Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 9 usuários online :: 0 registrados, 0 invisíveis e 9 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
malware-gen
3 participantes
Página 2 de 2
Página 2 de 2 • 
1, 2
Re: malware-gen
por gilberto inacio Sáb 15 Fev 2014, 13:57
Bloco de notas_Zoek:
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Marcela on 15/02/2014 at 13:33:29,84.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Marcela\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
15/02/2014 13:35:15 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselivem deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\prefs.js:
user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=opencd_hp_hao123_br");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default
user.js not found
---- Lines CT3282722 removed from prefs.js ----
user_pref("CT3282722.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
---- Lines mysearch removed from prefs.js ----
user_pref("extensions.irmysearch.aflt", "dsites0103");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0ByCtAzy0EyD0FtB0DyDzz0FyCtByD0AtN0D0Tzu0CyByByCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1
user_pref("extensions.irmysearch.cr", "1789190619");
user_pref("extensions.irmysearch.instlRef", "");
user_pref("extensions.mysearchdial.cntry", "BR");
user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,304628180
user_pref("extensions.mysearchdial.hdrMd5", "");
user_pref("extensions.mysearchdial.lastB", "chrome://branding/locale/browserconfig.properties");
user_pref("extensions.mysearchdial.lastVrsnTs", "");
user_pref("extensions.mysearchdial.sg", "{smplGrp}");
---- Lines mysearch modified from prefs.js ----
user_pref("extensions.enabledAddons", "{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5,{2d7886a0-85bb-4bf2-b684-ba92b4b21d23}:3.0,ffxtlbr@mysearchdial.c
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"fassoxpcom@sensiblevision.com\":{\"descriptor\":\"C:\\\\Program F
---- FireFox user.js and prefs.js backups ----
prefs_022014_1344_.backup
==== Deleting Files \ Folders ======================
C:\Users\Marcela\AppData\Roaming\FixVTS.ini deleted
C:\Users\Marcela\AppData\Roaming\FotoSketcher.ini deleted
C:\Users\Marcela\AppData\Roaming\DigitalSites deleted
C:\Users\Marcela\AppData\Roaming\freegames4357 deleted
C:\Users\Marcela\AppData\Roaming\baidu deleted
C:\Users\Marcela\AppData\Roaming\OpenCandy deleted
C:\Users\Marcela\AppData\Local\funmoods_2.3.crx deleted
C:\Users\Marcela\AppData\Local\cache deleted
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense deleted
C:\windows\SysNative\tasks\SaveSense deleted
C:\Windows\tasks\SaveSense.job deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\windows\SysNative\tasks\Digital Sites deleted
C:\Windows\tasks\Digital Sites.job deleted
C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\CT3282722 deleted
C:\Users\Marcela\Desktop\OrbitDownloaderSetup.exe deleted
C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\extensions\ffxtlbr@mysearchdial.com deleted
"C:\PROGRA~2\Orbitdownloader\download.dll" deleted
"C:\PROGRA~2\Orbitdownloader\idht.dll" deleted
"C:\PROGRA~2\Orbitdownloader\msvcp71.dll" deleted
"C:\PROGRA~2\Orbitdownloader\msvcr71.dll" deleted
"C:\PROGRA~2\Orbitdownloader\orbitdm.exe" deleted
"C:\PROGRA~2\Orbitdownloader\orbitnet.exe" deleted
"C:\PROGRA~2\Orbitdownloader\SoftUpdater.dll" deleted
"C:\PROGRA~2\Orbitdownloader\wtlctrl.dll" deleted
"C:\PROGRA~2\Orbitdownloader\xlayout.dll" deleted
"C:\Users\Marcela\AppData\Roaming\Vso" deleted
"C:\Users\Marcela\AppData\Roaming\DMCache" deleted
"C:\Users\Marcela\AppData\Roaming\GrabPro" deleted
"C:\PROGRA~2\Orbitdownloader" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [25/12/2013 17:00]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [16/04/2013 15:04]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default
- Undetermined - %ProfilePath%\extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
- SaveSense - %ProfilePath%\extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default
A9C86900D2A61728C8326FE7147617C5 - C:\Users\Marcela\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
21A67095EDC11A528F5434D28BB0EF3C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll - Shockwave Flash
6A03609A79D8C5ACECB66EED53F3A0AB - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
70677064555D2EB816249ABB0150951F - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
==== Deleted Firefox Extensions ======================
C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23} deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aicancafipiklohohmoognddncljhkio - C:\Users\Marcela\AppData\Local\CRE\aicancafipiklohohmoognddncljhkio.crx[]
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[03/04/2013 23:27]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
aicancafipiklohohmoognddncljhkio - C:\Users\Marcela\AppData\Local\CRE\aicancafipiklohohmoognddncljhkio.crx[]
YouTube - Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Accounts - Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcfkmoonfcfoliiagnccmlikipcikmpl
Google Wallet - Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=opencd_hp_hao123_br"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{77AA745B-F4F8-45DA-9B14-61D2D95054C8}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{48A51849-3C1F-8A41-D1E2-650498F7BF6C} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{C6E1B50F-A5E8-4F74-B533-BFAD845E2640} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
==== Reset Google Chrome ======================
C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2859420775-1429383422-540164267-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully
HKEY_USERS\S-1-5-21-2859420775-1429383422-540164267-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully
HKEY_USERS\S-1-5-21-2859420775-1429383422-540164267-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} deleted successfully
HKEY_USERS\S-1-5-21-2859420775-1429383422-540164267-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} deleted successfully
HKEY_USERS\S-1-5-21-2859420775-1429383422-540164267-1000\Software\Microsoft\Internet Explorer\SearchScopes\{48A51849-3C1F-8A41-D1E2-650498F7BF6C} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\Marcela\Desktop\Adobe Photoshop Cs5.1.lnk - C:\Arquivos de Programas\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe
C:\Users\Marcela\Desktop\BadCopy Pro.lnk - C:\Program Files (x86)\Jufsoft\BadCopy\BadCopy.exe
C:\Users\Marcela\Desktop\Central de Soluções HP.lnk -
C:\Users\Marcela\Desktop\DVD Decrypter.lnk - C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe
C:\Users\Marcela\Desktop\DVD Shrink 3.2.lnk - C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe
C:\Users\Marcela\Desktop\dvdisaster.lnk - C:\Program Files (x86)\dvdisaster\dvdisaster-win.exe
C:\Users\Marcela\Desktop\DVDStyler.lnk - C:\Program Files (x86)\DVDStyler\bin\DVDStyler.exe
C:\Users\Marcela\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Marcela\Desktop\Free YouTube Download Convert.lnk - C:\Program Files (x86)\Free YouTube Download Convert\FreeYouTubeDownloadConvert.exe
C:\Users\Marcela\Desktop\FxFoto.lnk - C:\Program Files\FxFoto\FxFoto.exe
C:\Users\Marcela\Desktop\Glary Utilities.lnk - C:\Program Files (x86)\Glary Utilities\Integrator.exe
C:\Users\Marcela\Desktop\Internet Download Manager.lnk - C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\Marcela\Desktop\IsoBuster.lnk - C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe
C:\Users\Marcela\Desktop\MakeUp Pilot.lnk - C:\Program Files (x86)\MakeUp Pilot\MakeUpPilot.exe
C:\Users\Marcela\Desktop\Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Users\Marcela\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Marcela\Desktop\Portable Adobe Dreamweaver CS5 v11.0.4909 Pt-Br - Atalho.lnk - C:\Nova Pasta (3)\Portable Adobe Dreamweaver CS5 v11.0.4909 Pt-Br.exe
C:\Users\Marcela\Desktop\Retouch Pilot.lnk - C:\Program Files (x86)\Retouch Pilot\RetouchPilot.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\AnyDVD.lnk - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk - C:\Program Files (x86)\Autodesk\AutoCAD 2014\acad.exe /product ACAD /language "en-US"
C:\Users\Public\Desktop\Autodesk 3ds Max 8.lnk - C:\Program Files (x86)\Autodesk\3dsMax8\3dsmax.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Bitstream Font Navigator.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\FontNav\FontNav.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\CloneCD.lnk - C:\Program Files (x86)\SlySoft\CloneCD\CloneCD.exe
C:\Users\Public\Desktop\Corel CAPTURE X6.lnk - c:\Windows\Installer\{74FA94F1-9566-4252-9372-E7EAFFEFE209}\NewShortcut8.exe
C:\Users\Public\Desktop\Corel CONNECT X6.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Connect\Connect.exe
C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk - c:\Windows\Installer\{6F53FB68-6620-423E-B7CD-B8205655B421}\NewShortcut2.exe
C:\Users\Public\Desktop\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\Users\Public\Desktop\FotoMix.lnk - C:\Program Files (x86)\Digital Photo Software\FotoMix\FotoMix.exe
C:\Users\Public\Desktop\ImgBurn.lnk - C:\Program Files (x86)\ImgBurn\ImgBurn.exe
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe -ScParameter=30003
C:\Users\Public\Desktop\Photo Effects Studio.lnk - C:\Program Files (x86)\Photo Effects Studio\EStudio.exe
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Public\Desktop\Recuva.lnk - C:\Program Files\Recuva\recuva64.exe
C:\Users\Public\Desktop\TIM Communicator.lnk - C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH
C:\Users\Public\Desktop\Virtual Plastic Surgery Software - VPSS.lnk - C:\Program Files (x86)\VPSS\vpss.exe
C:\Users\Public\Desktop\WildTangent Games App - dell.lnk - C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe /src desktop /dp delld
==== shortcuts in Users Start Menu ======================
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Marcela\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\Marcela\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall Google+ Auto Backup.lnk - C:\WINDOWS\SysWOW64\msiexec.exe /x {A50DE037-B5C0-4C8A-8049-B0C576B313D1}
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\Marcela\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AA1000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony\MiPony.lnk - C:\Program Files (x86)\MiPony\MiPony.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit\Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit\Uninstall Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configurar o Visualizador de fotos do Picasa.lnk - C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe /reconfig
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Desinstalar.lnk - C:\Program Files (x86)\Google\Picasa3\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIM Communicator\Remover TIM Communicator.lnk - C:\Program Files (x86)\TIM Communicator\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIM Communicator\TIM Communicator.lnk - C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk - C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Download Convert.lnk - C:\Program Files (x86)\Free YouTube Download Convert\FreeYouTubeDownloadConvert.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IsoBuster.lnk - C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk - C:\Program Files (x86)\MiPony\MiPony.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Central de Soluções HP.lnk -
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Marcela\AppData\Local\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TIM Communicator.lnk - C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Marcela\AppData\Local\Google\Chrome\Application\chrome.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="200.142.130.166:80"
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aicancafipiklohohmoognddncljhkio deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\aicancafipiklohohmoognddncljhkio deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelTBRunOnce deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Marcela\AppData\Local\Mozilla\Firefox\Profiles\kps4vd5j.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=273 folders=52 26416796 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Marcela\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Marcela\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 15/02/2014 at 13:51:42,65 ======================
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Marcela on 15/02/2014 at 13:33:29,84.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Marcela\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
15/02/2014 13:35:15 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselivem deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\prefs.js:
user_pref("browser.startup.homepage", "http://br.hao123.com/?tn=opencd_hp_hao123_br");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default
user.js not found
---- Lines CT3282722 removed from prefs.js ----
user_pref("CT3282722.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
---- Lines mysearch removed from prefs.js ----
user_pref("extensions.irmysearch.aflt", "dsites0103");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0ByCtAzy0EyD0FtB0DyDzz0FyCtByD0AtN0D0Tzu0CyByByCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1
user_pref("extensions.irmysearch.cr", "1789190619");
user_pref("extensions.irmysearch.instlRef", "");
user_pref("extensions.mysearchdial.cntry", "BR");
user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,304628180
user_pref("extensions.mysearchdial.hdrMd5", "");
user_pref("extensions.mysearchdial.lastB", "chrome://branding/locale/browserconfig.properties");
user_pref("extensions.mysearchdial.lastVrsnTs", "");
user_pref("extensions.mysearchdial.sg", "{smplGrp}");
---- Lines mysearch modified from prefs.js ----
user_pref("extensions.enabledAddons", "{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5,{2d7886a0-85bb-4bf2-b684-ba92b4b21d23}:3.0,ffxtlbr@mysearchdial.c
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"fassoxpcom@sensiblevision.com\":{\"descriptor\":\"C:\\\\Program F
---- FireFox user.js and prefs.js backups ----
prefs_022014_1344_.backup
==== Deleting Files \ Folders ======================
C:\Users\Marcela\AppData\Roaming\FixVTS.ini deleted
C:\Users\Marcela\AppData\Roaming\FotoSketcher.ini deleted
C:\Users\Marcela\AppData\Roaming\DigitalSites deleted
C:\Users\Marcela\AppData\Roaming\freegames4357 deleted
C:\Users\Marcela\AppData\Roaming\baidu deleted
C:\Users\Marcela\AppData\Roaming\OpenCandy deleted
C:\Users\Marcela\AppData\Local\funmoods_2.3.crx deleted
C:\Users\Marcela\AppData\Local\cache deleted
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense deleted
C:\windows\SysNative\tasks\SaveSense deleted
C:\Windows\tasks\SaveSense.job deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\windows\SysNative\tasks\Digital Sites deleted
C:\Windows\tasks\Digital Sites.job deleted
C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\CT3282722 deleted
C:\Users\Marcela\Desktop\OrbitDownloaderSetup.exe deleted
C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\extensions\ffxtlbr@mysearchdial.com deleted
"C:\PROGRA~2\Orbitdownloader\download.dll" deleted
"C:\PROGRA~2\Orbitdownloader\idht.dll" deleted
"C:\PROGRA~2\Orbitdownloader\msvcp71.dll" deleted
"C:\PROGRA~2\Orbitdownloader\msvcr71.dll" deleted
"C:\PROGRA~2\Orbitdownloader\orbitdm.exe" deleted
"C:\PROGRA~2\Orbitdownloader\orbitnet.exe" deleted
"C:\PROGRA~2\Orbitdownloader\SoftUpdater.dll" deleted
"C:\PROGRA~2\Orbitdownloader\wtlctrl.dll" deleted
"C:\PROGRA~2\Orbitdownloader\xlayout.dll" deleted
"C:\Users\Marcela\AppData\Roaming\Vso" deleted
"C:\Users\Marcela\AppData\Roaming\DMCache" deleted
"C:\Users\Marcela\AppData\Roaming\GrabPro" deleted
"C:\PROGRA~2\Orbitdownloader" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [25/12/2013 17:00]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [16/04/2013 15:04]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default
- Undetermined - %ProfilePath%\extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
- SaveSense - %ProfilePath%\extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default
A9C86900D2A61728C8326FE7147617C5 - C:\Users\Marcela\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
21A67095EDC11A528F5434D28BB0EF3C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll - Shockwave Flash
6A03609A79D8C5ACECB66EED53F3A0AB - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
70677064555D2EB816249ABB0150951F - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
==== Deleted Firefox Extensions ======================
C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23} deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aicancafipiklohohmoognddncljhkio - C:\Users\Marcela\AppData\Local\CRE\aicancafipiklohohmoognddncljhkio.crx[]
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[03/04/2013 23:27]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
aicancafipiklohohmoognddncljhkio - C:\Users\Marcela\AppData\Local\CRE\aicancafipiklohohmoognddncljhkio.crx[]
YouTube - Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Accounts - Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcfkmoonfcfoliiagnccmlikipcikmpl
Google Wallet - Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=opencd_hp_hao123_br"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{77AA745B-F4F8-45DA-9B14-61D2D95054C8}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{48A51849-3C1F-8A41-D1E2-650498F7BF6C} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{C6E1B50F-A5E8-4F74-B533-BFAD845E2640} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
==== Reset Google Chrome ======================
C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2859420775-1429383422-540164267-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully
HKEY_USERS\S-1-5-21-2859420775-1429383422-540164267-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully
HKEY_USERS\S-1-5-21-2859420775-1429383422-540164267-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} deleted successfully
HKEY_USERS\S-1-5-21-2859420775-1429383422-540164267-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} deleted successfully
HKEY_USERS\S-1-5-21-2859420775-1429383422-540164267-1000\Software\Microsoft\Internet Explorer\SearchScopes\{48A51849-3C1F-8A41-D1E2-650498F7BF6C} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\Marcela\Desktop\Adobe Photoshop Cs5.1.lnk - C:\Arquivos de Programas\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe
C:\Users\Marcela\Desktop\BadCopy Pro.lnk - C:\Program Files (x86)\Jufsoft\BadCopy\BadCopy.exe
C:\Users\Marcela\Desktop\Central de Soluções HP.lnk -
C:\Users\Marcela\Desktop\DVD Decrypter.lnk - C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe
C:\Users\Marcela\Desktop\DVD Shrink 3.2.lnk - C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe
C:\Users\Marcela\Desktop\dvdisaster.lnk - C:\Program Files (x86)\dvdisaster\dvdisaster-win.exe
C:\Users\Marcela\Desktop\DVDStyler.lnk - C:\Program Files (x86)\DVDStyler\bin\DVDStyler.exe
C:\Users\Marcela\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Marcela\Desktop\Free YouTube Download Convert.lnk - C:\Program Files (x86)\Free YouTube Download Convert\FreeYouTubeDownloadConvert.exe
C:\Users\Marcela\Desktop\FxFoto.lnk - C:\Program Files\FxFoto\FxFoto.exe
C:\Users\Marcela\Desktop\Glary Utilities.lnk - C:\Program Files (x86)\Glary Utilities\Integrator.exe
C:\Users\Marcela\Desktop\Internet Download Manager.lnk - C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\Marcela\Desktop\IsoBuster.lnk - C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe
C:\Users\Marcela\Desktop\MakeUp Pilot.lnk - C:\Program Files (x86)\MakeUp Pilot\MakeUpPilot.exe
C:\Users\Marcela\Desktop\Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Users\Marcela\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Marcela\Desktop\Portable Adobe Dreamweaver CS5 v11.0.4909 Pt-Br - Atalho.lnk - C:\Nova Pasta (3)\Portable Adobe Dreamweaver CS5 v11.0.4909 Pt-Br.exe
C:\Users\Marcela\Desktop\Retouch Pilot.lnk - C:\Program Files (x86)\Retouch Pilot\RetouchPilot.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\AnyDVD.lnk - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk - C:\Program Files (x86)\Autodesk\AutoCAD 2014\acad.exe /product ACAD /language "en-US"
C:\Users\Public\Desktop\Autodesk 3ds Max 8.lnk - C:\Program Files (x86)\Autodesk\3dsMax8\3dsmax.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Bitstream Font Navigator.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\FontNav\FontNav.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\CloneCD.lnk - C:\Program Files (x86)\SlySoft\CloneCD\CloneCD.exe
C:\Users\Public\Desktop\Corel CAPTURE X6.lnk - c:\Windows\Installer\{74FA94F1-9566-4252-9372-E7EAFFEFE209}\NewShortcut8.exe
C:\Users\Public\Desktop\Corel CONNECT X6.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Connect\Connect.exe
C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk - c:\Windows\Installer\{6F53FB68-6620-423E-B7CD-B8205655B421}\NewShortcut2.exe
C:\Users\Public\Desktop\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\Users\Public\Desktop\FotoMix.lnk - C:\Program Files (x86)\Digital Photo Software\FotoMix\FotoMix.exe
C:\Users\Public\Desktop\ImgBurn.lnk - C:\Program Files (x86)\ImgBurn\ImgBurn.exe
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe -ScParameter=30003
C:\Users\Public\Desktop\Photo Effects Studio.lnk - C:\Program Files (x86)\Photo Effects Studio\EStudio.exe
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Public\Desktop\Recuva.lnk - C:\Program Files\Recuva\recuva64.exe
C:\Users\Public\Desktop\TIM Communicator.lnk - C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH
C:\Users\Public\Desktop\Virtual Plastic Surgery Software - VPSS.lnk - C:\Program Files (x86)\VPSS\vpss.exe
C:\Users\Public\Desktop\WildTangent Games App - dell.lnk - C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe /src desktop /dp delld
==== shortcuts in Users Start Menu ======================
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Marcela\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\Marcela\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall Google+ Auto Backup.lnk - C:\WINDOWS\SysWOW64\msiexec.exe /x {A50DE037-B5C0-4C8A-8049-B0C576B313D1}
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\Marcela\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AA1000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony\MiPony.lnk - C:\Program Files (x86)\MiPony\MiPony.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit\Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit\Uninstall Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configurar o Visualizador de fotos do Picasa.lnk - C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe /reconfig
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Desinstalar.lnk - C:\Program Files (x86)\Google\Picasa3\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIM Communicator\Remover TIM Communicator.lnk - C:\Program Files (x86)\TIM Communicator\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIM Communicator\TIM Communicator.lnk - C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk - C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Download Convert.lnk - C:\Program Files (x86)\Free YouTube Download Convert\FreeYouTubeDownloadConvert.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IsoBuster.lnk - C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk - C:\Program Files (x86)\MiPony\MiPony.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Central de Soluções HP.lnk -
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Marcela\AppData\Local\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TIM Communicator.lnk - C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\Marcela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Marcela\AppData\Local\Google\Chrome\Application\chrome.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="200.142.130.166:80"
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aicancafipiklohohmoognddncljhkio deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\aicancafipiklohohmoognddncljhkio deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelTBRunOnce deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Marcela\AppData\Local\Mozilla\Firefox\Profiles\kps4vd5j.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=273 folders=52 26416796 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Marcela\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Marcela\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 15/02/2014 at 13:51:42,65 ======================
gilberto inacio- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 11/02/2014
Re: malware-gen
por Power Max Sáb 15 Fev 2014, 14:03
Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:
C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt
Na sua próxima resposta poste este log do Nod32 Online.
Última edição por Power Max em Dom 02 Mar 2014, 12:21, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: malware-gen
por gilberto inacio Sáb 15 Fev 2014, 15:02
Segui o tutorial por várias vezes mas o pc está reiniciando sempre que vou executar o Nod32 online, e com o anti-vírus desativado.
gilberto inacio- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 11/02/2014
Re: malware-gen
por Power Max Sáb 15 Fev 2014, 15:18
Tente seguir este outro tutorial abaixo e veja se dá certo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Depois disto poste o relatório que o Kaspersky irá criar em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: malware-gen
por Power Max Dom 02 Mar 2014, 12:21
TÓPICO ARQUIVADO
Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Página 2 de 2 • 1, 2
Tópicos semelhantes» Por favor, o que fazer quando o mouse esta desaparecendo?
» virus wxteste.exe
» Malware olhrwef.exe não sai!
» Remoção de malware KMS-R@1n
» Problema com o alerta de Malware do avast!
» virus wxteste.exe
» Malware olhrwef.exe não sai!
» Remoção de malware KMS-R@1n
» Problema com o alerta de Malware do avast!
Página 2 de 2
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|