=1 fh=33f983587e11b20a vn="Win32/Bundled.Toolbar.Google.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\rcsetup143.exe"
sh=CDC947CC08C553C18439649FF7FC48C2CA72C160 ft=1 fh=4dc6093f3b958f29 vn="a variant of Win32/InstallCore.AY application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\recuva-143623-baixaki-32-bits.exe"
sh=BCBD47A2AFB0A7956BBF88F9F625E00D17319CAB ft=1 fh=220efb76e017b9c0 vn="Win32/RegistryBooster application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\registrybooster.exe"
sh=BB84329C29619B3CFA05487971BD33C5B1BF9762 ft=1 fh=e6ed61641ebf25e0 vn="a variant of MSIL/DomaIQ.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\Setup.exe"
sh=97CB7903F3DFC7CF827E31CC92283FAACC2E1356 ft=1 fh=5084fbb7ba9b6c91 vn="a variant of Win32/InstallCore.AZ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\soulseek-157-ns-13e-baixaki-32-bits.exe"
sh=B79BA74F8E2139DBF288936686A0D56EF4B8C255 ft=1 fh=c9ab3cd4248f99e5 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\uplayermediaplayer-setup.exe"
sh=C545E5AC42DA41AF48734FC0C6203DBC0FE0FCE3 ft=1 fh=ada7c3677ab1d346 vn="a variant of Win32/InstallCore.CA.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\vlc-media-player-207-32-bits(1).exe"
sh=C545E5AC42DA41AF48734FC0C6203DBC0FE0FCE3 ft=1 fh=ada7c3677ab1d346 vn="a variant of Win32/InstallCore.CA.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\vlc-media-player-207-32-bits.exe"
sh=ECDADFBB2A2EB757107B7C35023A6E03B8C80192 ft=1 fh=f45200c3bbed1103 vn="MSIL/Solimba.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\windows media player 12.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\System32\Adobe\Shockwave 11\gt.exe"
sh=3C3E11CB650C514AFAE5DFBA1E9448C87F55E4E9 ft=1 fh=5142415e1fb2c5f7 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Users_RKiss_Downloads_FileConverter_1.1.exe.vir"
sh=A393E1B72282E33D398C986E97D9D729A577D00A ft=1 fh=a184d72d9f9730a0 vn="Win32/Systweak.B application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Users_RKiss_Downloads_rcpsetup_softonic_soft_util_728_90_pdtop.exe.vir"
sh=1850F0195BC15D8AA7468A563CD7E3769E1F8D5C ft=1 fh=0350da969585e273 vn="Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Users_RKiss_Downloads_SoftonicDownloader_para_media-player-codec-pack.exe.vir"
sh=E02765EB1047FDBDEAD1F122449F92552137BC5E ft=1 fh=8cecd49cf30b4cf5 vn="Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Users_RKiss_Downloads_SoftonicDownloader_para_soulseek.exe.vir"
sh=AA1428C6A7099D42D11AF62D9B7026A3B815B025 ft=1 fh=434d5de97b075d32 vn="Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_PROGRA~2_FromDocToPDF_65EI\Installr\1.bin\65EIPlug.dll"
sh=B5DB098DB37E1CCB84E71130519514F9413AAC29 ft=1 fh=54bf7a51c1e76fb8 vn="probably a variant of Win32/Toolbar.MyWebSearch.Q application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_PROGRA~2_FromDocToPDF_65EI\Installr\1.bin\65EZSETP.dll"
sh=3570E2E7C636E875E23A006B91FD15C9B0FC527E ft=1 fh=58e922281ed1d8c6 vn="Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_PROGRA~2_FromDocToPDF_65EI\Installr\1.bin\NP65EISb.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_LocalLow_BittorrentBar_PT\ldrtbBit0.dll"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_LocalLow_BittorrentBar_PT\ldrtbBitt.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_LocalLow_BittorrentBar_PT\tbBit0.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_LocalLow_BittorrentBar_PT\tbBitt.dll"
sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="a variant of Win32/PriceGong.A application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_LocalLow_BittorrentBar_PT\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll"
Segue abaixo log do script rodado e o log do antivirus Nod32 Online:
Abx
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1bc1ec738ab24f4a86fed5dab0f99b8a
# engine=16865
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-30 03:42:38
# local_time=2014-01-30 01:42:38 (-0300, Horário brasileiro de verão)
# country="Brazil"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 1923050 1923343 0 0
# compatibility_mode=5893 16776573 100 94 0 142643608 0 0
# scanned=146066
# found=86
# cleaned=83
# scan_time=6630
sh=BE646C6CFF817AEF33DD0BCBB9B549D4D1406491 ft=1 fh=ee37cf4e4ca74df9 vn="multiple threats" ac=I fn="C:\Users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe"
sh=BE646C6CFF817AEF33DD0BCBB9B549D4D1406491 ft=1 fh=ee37cf4e4ca74df9 vn="multiple threats" ac=I fn="C:\Users\Todos os Usuários\IObit\ASCDownloader\Advanced SystemCare.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BittorrentBar_PT\BittorrentBar_PTToolbarHelper.exe.vir"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BittorrentBar_PT\ldrtbBit0.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BittorrentBar_PT\ldrtbBitt.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BittorrentBar_PT\prxtbBitt.dll.vir"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BittorrentBar_PT\tbBit0.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BittorrentBar_PT\tbBitt.dll.vir"
sh=374E378A91209732B48C8416D1E9805E98FDCFA9 ft=1 fh=6da58ad1308c1c96 vn="Win64/Toolbar.MyWebSearch.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll.vir"
sh=8A2D5E5B32376A40F33D6C9881001425EC025205 ft=1 fh=aee95ab8a3a4911d vn="Win32/Adware.MultiPlug.I application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browse2Save\50f07bb1cbb0c.dll.vir"
sh=2650D953D67EB6269457045BDE238C2384C3ABC7 ft=1 fh=61ae4bfec220c6da vn="a variant of Win32/ELEX.M application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\eSafe\eSafeSvc.exe.vir"
sh=6270B1B9CDFC8C8155EAA6CA89F74BCCFF16E4A1 ft=1 fh=1f1ae8bf1242efa2 vn="Win32/Toolbar.Conduit.F application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\Local\Conduit\CT2849856\BittorrentBar_PTAutoUpdateHelper.exe.vir"
sh=E3F8B8FE0BBC22CBB743C688ED79E0BF73FCCFE5 ft=1 fh=a81abe411291deb5 vn="a variant of Win32/Somoto.D application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\LocalLow\BittorrentBar_PT\ldrtbBitt.dll.vir"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\LocalLow\BittorrentBar_PT\tbBitt.dll.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=2B71A57C96480FE13CB46A9F319794A0AF697642 ft=1 fh=296865a4b95bf4e8 vn="a variant of Win32/Toolbar.Babylon.W application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir"
sh=73FFB342D4EA5BF56D263C86D6851ADCD20AE77F ft=1 fh=f634f44630457a34 vn="a variant of Win32/ELEX.Q application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\Roaming\eIntaller\92BDB7C7AA08467bAFF56CE5BC77ADA4\Desk365.exe.vir"
sh=2650D953D67EB6269457045BDE238C2384C3ABC7 ft=1 fh=61ae4bfec220c6da vn="a variant of Win32/ELEX.M application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\RKiss\AppData\Roaming\eIntaller\92BDB7C7AA08467bAFF56CE5BC77ADA4\eGdpSvc.exe.vir"
sh=E3421516DD0E8F4376840D02E382F9D4E733E787 ft=1 fh=c63038eb1a3ea385 vn="Win32/ELEX.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\IObit\Advanced SystemCare 6\gdp\gdpinstall.exe"
sh=D957B0EC634B5C52AA2B8934223A6248D5152807 ft=1 fh=4c2491a4bea30714 vn="a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\PDFCreator\message.exe"
sh=BE646C6CFF817AEF33DD0BCBB9B549D4D1406491 ft=1 fh=ee37cf4e4ca74df9 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe"
sh=F9CC1F1E362B575985B0A835215AE72031CEBCB6 ft=1 fh=9ff6c1495536ad2f vn="a variant of Win32/InstallCore.AZ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\AppData\Roaming\PDF Creator Packages\uninstaller.exe"
sh=03A6DB1C352B959F3C37ABBD8CDE97D4C6B14F23 ft=1 fh=b00bdf3f2529f377 vn="a variant of Win32/Adware.iBryte.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\AppData\Roaming\ZHP\Quarantine\vlc_media_player_setup.exe.VIR"
sh=FAC07192BCEBDE6A731A21FB364BD78A3FD85DB0 ft=1 fh=3bb0612e68b220b1 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Desktop\Atalho para Arquivos\media-player-codec-pack-v4-2-5-setup.exe"
sh=CAB448DE10869710274E48B2FF0D395DCC61D02D ft=1 fh=9179499e8d305092 vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Documents\Documents\Downloads\DefragSetup.exe"
sh=482F22449715DAC12FC4D7896707C68058443446 ft=1 fh=5fc6f32fe96e6e20 vn="a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Documents\Documents\Downloads\SoftonicDownloader17993.exe"
sh=8E8AD9076B051BD6EF89F84877D995EEFB928E10 ft=1 fh=dac7f14c941b72d7 vn="a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Documents\Documents\Downloads\SoftonicDownloader23941.exe"
sh=C257D5F5973AC28BDB373FB001701BF835E8AE6C ft=1 fh=e8ad7f864b542a83 vn="Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Documents\Documents\Downloads\VDownloaderInitializer.exe"
sh=221210B19AC0B17F0F222443101B0099F7BD3E64 ft=1 fh=f5816da3f7c5bfd3 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\612-asc7-setup.exe"
sh=5F5B1F11A4293E01ACACE63475AB1EFF8AE73B60 ft=1 fh=c71c00117ce6cee5 vn="a variant of Win32/InstallCore.JB application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\7-zip-64-bits--921-32-bits.exe"
sh=01F8E685A0F1C501E1FD9CAC6E0703E72E43CAFF ft=1 fh=c71c00112d6c5de9 vn="a variant of Win32/InstallCore.DO application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\advanced-systemcare-705360-32-bits.exe"
sh=BACD35F9FA9DB3800DD435E1B3F858C3662C90CE ft=1 fh=780152f3b65cd4f2 vn="Win32/ELEX.A.Gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\AdvancedSystemCare6.0_brbxk(1).exe"
sh=BFFC4EAEF8E2163F9F1C041EDD3AB90178D68391 ft=1 fh=8bb61de933db9378 vn="Win32/InstallCore.BL application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\ailt_pdf_to_powerpoint_converter__en.exe"
sh=7DDD4E12CAF0A398B2D62DB2760268F593576918 ft=1 fh=735d435699ab2bdf vn="a variant of Win32/InstallCore.CH application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\ares-galaxy-225-32-bits.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\asc-setup(1).exe"
sh=8B2AB94DF6AE2DAACAEEB58E7C9269F728D38AF4 ft=1 fh=68e264bee2d89730 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\asc-setup(2).exe"
sh=8B2AB94DF6AE2DAACAEEB58E7C9269F728D38AF4 ft=1 fh=68e264bee2d89730 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\asc-setup(3).exe"
sh=1F895D657BD3B5E94F62A8A3081CCC564A07AF00 ft=1 fh=305b827b7ab1d346 vn="a variant of Win32/InstallCore.CA.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\boxoft-pdf-to-powerpoint-10-32-bits(1).exe"
sh=1F895D657BD3B5E94F62A8A3081CCC564A07AF00 ft=1 fh=305b827b7ab1d346 vn="a variant of Win32/InstallCore.CA.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\boxoft-pdf-to-powerpoint-10-32-bits.exe"
sh=5BAFD51453714E4815F80C01DA03F9DEF0CDE8C9 ft=1 fh=5b92e1356f69874e vn="Win32/DownloadAdmin.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\cbsidlm-tr1_8-Nokia_PC_Suite-ORG2-10598525.exe"
sh=C7B97780749AE93048C2B6F745FAA10FE0AF2DF6 ft=1 fh=ff1a31df1ddf0a34 vn="Win32/Adware.PCMega.L application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\Download%20%e2%80%93%20nitro%20pc%20%20%20crack%202009%20(completo).zip.exe"
sh=AC07A8B1259A111A97B0997964ACA755CB7284F9 ft=1 fh=4e84981a92a41ec2 vn="Win32/InstallMate application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\DownloadSetup.exe"
sh=033736CF5EFB70477C757857F08649B4094F9E9C ft=1 fh=c6af5358d9a2bf2f vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\driverbooster-cnet-setup.exe"
sh=69ED55634A2A663A7EB6387A8BE7C2E228BBA0A3 ft=1 fh=d6c4398625351359 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\driver_booster_setup.exe"
sh=0981571ECCC5030084E7A4B31E24A6542BDE6BD4 ft=1 fh=e2b861f4ac466efe vn="a variant of Win32/InstallCore.IJ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\flashplayer(1).exe"
sh=9E62DEB402AEFE80673389B57D6A93671EA78AAB ft=1 fh=74ab5cd9cc085e5b vn="a variant of Win32/InstallCore.IJ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\flashplayer.exe"
sh=7595F123F7EA7E22ECF8758D4DEABFE08E9F6293 ft=1 fh=723eb92e22601a3d vn="a variant of Win32/InstallCore.IK application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\FlvPlayerSetup(1).exe"
sh=5A6878AA95C99047E100793AA8138A02DB8FFFA2 ft=1 fh=cc3c20642ac9f9fc vn="Win32/Somoto.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\FLVPlayerSetup-3Y3dXOL.exe"
sh=80B39A7F0ADE7828DC70B5F90FDC5A6C86E986FC ft=1 fh=bbc4792622601a3d vn="a variant of Win32/InstallCore.IK application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\FlvPlayerSetup.exe"
sh=4EACF251A3B587BBC4DBEEC05A899B621BBD4494 ft=1 fh=0cfaeee3bdf2e0da vn="Win32/InstallCore.BL application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\free-pdf-to-word-doc-converter--baixaki-32-bits.exe"
sh=094CB730639C229C1CEA68D3EDA8F6E5510E99AB ft=1 fh=3527575d9d5568b6 vn="probably a variant of Win32/FreeNew.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\FreeNewDownloader_for_Advanced_SystemCare_6.exe"
sh=8E17583BBC1EDE391E33E4F2FB3865959A8C6421 ft=1 fh=1f2b7175da7b6555 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\imf-setup(1).exe"
sh=8E9E88ADEACC5F94769636B57B71774315BC5292 ft=1 fh=0dc2db5d9e89ddf5 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\imf-setup(2).exe"
sh=10D0EE63A8563AECFE31C918119F86D68E43B57C ft=1 fh=deb06642de48f742 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\imf-setup.exe"
sh=00A1B1A3111AE48AE80B4FC62C4E413E2F238EAA ft=1 fh=9f0fd483bdf2e0da vn="Win32/InstallCore.BL application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\k-lite-mega-codec-pack-990-baixaki-32-bits.exe"
sh=1ECC36CCED6D0E1366663BA4107E9A423A1501E8 ft=1 fh=45b4aacf6c6bf3e4 vn="a variant of Win32/AdWare.iBryte.K.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\mplayer_Setup(1).exe"
sh=09870EA0DA606D10DEB85A5D42934B068A353DE2 ft=1 fh=273a50c301ad1a8c vn="a variant of Win32/AdWare.iBryte.K.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\mplayer_Setup.exe"
sh=2D2726E1CA54D0D52CFAEE590DC46493EBE91ED5 ft=1 fh=ef0868c221fccf17 vn="Win32/Somoto.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\PDFCreatorSetup(1).exe"
sh=6CCAF0E822AB80F20784F3A22C34D5CE8228E665 ft=1 fh=fc571840b2186230 vn="a variant of Win32/InstallCore.BC application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\PDFCreatorSetup.exe"
sh=3B4337B87FD0992D049F4BF5DE16663D8557E492 ft=1 fh=c71c0011a304728b vn="a variant of Win32/InstallCore.ES application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\poker-mania-330002-32-bits.exe"
sh=854E91203CCBBE2F0B95D29578ED89678F970B82 ft=1 fh=c71c0011a304728b vn="a variant of Win32/InstallCore.ES application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\pokerth-101-32-bits.exe"
sh=C43593FDE66DDC46D492C55803608A4929A1D86E ft=1 fh=04fcfc269e3de2ea vn="Win32/Bundled.Toolbar.Google.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\rcsetup141.exe"
sh=5F55D21ECCB62249EC949C7B5719DBC011C07CA7 ft=1 fh=33f983587e11b20a vn="Win32/Bundled.Toolbar.Google.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\rcsetup143.exe"
sh=CDC947CC08C553C18439649FF7FC48C2CA72C160 ft=1 fh=4dc6093f3b958f29 vn="a variant of Win32/InstallCore.AY application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\recuva-143623-baixaki-32-bits.exe"
sh=BCBD47A2AFB0A7956BBF88F9F625E00D17319CAB ft=1 fh=220efb76e017b9c0 vn="Win32/RegistryBooster application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\registrybooster.exe"
sh=BB84329C29619B3CFA05487971BD33C5B1BF9762 ft=1 fh=e6ed61641ebf25e0 vn="a variant of MSIL/DomaIQ.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\Setup.exe"
sh=97CB7903F3DFC7CF827E31CC92283FAACC2E1356 ft=1 fh=5084fbb7ba9b6c91 vn="a variant of Win32/InstallCore.AZ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\soulseek-157-ns-13e-baixaki-32-bits.exe"
sh=B79BA74F8E2139DBF288936686A0D56EF4B8C255 ft=1 fh=c9ab3cd4248f99e5 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\uplayermediaplayer-setup.exe"
sh=C545E5AC42DA41AF48734FC0C6203DBC0FE0FCE3 ft=1 fh=ada7c3677ab1d346 vn="a variant of Win32/InstallCore.CA.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\vlc-media-player-207-32-bits(1).exe"
sh=C545E5AC42DA41AF48734FC0C6203DBC0FE0FCE3 ft=1 fh=ada7c3677ab1d346 vn="a variant of Win32/InstallCore.CA.gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\vlc-media-player-207-32-bits.exe"
sh=ECDADFBB2A2EB757107B7C35023A6E03B8C80192 ft=1 fh=f45200c3bbed1103 vn="MSIL/Solimba.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RKiss\Downloads\windows media player 12.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\System32\Adobe\Shockwave 11\gt.exe"
sh=3C3E11CB650C514AFAE5DFBA1E9448C87F55E4E9 ft=1 fh=5142415e1fb2c5f7 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Users_RKiss_Downloads_FileConverter_1.1.exe.vir"
sh=A393E1B72282E33D398C986E97D9D729A577D00A ft=1 fh=a184d72d9f9730a0 vn="Win32/Systweak.B application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Users_RKiss_Downloads_rcpsetup_softonic_soft_util_728_90_pdtop.exe.vir"
sh=1850F0195BC15D8AA7468A563CD7E3769E1F8D5C ft=1 fh=0350da969585e273 vn="Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Users_RKiss_Downloads_SoftonicDownloader_para_media-player-codec-pack.exe.vir"
sh=E02765EB1047FDBDEAD1F122449F92552137BC5E ft=1 fh=8cecd49cf30b4cf5 vn="Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Users_RKiss_Downloads_SoftonicDownloader_para_soulseek.exe.vir"
sh=AA1428C6A7099D42D11AF62D9B7026A3B815B025 ft=1 fh=434d5de97b075d32 vn="Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_PROGRA~2_FromDocToPDF_65EI\Installr\1.bin\65EIPlug.dll"
sh=B5DB098DB37E1CCB84E71130519514F9413AAC29 ft=1 fh=54bf7a51c1e76fb8 vn="probably a variant of Win32/Toolbar.MyWebSearch.Q application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_PROGRA~2_FromDocToPDF_65EI\Installr\1.bin\65EZSETP.dll"
sh=3570E2E7C636E875E23A006B91FD15C9B0FC527E ft=1 fh=58e922281ed1d8c6 vn="Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_PROGRA~2_FromDocToPDF_65EI\Installr\1.bin\NP65EISb.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_LocalLow_BittorrentBar_PT\ldrtbBit0.dll"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_LocalLow_BittorrentBar_PT\ldrtbBitt.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_LocalLow_BittorrentBar_PT\tbBit0.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_LocalLow_BittorrentBar_PT\tbBitt.dll"
sh=0370B6AD0DBA8328E67A307235F717A3A1B22FA5 ft=1 fh=ad0a89014f15914b vn="a variant of Win32/PriceGong.A application (cleaned by deleting - quarantined)" ac=C fn="C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_LocalLow_BittorrentBar_PT\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll"
rkiss- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 28/01/2014
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção awesomehp
por rkiss Qui 30 Jan 2014, 14:25
Max
Nada a reclamar = sem qualquer indício de malwares...
Obrigado pela incansavel ajuda!!!!
Abraço
R. Kiss
Nada a reclamar = sem qualquer indício de malwares...
Obrigado pela incansavel ajuda!!!!
Abraço
R. Kiss
rkiss- Iniciante
- Mensagens : 10
Reputação : 0
Data de inscrição : 28/01/2014
Re: Remoção awesomehp
por Power Max Qui 30 Jan 2014, 14:26
Fico feliz que o problema tenha sido resolvido.Só para finalizar faça estes últimos procedimentos, por gentileza:
Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (caso já tenha ele, não precisa instalar de novo).Abra o Ccleaner > clique no botão Limpeza > clique na opção Executar Limpeza. Isto é demonstrado na imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Confirme a operação acima clicando no botão OK. Aguarde a conclusão do procedimento.
Depois disto, clique no botão botão Registro > Procurar Erros > Corrigir erro(s) selecionado(s) > neste momento você poderá optar por fazer uma cópia das alterações que serão feitas no registro (por motivos de segurança), escolha a opção que desejar (sim ou não) > e confirme a limpeza clicando no botão Corrigir todos os erros selecionados > clique no botão Fechar (ou OK):
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
__________________________________________________________________________________________________________________ Depois disto siga também as dicas deste tutorial abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)*Depois disto é só executá-lo, deixar selecionadas as opções Remove disinfection tools e Purge system restore
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique em [Run]
Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txt
Foi um prazer ajudar, conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção awesomehp
por Wings [In Memoriam] Sex 31 Jan 2014, 13:13
CASO RESOLVIDO
Caso o(a) autor(a) necessite a sua reabertura, deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] via MP.
Caso o(a) autor(a) necessite a sua reabertura, deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] via MP.
![Wings [In Memoriam]](https://2img.net/u/1712/29/07/67/avatars/414-76.jpg)
Wings [In Memoriam]- Moderador
- Mensagens : 1080
Reputação : 282
Data de inscrição : 19/08/2013
Localização : Rio de Janeiro - RJ -
Tópicos semelhantes» (RESOLVIDO) Ajuda Remoção Awesomehp
» Desinstalar o awesomehp
» remover awesomehp
» Retirar awesomehp
» awesomehp incomodando!
» Desinstalar o awesomehp
» remover awesomehp
» Retirar awesomehp
» awesomehp incomodando!
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|