Como remover awesomehp???

por Luciano Santos Sex 31 Jan 2014, 00:38

Boa noite, sou novato aqui no fórum e estou com uma dúvida, como faço pra remover o awesomehp??

por Wings [In Memoriam] Sex 31 Jan 2014, 00:49

Olá Luciano Santos

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 772309

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...da TrendMicro) e salve-o no desktop (Área de Trabalho)

*Execute-o, clique [Do a system scan and save a logfile] e cole o relatório apresentado

por Luciano Santos Sex 31 Jan 2014, 13:04

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:33, on 31/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Users\Luciano\Downloads\Limpeza Notbook\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CrossriderApp0049010 - {11111111-1111-1111-1111-110411901110} - C:\Program Files (x86)\Feven 2.1\Feven 2.1-bho.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BatBrowse - {b67b3dbb-c1c9-49d2-b016-2748b0b5017e} - C:\Program Files (x86)\BatBrowse\BatBrowsebho.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (file missing)
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (file missing)
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Luciano\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginService\PluginService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update BatBrowse - Unknown owner - C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wpm Service (Wpm) - Cherished Technololgy LIMITED - C:\ProgramData\WPM\wprotectmanager.exe

--
End of file - 13487 bytes

por Wings [In Memoriam] Sex 31 Jan 2014, 13:11

Execute o HijackThis, clique [Do a system scan only], selecione as entradas abaixo e clique [Fix checked]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

O2 - BHO: BatBrowse - {b67b3dbb-c1c9-49d2-b016-2748b0b5017e} - C:\Program Files (x86)\BatBrowse\BatBrowsebho.dll (file missing)

O2 - BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (file missing)

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O3 - Toolbar: mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (file missing)

*Feche o HijackThis

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 772309

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Salve qualquer trabalho aberto e feche o seu navegador

*Execute-o, clique [Examinar] e aguarde o término

*Clique [Limpar] e aguarde o término

*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.

*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt

por Luciano Santos Sex 31 Jan 2014, 23:33

# AdwCleaner v3.018 - Relatório criado 31/01/2014 às 23:24:56
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Luciano - LUCIANO-NOTBOOK
# Executando de : C:\Users\Luciano\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\BonanzaDealsLive
Pasta Deletada : C:\ProgramData\boost_interprocess
Pasta Deletada : C:\ProgramData\Partner
Pasta Deletada : C:\Program Files (x86)\BrowseFox
Pasta Deletada : C:\Program Files (x86)\Conduit
Pasta Deletada : C:\Program Files (x86)\Plus-HD-2.3
Pasta Deletada : C:\Program Files (x86)\Feven 2.1
Pasta Deletada : C:\Users\Luciano\AppData\Local\Babylon
Pasta Deletada : C:\Users\Luciano\AppData\Local\BonanzaDealsLive
Pasta Deletada : C:\Users\Luciano\AppData\Local\Conduit
Pasta Deletada : C:\Users\Luciano\AppData\Local\Temp\BrowseFox
Pasta Deletada : C:\Users\Luciano\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\Luciano\AppData\LocalLow\BabylonToolbar
Pasta Deletada : C:\Users\Luciano\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\Luciano\AppData\LocalLow\Mysearchdial
Pasta Deletada : C:\Users\Luciano\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\Luciano\AppData\Roaming\BabSolution
Pasta Deletada : C:\Users\Luciano\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Luciano\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Luciano\AppData\Roaming\Mysearchdial
Pasta Deletada : C:\Users\Luciano\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Luciano\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\zruauwh7.default\Extensions\7ff584eb-e54c-4c25-92b1-0b16f66d6752@5724dab3-50f4-4dee-85c3-3e3ec8e28f73.com
Pasta Deletada : C:\Users\Luciano\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Pasta Deletada : C:\Users\Luciano\AppData\Local\Google\Chrome\User Data\Default\Extensions\kimedffepcmacncbmlhhgnpchdhlanjj
Arquivo Deletada : C:\windows\System32\roboot64.exe
Arquivo Deletada : C:\Users\Luciano\AppData\Local\Temp\Searchqu.ini
Arquivo Deletada : C:\Users\Luciano\AppData\Local\Temp\searchqutoolbar-manifest.xml
Arquivo Deletada : C:\Users\Luciano\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
Arquivo Deletada : C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\zruauwh7.default\searchplugins\Mysearchdial.xml
Arquivo Deletada : C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\zruauwh7.default\user.js
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\user.js
Arquivo Deletada : C:\windows\System32\Tasks\EPUpdater
Arquivo Deletada : C:\windows\Tasks\MySearchDial.job
Arquivo Deletada : C:\windows\System32\Tasks\MySearchDial
Arquivo Deletada : C:\windows\Tasks\Feven 2.1-chromeinstaller.job
Arquivo Deletada : C:\windows\System32\Tasks\Feven 2.1-chromeinstaller
Arquivo Deletada : C:\windows\Tasks\Feven 2.1-codedownloader.job
Arquivo Deletada : C:\windows\System32\Tasks\Feven 2.1-codedownloader
Arquivo Deletada : C:\windows\Tasks\Feven 2.1-enabler.job
Arquivo Deletada : C:\windows\System32\Tasks\Feven 2.1-enabler
Arquivo Deletada : C:\windows\Tasks\Feven 2.1-firefoxinstaller.job
Arquivo Deletada : C:\windows\System32\Tasks\Feven 2.1-firefoxinstaller
Arquivo Deletada : C:\windows\Tasks\Feven 2.1-updater.job
Arquivo Deletada : C:\windows\System32\Tasks\Feven 2.1-updater

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\aipfmkinhleccnodemkoofnnofpbbpac
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chave Deletedo : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0049010.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0049010.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0049010.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0049010.Sandbox.1
Chave Deletedo : HKCU\Software\5e4db8fb53ee542
Chave Deletedo : HKLM\SOFTWARE\5e4db8fb53ee542
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_openal_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_openal_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901110}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905510}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906610}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444904410}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901110}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411901110}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901110}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{BB9817CA-9B43-41EB-8706-44847957338D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905510}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906610}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901110}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\BabSolution
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\BrowserMngr
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DataMngr
[#] Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\mysearchdial
Chave Deletedo : HKCU\Software\mysearchdial.com
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\UpdateStar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\Plus-HD-2.3
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKCU\Software\AppDataLow\Software\smartbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Feven 2.1
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\BonanzaDealsLive
Chave Deletedo : HKLM\Software\BrowserMngr
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\FreeSoftToday
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\mysearchdial
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\Feven 2.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search-Gol Chrome Toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Feven 2.1
Chave Deletedo : [x64] HKLM\SOFTWARE\DataMngr

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\zruauwh7.default\prefs.js ]

Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.InstallationThankYouPage", true);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.InstallationTime", 1391042478);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.active", true);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.addressbar", "NA");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.addressbarenhanced", "");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.asyncdb.was_copied", "true");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.asyncdb_dbWasSet", true);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.asyncdb_dbWasSet_FF25_FIX", true);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.asyncinternaldb.was_copied", "true");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.asyncinternaldb_dbWasSet", true);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.asyncinternaldb_dbWasSet_FF25_FIX", true);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.backgroundver", 1);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.certdomaininstaller", "");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.changeprevious", false);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)")[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.cookie.InstallationTime.value", "%221391042478%22");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000850%22%2C%22sub_id%22%3A%220%22%2C%22uz[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.cookie._GPL_aoi.value", "%221391073611%22");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.cookie._GPL_parent_zoneid.value", "%22485146%22");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.cookie.jw_token.value", "%22301131aa-0574-a6bb-e740-1cf248e83cab%22");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.description", "Feven 2.1");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.domain", "");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.enablesearch", false);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.homepage", "");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.iframe", false);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do B[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2202D34CC689F04C4D9C0B5CC85F757[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000850%22%2C%22sub_id%22%3A%220%22%2C%[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do B[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000850%22%2C%22sub_id%22%3A%220%2[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora ofi[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%2202D34CC689F04C4D9C0B[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasi[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.Resources_appVer.value", "25");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do [...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.Resources_lastVersion.value", "1");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.Resources_meta.value", "%7B%7D");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.Resources_nextCheck.expiration", "Fri Jan 31 2014 18:57:16 GMT-0200 (Hora oficial do Br[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.Resources_nextCheck.value", "true");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.Resources_queue.value", "%7B%7D");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficia[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Br[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.__defualt_browser__.value", "%22ie%22");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%2202D34CC6[...]
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.lastDailyReport", "1391180235645");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.lastUpdate", "1391180236827");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.manifesturl", "");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.name", "Feven 2.1");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.newtab", "");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.opensearch", "");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/49010/plugins/093/ff/plugins.json");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.pluginsversion", 20);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.publisher", "Feven");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.searchstatus", 0);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.setnewtab", false);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.thankyou", "");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.updateinterval", 360);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.49010.ver", 25);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.FilesValidatorDueTime", "1391180287545");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.apps", "49010");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.bic", "143e098497dafa399cf4d53420c16123");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.cid", 49010);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.firstrun", false);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.hadappinstalled", true);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.installationdate", 1391042513);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.modetype", "production");
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.reportInstall", true);
Linha deletada : user_pref("extensions.a7ff584ebe54c4c2592b10b16f66d67525724dab350f44dee85c33e3ec8e28f73com49010.statsDailyCounter", 4);
Linha deletada : user_pref("extensions.crossrider.bic", "143e098497dafa399cf4d53420c16123");
Linha deletada : user_pref("extensions.mysearchdial.aflt", "irmsd103");
Linha deletada : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Linha deletada : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0FtB0D0Fzy0A0CyEzyzzzy0EtCtBzytAtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");
Linha deletada : user_pref("extensions.mysearchdial.cr", "228782320");
Linha deletada : user_pref("extensions.mysearchdial.dfltLng", "");
Linha deletada : user_pref("extensions.mysearchdial.dfltSrch", true);
Linha deletada : user_pref("extensions.mysearchdial.dnsErr", true);
Linha deletada : user_pref("extensions.mysearchdial.excTlbr", false);
Linha deletada : user_pref("extensions.mysearchdial.hmpg", true);
Linha deletada : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtB0D0Fzy0A0CyEzyzzzy0EtCtBzytAtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1[...]
Linha deletada : user_pref("extensions.mysearchdial.id", "F2DF9AC4989E1293");
Linha deletada : user_pref("extensions.mysearchdial.instlDay", "16018");
Linha deletada : user_pref("extensions.mysearchdial.instlRef", "");
Linha deletada : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtB0D0Fzy0A0CyEzyzzzy0EtCtBzytAtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1[...]
Linha deletada : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Linha deletada : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Linha deletada : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Linha deletada : user_pref("extensions.mysearchdial.tlbrId", "base");
Linha deletada : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FtB0D0Fzy0A0CyEzyzzzy0EtCtBzytAtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1[...]
Linha deletada : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Linha deletada : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Linha deletada : user_pref("extensions.mysearchdial_i.hmpg", true);
Linha deletada : user_pref("extensions.mysearchdial_i.newTab", false);
Linha deletada : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Linha deletada : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.020:49:45");

-\\ Google Chrome v32.0.1700.102

[ Arquivo : C:\Users\Luciano\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo : search_url

*************************

AdwCleaner[R0].txt - [31067 octets] - [31/01/2014 23:23:12]
AdwCleaner[S0].txt - [28993 octets] - [31/01/2014 23:24:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29054 octets] ##########

por **Power Max** Sex 31 Jan 2014, 23:40

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 648673379

Olá Luciano!

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 772309

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por Luciano Santos Sáb 01 Fev 2014, 00:03

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Basic x64
Ran by Luciano on 31/01/2014 at 23:49:58,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\messengerplusforskypeservice
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\plusservice
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37211D63-CCE9-4780-B182-96538CFC6FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8B9C4F32-044E-491C-893E-362CB8A679D5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CBC3E05C-F841-452A-A600-E8D8BBEA63D9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CBC3E05D-F841-452A-A600-E8D8BBEA63DA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CF2BF214-9D1E-4803-9AEB-38552615FD40}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yuna software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1560063537-2442310759-624858241-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yuna software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\msgplusforskype.animationpackage
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\msgplusforskype.skinpack
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\messenger plus! for skype
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422902210}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422902210}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6ADAA658-A5AE-B957-CF65-124084CF8472}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{887CBA99-2C67-40BC-AA85-93525B6B523F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{1CEF2646-8D37-6254-48FD-282A666C7A0F}

~~~ Files

Successfully deleted: [File] "C:\Users\Luciano\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\messenger plus! for skype"
Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter"
Successfully deleted: [Folder] "C:\Program Files (x86)\yuna software"
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{03C9FE09-565F-459F-B12F-9583F28B8FB9}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{0415D8B7-0A6E-425B-B4AB-242779B0A266}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{07A63BD7-6D99-44C3-A41A-F8E7D6DDC002}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{0F418316-D9E4-40D1-869A-A787E47E3016}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{11F25835-0D6E-4DAF-94BB-5ADEAAE00C80}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{13C480CC-6A9B-40D6-B8E9-57515733619F}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{15441D93-1E09-4A64-9FCB-4BF985DFA4A2}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{17868031-C71C-48A7-B7C9-7FF6567999D5}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{19CE2B3F-6797-4582-AB51-DDA8F5869585}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{1BC302C4-ADBA-4E78-AF4C-887B1BB365D2}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{1F6CDACC-E3A4-42C0-913F-A362071C8E59}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{1FE60768-8810-4914-8FC3-DCDB1B10AA93}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{22246DA2-7634-4D58-96D4-2E56BEFAA493}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{28F39687-B5E7-41FB-B048-0F52569FA21A}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{291F1953-692B-4452-8BEE-BE297238E328}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{2C60B129-96CC-451A-9707-5C8724D02949}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{2CDFF4AA-1262-4DB1-915E-C7DA436CD308}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{2F875423-C880-4930-9592-337BD6196964}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{33E27CFC-E00B-41C2-A1B1-F95D0C1BA563}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{35FC868D-3FB1-46D8-B70A-B53900C11957}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{36E5D952-BBEB-4E5F-87B9-7913303A04BF}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{388904AE-E5ED-4D1C-870F-35F630FC8C64}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{3F1BE170-A3DE-4FF8-A0C2-1AF4FC4B26A8}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{41FA0382-C7AD-4798-AEF8-F41C86CD93D8}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{446E10D4-ABBD-4AAC-98A5-6920A141D9D2}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{46573A72-6082-4541-BA79-9530CF568492}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{4BE4BE51-579D-47DC-99C6-A8FD18287423}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{4F34CEB2-1B9D-4C7D-A7B9-6AA16FD812A3}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{543DEB38-E55C-4482-9694-2D9A7F1E29DA}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{550E6565-8182-4B78-B37E-40A07CED8A6B}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{55E2B657-C7EB-4E24-A734-FC4A057352EE}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{568D44AB-8B3F-4EF7-B43F-E86ABB02F9E9}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{5D1E2B60-5363-4686-9790-3644CC82D836}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{5D6B1E5E-1CBC-4F79-9849-412B4CEDE07F}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{5E4DF667-9435-44F2-8345-E94AC80BD0C1}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{602DC43C-8402-4CB4-AA88-BA65B346B3FE}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{618C7056-C98E-4E2C-A588-4BE587FECA08}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{6274940C-75B0-4E18-A2F2-CDBCAA8D295A}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{65CA8563-3E65-46E1-8CBD-12E437CC2C74}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{667D4248-81C6-463C-9195-998BCC544ED1}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{6CAE484C-13DB-4F6F-A830-786597FBB730}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{6DA82E7A-EBEC-4924-986D-25F9E0196F43}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{6F0C77BD-C187-47D6-8CC9-00C488032409}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{731739E6-6942-445F-A4A6-1CC57BFD7E4A}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{76FA67D1-CD11-460B-8DE0-84C2C77A2433}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{77CCF059-B73E-4918-8E93-DF5BB6DDA27E}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{79AE25C9-777D-43F4-A172-B1A839571B0A}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{7B5E44C5-6789-4E41-AA8A-2FE2D950D0E2}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{7C18295D-87A6-41CB-AC59-F1F3106F109A}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{7C67B51E-9A4E-4C3E-A318-5192FBDF7D72}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{7E43F7BA-865D-4163-985A-95603B6A50F1}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{82D5A6F2-67D0-4D2E-8DE2-139D20974719}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{87417323-358D-4E4F-8871-B113E2279299}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{88C703A2-1217-4B13-B633-DDC57D1C3B75}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{8B9C4A4C-4A10-46DA-BC91-F673D4EF8F77}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{8F138609-18F8-4EE6-94E6-F0157EE6DAF5}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{90483A9C-CC9B-42AD-BFA2-AC9B2840D893}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{905CFC75-8A42-475C-B5D6-EF66BAA60166}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{94673F9C-312B-4EA2-ADB1-548DEF5F1E9B}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{95A015FD-9B56-447A-B2B2-25B000020A60}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{96235625-501F-498B-8793-A33E338A943F}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{9A0058F9-BB7F-423E-8D0F-B339D97FAF78}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{9BC298A8-B10A-4BE3-8386-62AFC3870C8C}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{A014313D-F00F-40D9-9D08-9816C6530A79}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{A01DF9C4-CFE8-4543-85A3-21C16BD0D4A7}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{A350C793-9120-4FE8-AB72-31700825D625}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{A7615806-8C06-4304-BB02-04BDBC787CEE}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{A9DC8CBA-E004-4B6E-8ED8-13FF5196FE83}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{B42A7FCD-99CA-4011-8C9D-D71C6E260E9E}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{B640C9F7-921F-4AD8-A8D2-873B7ADD15C3}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{B8662138-3A82-45A4-BA43-4331695A3863}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{BF151AC4-F8B1-4C33-95AC-A1621341C3DB}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{C014D124-4D6B-4C3C-AA40-5EF34653B67B}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{C1CD30B4-877D-4B1B-90E0-207838D4FED7}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{C7EA96A4-032F-4D46-83C9-23AAF254314C}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{C93091C0-DAC8-4CE7-B6D5-D2AAA1DAE004}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{CFD41704-EF65-4D93-8BD5-C047983EA94A}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{D1478D47-E00D-4F17-8359-AE550520E4DE}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{D2EE78DC-C114-48CE-B66F-B13FF888BD6F}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{D5211140-8875-4588-905C-A6B921719E32}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{D53A8E87-2C0F-4460-AC82-6300A487B4C3}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{D843826B-778F-4916-9ECE-53039A23FD94}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{E133BCEB-870D-4490-BD2E-A2594EE24BE8}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{E4DA2B0C-E078-4179-B9B6-248C92B27ABF}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{E8072230-B841-45C6-A9B7-879252C7690D}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{F063513E-5418-444D-BFA6-990F2435E2D5}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{F158A941-6C68-481D-838A-6ABB48AAFA16}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{F4343F1D-96D1-447E-8201-344181EB91E3}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{F751027A-1B42-4F9F-B2EB-FF27FD875E78}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{F9E73964-8477-4612-91B2-B9AEB5460013}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{FD9C2DB7-0208-4E7F-A8C8-C219AD5CB33C}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{FDBAB745-F51E-4753-A166-444578DD9E82}
Successfully deleted: [Empty Folder] C:\Users\Luciano\appdata\local\{FEC572F3-C26F-4EA8-88D5-A0F102B5D545}

~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Luciano\AppData\Roaming\mozilla\firefox\profiles\zruauwh7.default\minidumps [29 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/01/2014 at 23:58:14,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Sáb 01 Fev 2014, 00:08

Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log do Malwarebytes.

Ficamos no aguardo.

por Luciano Santos Sáb 01 Fev 2014, 13:18

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados: v2014.02.01.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Luciano :: LUCIANO-NOTBOOK [administrador]

Proteção: Permitir

01/02/2014 00:43:29
mbam-log-2014-02-01 (00-43-29).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|F:\|G:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 361548
Tempo decorrido: 57 minuto(s), 6 segundo(s)

Processos de Memória Detectados: 1
C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> 1564 -> Será deletado na próxima inicialização.

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 13
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E} (PUP.Optional.BatBrowse.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E} (PUP.Optional.BatBrowse.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SYSTEM\CurrentControlSet\Services\Wpm (PUP.Optional.WpManager.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WPM (PUP.Optional.WpManager.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\BatBrowse (PUP.Optional.BatBrowse.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\BatBrowse (PUP.Optional.BatBrowse.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SYSTEM\CurrentControlSet\Services\Update BatBrowse (PUP.Optional.BatBrowse.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 1
HKLM\SYSTEM\CurrentControlSet\Services\Wpm|ImagePath (PUP.Optional.WpManager.A) -> Data: C:\ProgramData\WPM\wprotectmanager.exe -service -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 5
C:\Users\Luciano\AppData\Local\Temp\mt_ffx\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar\1.6.9.12 (PUP.Optional.BabylonToolbar.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files (x86)\Bench\Updater (PUP.Optional.AdwarePlugin) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files (x86)\Bench\Updater\1.7.0.0 (PUP.Optional.AdwarePlugin) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 46
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowseFox\BrowseFoxBHO.dll.vir (PUP.Optional.BrowseFox.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 2.1\Feven 2.1-bg.exe.vir (PUP.Optional.Feven.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 2.1\Feven 2.1-bho.dll.vir (PUP.Optional.Feven.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 2.1\Feven 2.1-bho64.dll.vir (PUP.Optional.Feven.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 2.1\Feven 2.1-chromeinstaller.exe.vir (PUP.Optional.Feven.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 2.1\Feven 2.1-codedownloader.exe.vir (PUP.Optional.Feven.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 2.1\Feven 2.1-enabler.exe.vir (PUP.Optional.Feven.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 2.1\Feven 2.1-firefoxinstaller.exe.vir (PUP.Optional.Feven.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven 2.1\Feven 2.1-updater.exe.vir (PUP.Optional.Feven.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho64.dll.vir (PUP.Optional.PlusHD.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\Luciano\AppData\Local\Temp\SetupDataMngr_Searchqu.exe.vir (PUP.Optional.Bandoo.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\Luciano\AppData\Roaming\Mysearchdial\UpdateProc\UpdateTask.exe.vir (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\Luciano\AppData\Roaming\OpenCandy\2767FA5596E44924944FA00D430C9479\LatestDLMgr.exe.vir (PUP.Optional.OpenCandy.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\Luciano\AppData\Roaming\OpenCandy\E0968FCCEB0547308379ECA9DCC9AEDC\LatestDLMgr.exe.vir (PUP.Optional.OpenCandy.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\Luciano\AppData\Roaming\OpenCandy\E0968FCCEB0547308379ECA9DCC9AEDC\SearchGolTB.exe.vir (PUP.Optional.PCFixSpeed.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files (x86)\Bench\Updater\1.7.0.0\updater.exe (PUP.Optional.Adwareplugin) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files (x86)\FLV Player\FLVPlayer.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files (x86)\FLV Player\Uninstall\__Uninstall_.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTT8V5LB\rcpsetup17970[1].exe (PUP.Optional.RegCleanerPro) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\2_79sP7a.exe.part (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\5iHs7yQ0.exe.part (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\bhsAC79.tmp (PUP.Optional.BundleInstaller.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\tP3cT+S+.exe.part (Adware.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\bf62d253-df6a-4be5-9e8b-39fef1a8b7a9\software\Freesofttoday.exe (Adware.EoRezo) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\D3CC50C0-BAB0-7891-8D3E-3405A94B2299\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\D3CC50C0-BAB0-7891-8D3E-3405A94B2299\Latest\ccp.exe (PUP.Optional.Conduit.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\D3CC50C0-BAB0-7891-8D3E-3405A94B2299\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\D3CC50C0-BAB0-7891-8D3E-3405A94B2299\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\fullpackage_temp1391042492\package1.zip (PUP.Optional.SkyTech.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\fullpackage_temp1391042492\QQBrowserFrame.dll (PUP.Optional.SkyTech.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\is-3KHQ2.tmp\InstallManager.exe (PUP.Optional.InstallMonetizer.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\is-3KHQ2.tmp\InstallManagerNS.exe (PUP.Optional.InstallMonetizer.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\is1412836710\3988676_stp\BatBrowseSetup.exe (PUP.Optional.BatBrowse.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\is701137889\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\is701137889\234470_stp\plus-hd-BRchannel1.exe (PUP.Optional.CrossRider) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Temp\is701137889\7000736_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\Documents\XBOX\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows\Tasks\bench-sys.job (PUP.Optional.BenchUpdater.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows\Tasks\bench-Updater removing.job (PUP.Optional.BenchUpdater.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Luciano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> Será deletado na próxima inicialização.
C:\Program Files (x86)\Bench\Updater\products.xml (PUP.Optional.AdwarePlugin) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files (x86)\Bench\Updater\updater.exe (PUP.Optional.AdwarePlugin) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

E tem mais esse Log,

2014/02/01 00:40:50 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Starting protection
2014/02/01 00:40:50 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Protection started successfully
2014/02/01 00:40:50 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Starting IP protection
2014/02/01 00:41:06 -0200 LUCIANO-NOTBOOK Luciano MESSAGE IP Protection started successfully
2014/02/01 00:42:25 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Starting database refresh
2014/02/01 00:42:25 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Stopping IP protection
2014/02/01 00:42:29 -0200 LUCIANO-NOTBOOK Luciano MESSAGE IP Protection stopped successfully
2014/02/01 00:42:31 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Database refreshed successfully
2014/02/01 00:42:31 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Starting IP protection
2014/02/01 00:42:33 -0200 LUCIANO-NOTBOOK Luciano MESSAGE IP Protection started successfully
2014/02/01 01:27:10 -0200 LUCIANO-NOTBOOK Luciano IP-BLOCK 174.36.200.164 (Type: outgoing, Port: 49501, Process: wprotectmanager.exe)
2014/02/01 01:38:12 -0200 LUCIANO-NOTBOOK Luciano IP-BLOCK 174.36.200.164 (Type: outgoing, Port: 49518, Process: pluginservice.exe)
2014/02/01 06:55:32 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Executing scheduled update: Daily
2014/02/01 06:55:53 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Scheduled update executed successfully: database updated from version v2014.02.01.01 to version v2014.02.01.03
2014/02/01 06:55:53 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Starting database refresh
2014/02/01 06:55:53 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Stopping IP protection
2014/02/01 06:55:54 -0200 LUCIANO-NOTBOOK Luciano MESSAGE IP Protection stopped successfully
2014/02/01 06:55:56 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Database refreshed successfully
2014/02/01 06:55:56 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Starting IP protection
2014/02/01 06:55:58 -0200 LUCIANO-NOTBOOK Luciano MESSAGE IP Protection started successfully
2014/02/01 08:29:07 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Starting protection
2014/02/01 08:29:07 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Protection started successfully
2014/02/01 08:29:07 -0200 LUCIANO-NOTBOOK Luciano MESSAGE Starting IP protection
2014/02/01 08:29:10 -0200 LUCIANO-NOTBOOK Luciano MESSAGE IP Protection started successfully

por **Power Max** Sáb 01 Fev 2014, 13:24

Mais problemas foram removidos.
_______________________________________________

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 772309

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 772309

Copie todo este script que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por Luciano Santos Sáb 01 Fev 2014, 17:37

Boa tarde, entrei no link que tu passou e fiz o download, depois cliquei com o botão direito do mouse em "executar como administrador", mas ele não abre nada e tentei varias vezes, será que é o virus que não deixa abrir?, tentei no pc e tbm não abriu, o que eu faço?

por Luciano Santos Sáb 01 Fev 2014, 17:38

ops.... agora deu!!! já post o log daqui a pouco.

por **Power Max** Sáb 01 Fev 2014, 17:52

Luciano Santos escreveu:ops.... agora deu!!! já post o log daqui a pouco.

Ok, fico na espera.

por Luciano Santos Sáb 01 Fev 2014, 19:27

Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Luciano on 01/02/2014 at 17:35:02,34.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luciano\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

01/02/2014 17:39:28 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IePluginService deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\zruauwh7.default\prefs.js:
user_pref("browser.startup.homepage", "C:\\Users\\Luciano\\Documents\\favoritos.htm");
user_pref("browser.newtab.url", "http://www.awesomehp.com/newtab/?type=nt&ts=1391042506&from=tugs&uid=WDCXWD3200BPVT-24ZEST0_WD-WX71A71Y8822Y8822");
user_pref("browser.search.defaultenginename", "awesomehp");
user_pref("browser.search.selectedEngine", "awesomehp");

Added to C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\zruauwh7.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\zruauwh7.default

user.js not found
---- Lines installCache" modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So
---- Lines mysearch removed from prefs.js ----
user_pref("extensions.irmysearch.aflt", "irmsd103");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0FtB0D0Fzy0A0CyEzyzzzy0EtCtBzytAtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1Qt
user_pref("extensions.irmysearch.cr", "228782320");
user_pref("extensions.irmysearch.instlRef", "");
---- FireFox user.js and prefs.js backups ----

prefs_022014_1751_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

==== Deleting Files \ Folders ======================

C:\ProgramData\OneKey Recovery deleted
C:\PROGRA~2\GUT3EA6.tmp deleted
C:\PROGRA~2\GUM3EA5.tmp deleted
C:\PROGRA~2\FileConverter_1.1 deleted
C:\PROGRA~2\Bench deleted
C:\PROGRA~2\SupTab deleted
C:\ProgramData\IePluginService deleted
C:\ProgramData\WPM deleted
C:\Users\Luciano\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\windows\SysWow64\searchplugins deleted
C:\windows\SysWow64\Extensions deleted
"C:\PROGRA~2\Mozilla Firefox\searchplugins\awesomehp.xml" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"lightningnewtab@gmail.com"="C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\zruauwh7.default\extensions\lightningnewtab@gmail.com.xpi" [23/01/2014 01:56]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\zruauwh7.default
- Extension_Protected - %ProfilePath%\extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi
- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi
- Lightning Speed Dial - %ProfilePath%\extensions\lightningnewtab@gmail.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\zruauwh7.default
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Luciano\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

==== Deleted Firefox Extensions ======================

C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\zruauwh7.default\extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi deleted
C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\zruauwh7.default\extensions\lightningnewtab@gmail.com.xpi deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ccncljhbalbbkkfgopogabimepmfkmff - C:\Program Files (x86)\BatBrowse\ccncljhbalbbkkfgopogabimepmfkmff.crx[]
pkndmigholgfjlniaohblojbhgjbkakn - C:\Users\Luciano\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx[]

Chrome In-App Payments service - Luciano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chrome Fix ======================

C:\Users\Luciano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ccncljhbalbbkkfgopogabimepmfkmff_0.localstorage deleted successfully
C:\Users\Luciano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pkndmigholgfjlniaohblojbhgjbkakn_0.localstorage deleted successfully
C:\Users\Luciano\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Luciano\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Luciano\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Default\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\Default\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe
C:\Users\Default User\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\Default User\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe
C:\Users\Luciano\Desktop\abgx360 GUI.lnk - C:\Program Files (x86)\abgx360\abgx360gui.exe
C:\Users\Luciano\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe
C:\Users\Luciano\Desktop\Chicken Invaders 2.lnk - C:\Program Files (x86)\Chicken Invaders 2\ChickenInvaders2.exe
C:\Users\Luciano\Desktop\dora's ballet adventures - Atalho.lnk - D:\Games\Dora's Ballet Adventure Final\dora's ballet adventures.exe
C:\Users\Luciano\Desktop\Fishdom2 - Atalho.lnk - D:\Games\Fishdom 2 Premium Edition Em Português\Fishdom2.exe
C:\Users\Luciano\Desktop\Fishdom3 - Atalho.lnk - D:\Games\Fishdom 3 Collectors Edition\Fishdom3.exe
C:\Users\Luciano\Desktop\frd - Atalho.lnk - C:\Users\Luciano\Documents\Programas\FreeRapid-0.9u1\FreeRapid-0.9u1\frd.exe
C:\Users\Luciano\Desktop\Free Video Converter.lnk - C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe
C:\Users\Luciano\Desktop\Gens - Atalho.lnk - D:\Games\Emulador Mega Drive\wgens099\Gens.exe
C:\Users\Luciano\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Luciano\Desktop\GuerrillaBob - Atalho.lnk - D:\Games\Guerrilla Bob\GuerrillaBob.exe
C:\Users\Luciano\Desktop\Internet Explore.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Luciano\Desktop\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe
C:\Users\Luciano\Desktop\mame64 - Atalho.lnk - D:\Games\Mame\mame64.exe
C:\Users\Luciano\Desktop\Pestering Birds.lnk - C:\Program Files (x86)\MyPlayCity.com\Pestering Birds\Pestering Birds.exe
C:\Users\Luciano\Desktop\Project64 1.6.lnk - C:\Program Files (x86)\Project64 1.6\Project64.exe
C:\Users\Luciano\Desktop\Remote Desktop Connection.lnk - C:\windows\system32\mstsc.exe
C:\Users\Luciano\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Luciano\Desktop\ZY-BigCityAdventureLondon - Atalho.lnk - D:\Games\Big City Adventure - London Premium Edition PT\ZY-BigCityAdventureLondon.exe
C:\Users\Luciano\Desktop\µTorrent.lnk -
C:\Users\USURIO~1\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\USURIO~1\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Feeding Frenzy.lnk - C:\Program Files (x86)\GameHouse\FeedingFrenzy\FeedingFrenzy.exe
C:\Users\Public\Desktop\ImgBurn.lnk - C:\Program Files (x86)\ImgBurn\ImgBurn.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mario Forever 5.01.lnk - C:\Program Files (x86)\softendo.com\Mario Forever 5.01\Mario Forever 5.0.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==== shortcuts in Users Start Menu ======================

C:\Users\Luciano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Video Converter.lnk - C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe
C:\Users\Luciano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Luciano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Luciano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Brz.chm
C:\Users\Luciano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Power management options.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Open EnergyManagement.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\windows\Installer\{AC76BA86-7AD7-1046-7B44-AA1000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter\Desinstalar Free Video Converter.lnk - C:\Program Files (x86)\Free Video Converter\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter\Free Video Converter.lnk - C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk - C:\Program Files (x86)\FLV Player\FLVPlayer.exe
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk - C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Pestering Birds.lnk - C:\Program Files (x86)\MyPlayCity.com\Pestering Birds\Pestering Birds.exe
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explore.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Luciano\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luciano\Desktop\Internet Explore.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Luciano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Luciano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Luciano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explore.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ccncljhbalbbkkfgopogabimepmfkmff deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pkndmigholgfjlniaohblojbhgjbkakn deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luciano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Luciano\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luciano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99H3R57U will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Luciano\AppData\Local\Mozilla\Firefox\Profiles\zruauwh7.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Luciano\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=81 folders=12 11232410 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Luciano\AppData\Local\Temp will be emptied at reboot
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Luciano\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Luciano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99H3R57U" deleted

==== EOF on 01/02/2014 at 19:04:59,13 ======================

por **Power Max** Sáb 01 Fev 2014, 19:31

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Salve-o no disco local! ( C ou D )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

por Luciano Santos Dom 02 Fev 2014, 10:05

~ Relatório do ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Iniciado por Luciano (02/02/2014 09:57:47)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v32.0.1700.102 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4039 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 150 GB (58%) free of 254 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LUCIANO-NOTBOOK
~ User Name: Luciano
~ All Users Names: Luciano, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Luciano\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Luciano\AppData\Roaming\
~ %Desktop% : C:\Users\Luciano\Desktop\
~ %Favorites% : C:\Users\Luciano\Favorites\
~ %LocalAppData% : C:\Users\Luciano\AppData\Local\
~ %StartMenu% : C:\Users\Luciano\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 150 Go of 254 Go)
D: Hard drive, Flash drive, Thumb drive (Free 25 Go of 29 Go)
F: CD-ROM drive (Free 0 Go of 0 Go)
G: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.13/09/2011 - 21:39:02.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/11/2013 - 04:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/09/2011 - 21:40:23.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/8499
~ Mes musiques (My Musics) : 4/122
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/53
~ Mes Documents (My Documents) : 3/464
~ Mon Bureau (My Desktop) : 1/24
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 04s

---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2236]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488] [PID.2444]
[MD5.26C49FA8BF063A51FBEF8F1E2C839A90] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160] [PID.4072]
[MD5.61A2DBA2126BA1425CC5AECC8E8AD055] - (.Vimicro - VM331 StiMnt.) -- C:\Program Files (x86)\USB Camera\VM331_STI.exe [548864] [PID.3704]
[MD5.22EC0852DBF032A93D8DA697065FA189] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336] [PID.4064]
[MD5.BDB70EA0834EEC93927D9ABF95D11CB7] - (.Lenovo - VeriFace Tray Icon Manager.) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056] [PID.3548]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe [0] [PID.3292]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3088]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.692]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.4432]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.5524]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1216]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1580]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1676]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1700]
[MD5.E5C796B621F6FBA8616511063D7F0FFE] - (.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688] [PID.1832]
[MD5.F5C0317AF600F8C0D7E4202EB04232B1] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.4068]
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.3832]
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.4272]
~ Processes Running: Scanned in 00mn 00s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\zruauwh7.default\prefs.js
M0 - MFSP: prefs.js [Luciano - zruauwh7.default] C:\\Users\\Luciano\\Documents\\favoritos.htm
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 16 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Feeding Frenzy.lnk . (.Sprout Games, LLC - Feeding Frenzy.) -- C:\Program Files (x86)\GameHouse\FeedingFrenzy\FeedingFrenzy.exe
O4 - GS\Desktop [Public]: Mario Forever 5.01.lnk . (.Softendo (c) 2010 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Softendo (c) 2010 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -- C:\Program Files (x86)\softendo.com\Mario Forever 5.01\Mario Forever 5.0.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Luciano]: Free Video Converter.lnk . (...) -- C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe (.not file.)
O4 - GS\QuickLaunch [Luciano]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Luciano]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Luciano]: Pestering Birds.lnk . (...) -- C:\Program Files (x86)\MyPlayCity.com\Pestering Birds\Pestering Birds.exe
O4 - GS\QuickLaunch [Luciano]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Luciano\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Luciano]: Internet Explore.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Luciano]: Free Video Converter.lnk . (...) -- C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe (.not file.)
O4 - GS\Program [Luciano]: FreeRapid 0.86u1.lnk . (...) -- C:\Users\Luciano\Documents\Programas\FreeRapid-0.86u1\frd.exe (.not file.)
O4 - GS\Program [Luciano]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Luciano]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Luciano]: abgx360 GUI.lnk . (...) -- C:\Program Files (x86)\abgx360\abgx360gui.exe
O4 - GS\Desktop [Luciano]: Chicken Invaders 2.lnk . (.InterAction studios - Chicken Invaders 2 executable file.) -- C:\Program Files (x86)\Chicken Invaders 2\ChickenInvaders2.exe
O4 - GS\Desktop [Luciano]: dora's ballet adventures - Atalho.lnk . (...) -- D:\Games\Dora's Ballet Adventure Final\dora's ballet adventures.exe
O4 - GS\Desktop [Luciano]: Fishdom2 - Atalho.lnk . (...) -- D:\Games\Fishdom 2 Premium Edition Em Português\Fishdom2.exe
O4 - GS\Desktop [Luciano]: Fishdom3 - Atalho.lnk . (...) -- D:\Games\Fishdom 3 Collectors Edition\Fishdom3.exe
O4 - GS\Desktop [Luciano]: frd - Atalho.lnk . (.Vity - File Downloader.) -- C:\Users\Luciano\Documents\Programas\FreeRapid-0.9u1\FreeRapid-0.9u1\frd.exe
O4 - GS\Desktop [Luciano]: Gens - Atalho.lnk . (...) -- D:\Games\Emulador Mega Drive\wgens099\Gens.exe
O4 - GS\Desktop [Luciano]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Luciano]: GuerrillaBob - Atalho.lnk . (...) -- D:\Games\Guerrilla Bob\GuerrillaBob.exe
O4 - GS\Desktop [Luciano]: Internet Explore.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Luciano]: mame64 - Atalho.lnk . (.MAME Team - Multiple Arcade Machine Emulator.) -- D:\Games\Mame\mame64.exe
O4 - GS\Desktop [Luciano]: Pestering Birds.lnk . (...) -- C:\Program Files (x86)\MyPlayCity.com\Pestering Birds\Pestering Birds.exe
O4 - GS\Desktop [Luciano]: Project64 1.6.lnk . (...) -- C:\Program Files (x86)\Project64 1.6\Project64.exe
O4 - GS\Desktop [Luciano]: ZY-BigCityAdventureLondon - Atalho.lnk . (.Jolly Bear Games - Big City Adventure: London.) -- D:\Games\Big City Adventure - London Premium Edition PT\ZY-BigCityAdventureLondon.exe
O4 - GS\Desktop [Luciano]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Luciano\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 77 Legitimates Filtered in 00mn 01s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Bluetooth.lnk . (...) -- C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe (.not file.)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [Lenovo EE Boot Optimizer] . (.Lenovo - Lenovo EE Boot Optimizer Software.) -- C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
O4 - HKLM\..\Run: [Energy Management] . (.Lenovo (Beijing) Limited - Lenovo Energy Management Software 6.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Battery Management Software Ver 6.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Luciano\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [AlcoholAutomount] . (.Alcohol Soft Development Team - Alcohol Virtual Drive Auto-mount Service.) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O4 - HKCU\..\Run: [Power2GoExpress] Chave orfã
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [331BigDog] . (.Vimicro - VM331 StiMnt.) -- C:\Program Files (x86)\USB Camera\VM331_STI.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Mirage] . (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Tray] . (.CyberLink Corp. - YouCam.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe
O4 - HKLM\..\Wow6432Node\Run: [VeriFaceManager] . (.Lenovo - VeriFace Tray Icon Manager.) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePRCShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [fst_br_41] Chave orfã
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1560063537-2442310759-624858241-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Luciano\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1560063537-2442310759-624858241-1000\..\Run: [AlcoholAutomount] . (.Alcohol Soft Development Team - Alcohol Virtual Drive Auto-mount Service.) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O4 - HKUS\S-1-5-21-1560063537-2442310759-624858241-1000\..\Run: [Power2GoExpress] Chave orfã
O4 - HKUS\S-1-5-21-1560063537-2442310759-624858241-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-1560063537-2442310759-624858241-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (.not file.)
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\Lenovo\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{519447E6-9BA5-4BAD-BF22-B9D3C1E74C43}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{D89AC5E9-C087-4C9E-9709-8F56B2373A38}: DhcpNameServer = 192.168.13.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{519447E6-9BA5-4BAD-BF22-B9D3C1E74C43}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{D89AC5E9-C087-4C9E-9709-8F56B2373A38}: DhcpNameServer = 192.168.13.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{519447E6-9BA5-4BAD-BF22-B9D3C1E74C43}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{D89AC5E9-C087-4C9E-9709-8F56B2373A38}: DhcpNameServer = 192.168.13.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{87027163-B648-4F2D-A0DD-2C32605744B5}] (...) -- C:\Program Files (x86)\Feven 2.1\Uninstall.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [{9A4AD40D-1340-4DB9-8F1C-24CA4C72B447}] (...) -- C:\Users\Luciano\Documents\Programas\FreeRapid-0.86u1\frd.exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 03s

---\\ Software instalados (042)
O42 - Logiciel: IePluginService12.27.0.3326 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- IePlugins =>Trojan.SProtector
O42 - Logiciel: USB Game Controller - (...) [HKLM][64Bits] -- {D3DF3D05-DE2A-476A-A384-08FCD58D9FE7}
~ Logic: 27 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\5e4db8f]
[HKCU\Software\Angry Mob Games]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\GRAPES]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\FileConverter_1.1]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\supTab]
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 269 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/09/2013 - 12:58:32 - [51,214] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 17/10/2013 - 21:44:05 - [0] ----D C:\Users\Luciano\AppData\Roaming\360Safe
O43 - CFD: 25/08/2013 - 15:34:42 - [4,688] ----D C:\Users\Luciano\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 17/09/2012 - 23:26:23 - [4,097] ----D C:\Users\Luciano\AppData\Roaming\dora's ballet adventures
~ Program Folder: 172 Legitimates Filtered in 00mn 26s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 01/02/2014 - 16:29:10 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.44EEF79F56FF40A9CA9B275A099E9E13] - 01/02/2014 - 18:03:35 ---A- . (...) -- C:\FaceProv.log [3401627]
O44 - LFC:[MD5.B8F0E220E8EFD241C296B436EB4EEB2C] - 01/02/2014 - 18:04:59 ---A- . (...) -- C:\zoek-results.log [23953]
O44 - LFC:[MD5.E01BEB23621D05A361BCAADF4C212F71] - 01/02/2014 - 18:05:08 ---A- . (...) -- C:\Windows\System32\fastboot.set [477433]
O44 - LFC:[MD5.CA49069B6F57DEDD17CD28710543C1B4] - 01/02/2014 - 18:07:36 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147864]
O44 - LFC:[MD5.F8FEC40A27743EF2696EBC3EE62F666B] - 01/02/2014 - 18:07:36 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706024]
O44 - LFC:[MD5.2DFC9315B9D939C4EDD4E4D724C04DBB] - 31/01/2014 - 11:57:33 ---A- . (...) -- C:\hijackthis.log [13489]
~ Files: 27 Legitimates Filtered in 00mn 02s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.BC647F1F9DCE55B05B54683260ECE4FB] - 11/10/2013 - 21:04:16 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 03/12/2013 - 06:38:01 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 31/12/2013 - 19:57:47 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.A15860E920B02C9A7CE8F3A6C2FF1E3A] - 29/09/2012 - 00:10:31 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 18 Legitimates Filtered in 00mn 15s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 24/10/2011 - C:\Windows\System32\drivers\BPntDrv.sys (BPntDrv) .(.Lenovo - BpntDrv.) - LEGACY_BPNTDRV
~ Legacy: 102 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{5DAEE838-227E-4A04-BA73-25C8CB4E166A}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe (.not file.)
O87 - FAEL: "UDP Query User{CBEF0917-8248-4BFF-BCF2-E23D6A147379}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe (.not file.)
O87 - FAEL: "TCP Query User{AAC39EE0-F854-49F4-8860-B337590BB261}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe (.not file.)
O87 - FAEL: "UDP Query User{E11B3307-3602-4A23-A0FD-1FA2A595ADAD}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe (.not file.)
O87 - FAEL: "{B1139ABC-8A43-4E75-8B5F-3374DFA2B742}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
O87 - FAEL: "{83044EA8-345E-4BC4-9000-196114F68AA7}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (.not file.) =>PUP.Datamngr
~ Firewall: 190 Legitimates Filtered in 00mn 01s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "11C6590D06F0EF3499DA25E4384317BB" . (.Energy Management.) -- C:\windows\Installer\{D0956C11-0F60-43FE-99AD-524E833471BB}\ARPPRODUCTICON.exe
O90 - PUC: "421D4F645E0221D4EB25CE71A7A7B424" . (.OneKey Recovery.) -- C:\windows\Installer\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\ARPPRODUCTICON.exe
O90 - PUC: "8FC2C70F35C43CE418266A22E163BE88" . (.Guia de Usuário.) -- C:\windows\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\ARPPRODUCTICON.exe
~ Update Products: 84 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 05/01/2012 75624 | (AxAutoMntSrv) . (.Alcohol Soft Development Team.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
SS - | Demand 07/11/2013 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 24/10/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/10/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/07/1658 0 | (MsgPlusService) . (...) - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
SS - | Demand 10/07/1658 0 | (NMIndexingService) . (...) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 31/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 14/12/2010 953632 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
SR - | Auto 18/02/2011 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
SR - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 14s

---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:[MD5.A15860E920B02C9A7CE8F3A6C2FF1E3A] - 29/09/2012 - 00:10:31 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
~ Emulateurs: Scanned in 00mn 14s

---\\ Scâner Aditional (088)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 5

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins] =>Trojan.SProtector^
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Microsoft\Tracing\updateBrowseFox_RASAPI32] =>Adware.BrowseFox
[HKLM\Software\Microsoft\Tracing\updateBrowseFox_RASMANCS] =>Adware.BrowseFox
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422902210}] =>PUP.CrossRider
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Luciano\AppData\Roaming\Baidu Security =>Adware.BDSearch^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
~ Additionnel Scan: 219723 Items scanned in 00mn 22s

---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.SProtector
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Datamngr
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BrowseFox
~ MSI: 7 link(s) detected in 00mn 22s

~ 1075 Legitimates filtered by white list
End of the scan (487 lines in 01mn 57s)(0)
:rindo_atoa: isso aí!

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 404338

por **Power Max** Dom 02 Fev 2014, 10:56

Copie todo este script que te passei.

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique em OK > Clique com o botão direito do mouse sobre a grande área cinza da tela do programa e clique em Colar > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.

por Luciano Santos Dom 02 Fev 2014, 17:52

tenho uma duvida, depois de apertar em IMPORTAÇÃO aparece uma tela grande cheia de coisas inscritas e não tem a opção de "OK", minha duvida é eu apago aquilo que está escrito e depois eu colo o que tu me pediu ou só acrescento abaixo? vou enviar uma foto pra ti ver.

por **Power Max** Dom 02 Fev 2014, 17:56

Já está certo, ele já colou lá o que você copiou.

Agora é só clicar em Go > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.

por Luciano Santos Dom 02 Fev 2014, 18:15

Rapport de ZHPFix 2014.1.17.2 par Nicolas Coolman, Update du 17/01/2014
Fichier d'export Registre :
Run by Luciano at 02/02/2014 18:13:04
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)

========== Softwares ==========
AUSENTE Uninstall Process: c:\programdata\iepluginservice\pluginservice.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins]
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\FileConverter_1.1
ELIMINÉ: HKLM\Software\Wow6432Node\Wpm
ELIMINÉ: HKLM\Software\Wow6432Node\supTab
ELIMINÉ: HKLM\Software\Wow6432Node\supWPM
ELIMINÉ:* HKLM\Software\Microsoft\Tracing\updateBrowseFox_RASAPI32
ELIMINÉ:* HKLM\Software\Microsoft\Tracing\updateBrowseFox_RASMANCS
ELIMINÉ:* HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422902210}

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
ELIMINÉ RunValue: SynTPEnh
ELIMINÉ RunValue: Power2GoExpress
ELIMINÉ RunValue: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
ELIMINÉ RunValue: fst_br_41
ELIMINÉ MWPS Value: EnableLUA
ELIMINÉ MWPS Value: EnableUIADesktopToggle
ELIMINÉ MWPS Value: PromptOnSecureDesktop
ELIMINÉ MWPS Value: FilterAdministratorToken
ELIMINÉ MWPE Value: NoActiveDesktopChanges
ELIMINÉ: TCP Query User{5DAEE838-227E-4A04-BA73-25C8CB4E166A}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe
ELIMINÉ: UDP Query User{CBEF0917-8248-4BFF-BCF2-E23D6A147379}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe
ELIMINÉ: TCP Query User{AAC39EE0-F854-49F4-8860-B337590BB261}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe
ELIMINÉ: UDP Query User{E11B3307-3602-4A23-A0FD-1FA2A595ADAD}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe
ELIMINÉ: {B1139ABC-8A43-4E75-8B5F-3374DFA2B742}
ELIMINÉ: {83044EA8-345E-4BC4-9000-196114F68AA7}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
SUBSTITUI Value NoActiveDesktopChanges : Good (0) - Bad (1)
SUBSTITUI Value EnableLUA : Good (1) - Bad (0)
ELIMINÉ Explorer Association Data Application: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ Explorer Association Data Application: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\luciano\appdata\roaming\microsoft\internet explorer\quick launch\free video converter.lnk
ELIMINÉ: c:\users\luciano\appdata\roaming\microsoft\windows\start menu\programs\free video converter.lnk
ELIMINÉ: c:\users\luciano\appdata\roaming\microsoft\windows\start menu\programs\freerapid 0.86u1.lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\startup\bluetooth.lnk
ELIMINA REINICIAR: c:\windows\system32\drivers\360fltoem.sys
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ Temporários windows ( Cool

(368.552 octets)

========== Tarefa planificada ==========
ELIMINÉ: {87027163-B648-4F2D-A0DD-2C32605744B5}
ELIMINÉ: {9A4AD40D-1340-4DB9-8F1C-24CA4C72B447}

========== Outros ==========
NÃO-TRATADO SystemRestore

========== Recapitulativo ==========
11 : Chaves do Registo
22 : Valores do Registo
4 : Elementos dos dados do Registo
1 : Pastas
7 : Ficheiros
1 : Softwares
2 : Tarefa planificada
1 : Outros

End of clean in 00mn 15s

========== Caminho do ficheiro do relatório ==========
C:\Users\Luciano\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/02/2014 18:13:08 [3896]

por **Power Max** Dom 02 Fev 2014, 18:17

Vários problemas foram removidos.

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 772309

Como está seu PC após estas limpezas?

por Luciano Santos Dom 02 Fev 2014, 18:28

Problema resolvido e Notbook 100% !!!!!

cara antes não conseguia entrar em nenhum site e muito lento quase parando... agora ficou bala está rápido e parou aquelas propagandas chatas, ficou 110%, hehehe... muito obrigado pela ajuda, valeu mesmo!!!! e uma perguntinha, posso fazer esse mesmo procedimento no PC também? ele não está lento, mas só pra ver se tem algo mesmo. Obrigado! como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 648673379

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 547673

por **Power Max** Dom 02 Fev 2014, 18:37

cara antes não conseguia entrar em nenhum site e muito lento quase parando... agora ficou bala está rápido e parou aquelas propagandas chatas, ficou 110%, hehehe... muito obrigado pela ajuda, valeu mesmo!!!!

Fico feliz que o problema foi resolvido.
_________________________________________________________________________________

e uma perguntinha, posso fazer esse mesmo procedimento no PC também? ele não está lento, mas só pra ver se tem algo mesmo.

Cada caso é um caso. Sugiro que crie um novo tópico na área de Remoção de Malwares para podermos analisar o PC e ver se está tudo certo com ele.
_________________________________________________________________________________

Só para finalizar faça estes últimos procedimentos, por gentileza:

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 772309

Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (caso já tenha ele, não precisa instalar de novo).

Abra o Ccleaner > clique no botão Limpeza > clique na opção Executar Limpeza. Isto é demonstrado na imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Confirme a operação acima clicando no botão OK. Aguarde a conclusão do procedimento.

Depois disto, clique no botão botão Registro > Procurar Erros > Corrigir erro(s) selecionado(s) > neste momento você poderá optar por fazer uma cópia das alterações que serão feitas no registro (por motivos de segurança), escolha a opção que desejar (sim ou não) > e confirme a limpeza clicando no botão Corrigir todos os erros selecionados > clique no botão Fechar (ou OK):

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

__________________________________________________________________________________________________________________

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 772309

Depois disto siga também as dicas deste tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 772309

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)

*Depois disto é só executá-lo, deixar selecionadas as opções Remove disinfection tools e Purge system restore

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique em [Run]

Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txt
_______________________________________________________________________________________________________________________

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 960671

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 960671

Foi um prazer ajudar, conte sempre conosco!

por Luciano Santos Dom 02 Fev 2014, 19:09

Limpando o not...:

RaProducts' PureRa v1.7
Log created at 19:07 on 02/02/2014 (Luciano)

C:\Config.MSI emptied.
C:\Users\Luciano\AppData\LocalLow\Microsoft\CryptNetURLCache\Content emptied.
C:\Users\Luciano\AppData\LocalLow\Microsoft\CryptNetURLCache\MetaData emptied.
C:\windows\system32\FNTCACHE.DAT <- O sistema não pode encontrar o arquivo especificado.
Recycle bin emptied.
C:\windows\SoftwareDistribution\DataStore\Logs emptied.
C:\windows\SoftwareDistribution\Download emptied.
C:\windows\SoftwareDistribution\SelfUpdate\Default emptied.
C:\windows\SoftwareDistribution\WuRedir emptied.
C:\windows\SoftwareDistribution\ReportingEvents.log <- O arquivo já está sendo usado por outro processo.
C:\Users\Luciano\AppData\Local\Temp emptied.
C:\windows\TEMP emptied.
C:\Program Files (x86)\Lenovo\YouCam\Promotion\150DPI\image\Thumbs.db <- Successfully deleted.
C:\Program Files (x86)\Lenovo\YouCam\Promotion\normal\image\Thumbs.db <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpRegSession0.sqm <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpRegSession1.sqm <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession0.sqm <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession1.sqm <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession2.sqm <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession3.sqm <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession4.sqm <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession5.sqm <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession6.sqm <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession7.sqm <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession8.sqm <- Successfully deleted.
C:\ProgramData\Microsoft\Windows\Sqm\Upload\PnrpResolveSession9.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\IconCache.db <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db <- Acesso negado.
C:\Users\Luciano\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db <- Acesso negado.
C:\Users\Luciano\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db <- Acesso negado.
C:\Users\Luciano\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db <- Acesso negado.
C:\Users\Luciano\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db <- Acesso negado.
C:\Users\Luciano\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db <- Acesso negado.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici2_00.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_00.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_01.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_02.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_03.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_04.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_05.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_06.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_07.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_08.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_09.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_10.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_11.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_12.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_13.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\Bici\Bici4_14.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData20_00.sqm <- Successfully deleted.
C:\Users\Luciano\AppData\Local\Microsoft\Windows Live\SqmApi\SqmData21_00.sqm <- Successfully deleted.
C:\Users\Luciano\Documents\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Documents\Backup celular Beta\DCIM\100ANDRO\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Documents\Backup celular Beta\DCIM\100AVIARY\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Documents\Eletro Clic\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Documents\Eletro Clic\Ar Condicionado Split\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Documents\Eletro Clic\Curso_De_Eletronica_Ilustrado\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Documents\Eletro Clic\Eletronica video aulas\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Documents\Eletro Clic\Maquinas de Lavar\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Documents\Pasta de trocas do Bluetooth\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Documents\Programas\Alcohol1202.0.0.1331–[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] 120% 2.0.2.3929 Up By [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] <- Successfully deleted.
C:\Users\Luciano\Documents\Programas\Alcohol1202.0.0.1331–[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] 120% 2.0.2.3929 Up By [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] DO XANDAO DOWNLOAD\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Music\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Music\Paula Fernandes - DVDa 2011\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Music\Salve Jorge - Trilha Sonora Sertaneja da Novela (2012).Up.By.WWW.XANDAODOWNLOAD.COM\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Music\Salve Jorge - Trilha Sonora Sertaneja da Novela (2012).Up.By.WWW.XANDAODOWNLOAD.COM\BONUS DO XANDAO DOWNLOAD\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Music\Trilha Sonora Da Novela - Amor À Vida - [2013]\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Aniversario Vô Zeca 90 anos\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Ano Novo\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Apresentação Laisa\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Diversas\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Formatura Anderson e Scheila\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\1º ano Laisa\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Niver Casamento vó Eni e vô Zeca 2005\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Niver Laisa 2 anos\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Niver Lívia 7 anos\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Niver Lívia 7 anos\Fotos celular\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Niver Lívia 7 anos\Níver escola\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Níver Candida 2006\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Níver Juliana 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Níver Luciano 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Níver Lívia 5 anos\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Níver Lívia 6 anos\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Níver Lívia 8 anos\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Níver Roberta 2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Níver Vó Eni 2006\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Aniversários\Níver Vô Zeca 2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Ano novo\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Ano novo\2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Ano novo\2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Ano novo\2009\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Ballet\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Cantata 2006\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Cantata 2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Coral Girassol\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Dia das Mães 2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Dia das mães 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Dia das Mães 2009\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Dia das mães escola 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Dia dos Pais 2006\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Dia dos Pais 2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Dia dos Pais 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Dia dos Pais 2009\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Encontrão 2009\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Festa Junina 2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Festa Junina 2009\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\formatura Lívia 2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\natal 2006\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\natal 2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\natal 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Páscoa 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Páscoa 2009\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\Semana Cultural 2009\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\show de talentos 2006\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Apresentações Lívia e Laisa\show de talentos 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Barragem jul 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Batizado Heloísa 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Batizado Laisa 2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Casamento Jáderson - Formatura Jonatan\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Casamento Matheus 2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Chá de fralda Laisa 2006\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Curso B&D e Dewalt Luciano\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Dia das mães 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Dia dos Pais 2006\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Diversas\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Espetáculo do Mágico de Oz 2006\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\exposição RBS 2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Amigos\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Avós\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Bisôs\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Diversas\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Família\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Laisa\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Luciano\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Luciano e Laisa\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Luciano e Lívia\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Luciano e Roberta\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Lívia\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Lívia e Laisa\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Lívia, Laisa e Gustavo\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Primos\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Roberta\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Roberta e Laisa\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Roberta e Lívia\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Família\Tios e dindos\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Formatura\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Fotos casa (antes e depois)\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Fotos produzidas\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Herval\jan 2009\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Herval\mai 2009\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Herval\mar 2009\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Nascimento Laisa\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Natal\2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Natal\2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Natal POA\2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Natal POA\2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Natal praça\2006\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Natal praça\2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Natal praça\2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Noite Pijama 2010 Lívia\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\olímpico dez 2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\parque aquático fev 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Pituka 02.03.2009 e Mimika\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Porta Arrombada\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Poso em família 01.08.09\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Praça 25.05.08\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Páscoa\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Páscoa\2009\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Retiro de Casais\2006\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Retiro de Casais\2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Show da Disney out 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Verão 2006 - 2007\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Verão 2007-2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\Verão 2008 - 2009\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos\ZÔO set 2008\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Aniversario Lívia 24.08.13\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Aniversário Bisa Eni\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Aniversário Livia 27.08.11\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Celular Lívia\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Formatura Balé Laisa\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Formatura Lê\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Fotos celular Sano\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Fotos Formatura Laisa\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\fotos luciano\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Fotos maquina digital\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\fotos maquina digital anivers. Livia\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Fotos niver vô zeca, Zenóbia\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Maquina Candida\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Maquina digital Paulo\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Nascimento Diana\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Niver Ederaldo aramba\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Olimpico 04.12.12\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Passeio Barragem\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Passeio no Park de diversão\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Passeio Shoping Iguatemi 04.12.12\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Passeio shopping iguatemi 06.10.13\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Recital Coliseu Lívia\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Viagem a Bento Gonçalves\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Viagem Canela- Gramado\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Viagem Canela- Gramado\Parque das Aguas Farroupilha\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Viagem Canela- Gramado\Passeio Zoo Gramado\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Fotos Descarregadas\Viagem Rio Grende\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Janta Eletroclic\Thumbs.db <- Successfully deleted.
C:\Users\Luciano\Pictures\Níver Laisa 7 anos\Thumbs.db <- Successfully deleted.
C:\Windows\Resources\Themes\Thumbs.db <- Successfully deleted.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpRegSession0.sqm <- Successfully deleted.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpResolveSession0.sqm <- Successfully deleted.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSvcSession0.sqm <- Successfully deleted.
C:\Windows\Web\Wallpaper\Thumbs.db <- Successfully deleted.
C:\Windows\Web\Wallpaper\Lenovo_1\Thumbs.db <- Successfully deleted.
C:\Windows\Web\Wallpaper\Lenovo_2\Thumbs.db <- Successfully deleted.
C:\Windows\Web\Wallpaper\Lenovo_3\Thumbs.db <- Successfully deleted.
C:\Windows\Web\Wallpaper\Lenovo_4\Thumbs.db <- Successfully deleted.

Total space cleaned: 78.22 MB

-=E.O.F=-

por **Power Max** Dom 02 Fev 2014, 19:11

Vários problemas foram removidos pelo Purera.

como https - forumpcbrasil forumeiros com - Como remover awesomehp??? 772309

Você executou também o Delfix e o Ccleaner? Caso não tenha executado, execute por gentileza.

por Conteúdo patrocinado

Como remover awesomehp???