Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14838 usuários registrados
O último membro registrado é Lanterna Verde com Disco

Os nossos membros postaram um total de 36058 mensagens em 3689 assuntos
Últimos assuntos
» Disco 100% 2024 - Windows 10
por joram Ter 12 Nov 2024, 08:56

Quem está conectado?
18 usuários online :: 0 registrados, 0 invisíveis e 18 visitantes :: 1 motor de busca

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 


Rechercher Pesquisa avançada

novembro 2024
SegTerQuaQuiSexSábDom
    123
45678910
11121314151617
18192021222324
252627282930 

Calendário Calendário


Como remover o Storm Alert

2 participantes

Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Como remover o Storm Alert

Mensagem por Cassiano1110 Dom 11 Jan 2015, 11:14

Olá, não consigo remover esse programa que foi instalado no meu pc e fica lançando mensagens indesejadas nos meus navegadores.

Obs: tentei pelo adicionar e remover programas mas não consigo remover, obrigado.
Cassiano1110
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por joram Dom 11 Jan 2015, 12:54

/!\ Boa Tarde! Cassiano1110 /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
> Ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt
> Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Ou anexe-o |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| << Link!

> Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| > << Hospedagem!

A+
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por Cassiano1110 Dom 11 Jan 2015, 23:59

Olá.

Não consegui utilizar nenhuma forma de anexo, dessa forma quebrei em dois poost e enviei

 < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

Não se preocupe,pois o upei para vc em Cjoint.com.

( joram )
Cassiano1110
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por joram Seg 12 Jan 2015, 08:46

/!\ Bom Dia! Cassiano1110 /!\

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
ShortcutFix
EmptyTemp
EmptyFlash
HiddenFix
[MD5.61A1362D6A166AFB5C25954D27D418AC] [WIS][03/04/2014] (.PriceMeter - Google Update Helper.) -- C:\Windows\Installer\e35a0a.msi [40960]
[MD5.E3D54C76A3065F615D2433BB59BD959A] - (...) -- C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOASHelper.exe [1649912] [PID.5420]
[MD5.46E15CC1C1A2565831F4DE38684102CD] - (...) -- C:\Program Files (x86)\Solution Real\bin\SolutionReal.expext.exe [101624] [PID.3044]
M3 - MFPP: Plugins - [Cassiano] -- C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default\searchplugins\Vosteran.xml
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O4 - GS\Desktop [Cassiano]: SpyHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.)
O4 - HKCU\..\RunOnce: [WSE_Vosteran] Chave orfã
O4 - HKUS\S-1-5-21-4032315922-2193373217-1692392771-1001\..\RunOnce: [WSE_Vosteran] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [gmsd_br_65] Chave orfã
O23 - Service: IePlugin Services (IePluginServices) . (...) - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: Update Solution Real (Update Solution Real) . (...) - C:\Program Files (x86)\Solution Real\updateSolutionReal.exe (.not file.)
O23 - Service: Util Solution Real (Util Solution Real) . (...) - C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe (.not file.)
O23 - Service: xttLrjmO (xttLrjmO) . (.Rational Thought Solutions - StormAlert Service.) - C:\ProgramData\lsRAqrc\xttLrjmO.exe
O23 - Service: Update brown bark (Update brown bark) . (...) - C:\Program Files (x86)\brown bark\updatebrownbark.exe (.not file.)
O23 - Service: Util brown bark (Util brown bark) . (...) - C:\Program Files (x86)\brown bark\bin\utilbrownbark.exe (.not file.)
O41 - Driver: ({76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys
O41 - Driver: ({c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64.sys
O42 - Logiciel: Google Update Helper - (.PriceMeter.) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: SpyHunter - (.Enigma Software Group USA, LLC.) [HKLM][64Bits] -- {ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}
O42 - Logiciel: Storm Alert - (.Rational Thought Solutions.) [HKLM][64Bits] -- StormAlert
O42 - Logiciel: WindowsMangerProtect20.0.0.502 - (.WindowsProtect LIMITED.) [HKLM][64Bits] -- WindowsMangerProtect
O43 - CFD: 31/07/2014 - 21:18:55 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 27/12/2014 - 16:37:36 - [0] ----D C:\Program Files (x86)\brown bark
O44 - LFC:[MD5.0EA85FE5C50FA23BC4C689DB19900A14] - 10/01/2015 - 13:41:28 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys [48792]
O58 - SDL:10/01/2015 - 13:41:28 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys [48792]
O58 - SDL:26/12/2014 - 09:23:46 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64.sys [48784]
O61 - LFC: 07/01/2015 - 23:24:11 ---A- . (...) -- C:\Users\Cassiano\AppData\Local\Temp\n5406\GamesDesktop-brInstaller.exe [382249]
O61 - LFC: 11/01/2015 - 23:23:51 ---A- . (.Solution Real.) -- C:\Users\Cassiano\AppData\Local\Microsoft\Windows\INetCache\IE\EG77AKKM\SolutionReal[1].dll [250616]
O61 - LFC: 07/01/2015 - 23:24:11 ---A- . (...) -- C:\Users\Cassiano\AppData\Local\Temp\n5406\Setup.exe [4531416]
O61 - LFC: 07/01/2015 - 23:24:11 ---A- . (.Baidu Inc..) -- C:\Users\Cassiano\AppData\Local\Temp\n5406\PCFaster_1103-b4e1b032.exe [1569312]
O61 - LFC: 07/01/2015 - 23:24:11 ---A- . (.Baidu, Inc..) -- C:\Users\Cassiano\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.7.102888.exe [23561768]
O61 - LFC: 07/01/2015 - 23:24:11 ---A- . (.Setup Install.) -- C:\Users\Cassiano\AppData\Local\Temp\n5406\s5406.exe [361680]
O61 - LFC: 11/01/2015 - 23:24:11 ---A- . (...) -- C:\Users\Cassiano\AppData\Local\Temp\nsc8ED1.tmp\nsProcess.dll [4096]
O61 - LFC: 11/01/2015 - 23:24:11 ---A- . (.VS Revo Group Ltd..) -- C:\Users\Cassiano\AppData\Local\Temp\~nsu.tmp\Au_.exe [87550]
O67 - Shell Spawning: <.html> <SparkSafeHTML>[HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> <SparkSafeHTML>[HKCU\..\open\Command] (.Not Key.)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Vosteran) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[HKCU\Software\AppDataLow\Software\DynConIE]
[HKCU\Software\AppDataLow\Software\Freeven Pro 1.4]
[HKCU\Software\AppDataLow\Software\MediaPlayerplus]
[HKCU\Software\AppDataLow\Software\Rr Savings]
[HKCU\Software\AppDataLow\Software\Supra Savings]
[HKCU\Software\InstallCore]
[HKCU\Software\PriceMeterLiveUpdate]
[HKCU\Software\Download4windows]
[HKCU\Software\SupHpUISoft]
[HKCU\Software\TutoTag]
[HKCU\Software\Vosteran Browser]
[HKLM\Software\EnigmaSoftwareGroup]
[HKLM\Software\Wow6432Node\GAMESDESKTOP]
[HKLM\Software\Wow6432Node\MediaPlayerplus]
[HKLM\Software\Wow6432Node\PriceMeterLiveUpdate]
[HKLM\Software\Wow6432Node\omiga-plusSoftware]
[HKLM\Software\Wow6432Node\supTab]
[HKLM\Software\Wow6432Node\supWPM]
[HKLM\Software\Wow6432Node\supWindowsMangerProtect]
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices]
[HKLM\SYSTEM\CurrentControlSet\Services\Update Solution Real]
[HKLM\SYSTEM\CurrentControlSet\Services\Util Solution Real]
[HKLM\SYSTEM\CurrentControlSet\Services\xttLrjmO]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\StormAlert]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect]
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:WSE_Vosteran
C:\Program Files (x86)\Solution Real\bin\SolutionReal.BOASHelper.exe
C:\Program Files (x86)\Solution Real\bin\SolutionReal.expext.exe
C:\ProgramData\StormAlert\uninstall.exe
C:\Windows\Installer\e35a0a.msi
C:\Users\Cassiano\Desktop\SpyHunter.lnk
C:\Program Files (x86)\predm
C:\Program Files (x86)\Solution Real
C:\ProgramData\IePluginServices
C:\ProgramData\StormAlert
C:\ProgramData\WindowsMangerProtect
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_to_day
C:\Users\Cassiano\AppData\Roaming\WSE_Vosteran
C:\Users\Cassiano\AppData\Local\com
C:\Users\Cassiano\AppData\Local\StormAlert
C:\Users\Cassiano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

ServiceStop:IePluginServices
ServiceStop:Update Solution Real
ServiceStop:xttLrjmO
ServiceStop:"Update brown bark"
ServiceStop:"Util brown bark"
ServiceStop:{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64
ServiceStop:{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64


> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >   como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert 434264

A+


Última edição por joram em Sáb 17 Jan 2015, 15:57, editado 1 vez(es)
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por Cassiano1110 Ter 13 Jan 2015, 00:09

Olá joram, onde está a parte em vermelho?
Cassiano1110
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por joram Qua 14 Jan 2015, 10:09

Cassiano1110 escreveu:Olá joram, onde está a parte em vermelho?
/!\ Bom Dia! Cassiano1110 /!\

Script ZHPFix
FirewallRaz
EmptyPrefetch
----
----
----
ServiceStop:"Util brown bark"
ServiceStop:{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64
ServiceStop:{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64


> Este é parte do script que lhe passei e que está em vermelho!
> Copie-o integralmente!
> Se vc não interpretou ou viu isso ....  study ???

A+
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por Cassiano1110 Qui 15 Jan 2015, 01:18

Olá, segue o relatório

Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014
Fichier d'export Registre :
Run by Cassiano at 15/01/2015 01:18:48
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 04s)
Prefetcher vazio
Reparação de atalhos do navegador

========== Softwares ==========
ELIMINÉ: Google Update Helper
AUSENTE Uninstall Process: c:\programdata\stormalert\uninstall.exe
AUSENTE Uninstall Process: c:\programdata\windowsmangerprotect\protectwindowsmanager.exe

========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\ProgramData\StormAlert\uninstall.exe
ELIMINA REINICIAR: Memory Process: C:\Windows\Installer\e35a0a.msi

========== Estado dos serviços ==========
IePluginServices Parado
Update Solution Real Parado
xttLrjmO Parado
"Update brown bark" Parado
"Util brown bark" Parado
{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64 Parado
{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64 Parado

========== Chaves do Registo ==========
ELIMINÉ:³ Service: IePluginServices
ELIMINÉ:³ Service: Update Solution Real
ELIMINÉ:³ Service: Util Solution Real
ELIMINÉ:³ Service: xttLrjmO
ELIMINÉ:³ Service: Update brown bark
ELIMINÉ:³ Service: Util brown bark
ELIMINÉ: SearchScopes :{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
ELIMINÉ: HKCU\Software\AppDataLow\Software\DynConIE
ELIMINÉ: HKCU\Software\AppDataLow\Software\Freeven Pro 1.4
ELIMINÉ: HKCU\Software\AppDataLow\Software\MediaPlayerplus
ELIMINÉ: HKCU\Software\AppDataLow\Software\Rr Savings
ELIMINÉ: HKCU\Software\AppDataLow\Software\Supra Savings
ELIMINÉ: HKCU\Software\InstallCore
ELIMINÉ: HKCU\Software\PriceMeterLiveUpdate
ELIMINÉ: HKCU\Software\Download4windows
ELIMINÉ: HKCU\Software\SupHpUISoft
ELIMINÉ: HKCU\Software\TutoTag
ELIMINÉ: HKCU\Software\Vosteran Browser
ELIMINÉ:³ HKLM\Software\EnigmaSoftwareGroup
ELIMINÉ:³ HKLM\Software\Wow6432Node\GAMESDESKTOP
ELIMINÉ:³ HKLM\Software\Wow6432Node\MediaPlayerplus
ELIMINÉ:³ HKLM\Software\Wow6432Node\PriceMeterLiveUpdate
ELIMINÉ:³ HKLM\Software\Wow6432Node\omiga-plusSoftware
ELIMINÉ:³ HKLM\Software\Wow6432Node\supTab
ELIMINÉ:³ HKLM\Software\Wow6432Node\supWPM
ELIMINÉ:³ HKLM\Software\Wow6432Node\supWindowsMangerProtect
ELIMINÉ:³ HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
ELIMINÉ:³ HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
ELIMINÉ:³ HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32
ELIMINÉ:³ HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\Update Solution Real
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\Util Solution Real
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\xttLrjmO
ELIMINÉ:³ HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
Nenhum valor presente na chave de exceções do registo (FirewallRaz)

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (0)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: C:\ProgramData\boost_interprocess
ELIMINA REINICIAR:** C:\Program Files (x86)\brown bark
ELIMINA REINICIAR:** c:\program files (x86)\predm
ELIMINA REINICIAR:** c:\program files (x86)\solution real
ELIMINA REINICIAR:** c:\programdata\iepluginservices
ELIMINA REINICIAR:** c:\programdata\stormalert
ELIMINA REINICIAR:** c:\programdata\windowsmangerprotect
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\free_soft_to_day
ELIMINÉ: c:\users\cassiano\appdata\local\com
ELIMINÉ: c:\users\cassiano\appdata\local\stormalert
ELIMINÉ: c:\users\cassiano\appdata\roaming\microsoft\windows\start menu\programs\spyhunter

========== Ficheiros ==========
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\users\cassiano\appdata\roaming\mozilla\firefox\profiles\mhzxax0o.default\searchplugins\vosteran.xml
ELIMINÉ: c:\users\cassiano\desktop\spyhunter.lnk
ELIMINA REINICIAR: c:\programdata\iepluginservices\pluginservice.exe
ELIMINA REINICIAR: c:\programdata\lsraqrc\xttlrjmo.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}gw64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{c498f6c6-a577-42a8-98f6-8b7499c22f4a}gw64.sys
ELIMINÉ: c:\users\cassiano\appdata\local\microsoft\windows\inetcache\ie\eg77akkm\solutionreal[1].dll

========== Pastas/Ficheiros ocultos restaurados ==========
Mes images (My Pictures) : 4 restaurados com sucesso
Ma musique (My Music) : 1 restaurados com sucesso
Ma Video (My Video) : 1 restaurados com sucesso
Mes Favoris (My Favorites) : 2 restaurados com sucesso
Mes Documents (My Documents) : 5 restaurados com sucesso
Mon Bureau (My Desktop) : 6 restaurados com sucesso
Menu demarrer (Programs) : 11 restaurados com sucesso
Dossier utilisateur (AppData) : 28 restaurados com sucesso
Programmes (Program Files) : 7 restaurados com sucesso


========== Recapitulativo ==========
2 : Processo memória
35 : Chaves do Registo
3 : Valores do Registo
1 : Elementos dos dados do Registo
14 : Pastas
9 : Ficheiros
3 : Softwares
7 : Estado dos serviços
65 : Pastas/Ficheiros ocultos restaurados


End of clean in 01mn 39s

========== Caminho do ficheiro do relatório ==========
C:\Users\Cassiano\AppData\Roaming\ZHP\ZHPFix[R1].txt - 28/12/2014 09:53:25 [4669]
C:\Users\Cassiano\AppData\Roaming\ZHP\ZHPFix[R2].txt - 28/12/2014 14:50:02 [1720]
C:\Users\Cassiano\AppData\Roaming\ZHP\ZHPFix[R3].txt - 15/01/2015 01:18:53 [5817]
Cassiano1110
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por joram Qui 15 Jan 2015, 07:24

/!\ Bom Dia! Cassiano1110 /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute Zoek.exe como administrador.

emptyfolderscheck;delete
ipconfig /flushdns;b
QuickScan;
Emptytemp;
AutoClean;
 

> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script". 

Zoek.exe is running now. 
Do not start any browser windows, they will be closed automatically. 
Please wait! This window will close when finished. 
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
> Poste o relatório,que estará em C:\zoek-results.txt << 

A+
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por Cassiano1110 Qui 15 Jan 2015, 22:59

segue o relatório

Zoek.exe v5.0.0.0 Updated 15-01-2015
Tool run by Cassiano on 15/01/2015 at 22:28:18,29.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cassiano\Downloads\zoek.exe    [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-04-08-024137.log 37746 bytes

==== Empty Folders Check ======================

C:\PROGRA~2\Baidu Security deleted successfully
C:\PROGRA~2\brown bark deleted successfully
C:\PROGRA~2\gmsd_br_61 deleted successfully
C:\PROGRA~2\predm deleted successfully
C:\PROGRA~2\RBM deleted successfully
C:\PROGRA~2\Solution Real deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Cassiano\AppData\Roaming\Baidu Security deleted successfully
C:\Users\Cassiano\AppData\Local\LSC deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0394e4ac-22da-47f9-9160-f853ab6b899d} deleted successfully
HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc1944ae-4199-470a-af34-d0071195c57e} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0394e4ac-22da-47f9-9160-f853ab6b899d} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bc1944ae-4199-470a-af34-d0071195c57e} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xttLrjmO deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginServices deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util brown bark deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util brown bark deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update brown bark deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update brown bark deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Solution Real deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Solution Real deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Solution Real deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Solution Real deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default

---- Lines srchvstrn removed from user.js ----

user_pref("extensions.srchvstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgUrl", "http://Vosteran.com/?f=1&a=vst_bxi01_15_02_ch&cd=2XzuyEtN2Y1L1QzuyCyEtC0CyCyByCtB0ByEyCtDyBzyyC0EtN0D0Tzu0StCtCtDyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0DyByC0C0AzzyDtG0AyB0DyEtG0DtC0D0BtGtD0AyE0CtGtA0BtDyEzyyEtA0BtDtB0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0F0C0CtC0D0C0AtGyD0F0F0EtGyE0AtCyDtGzztA0C0BtGyD0E0F0FtDyDyC0AtCyDtD0E2Q&cr=2086199281&ir=");
user_pref("extensions.srchvstrn.dfltSrch", true);
user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
user_pref("extensions.srchvstrn.dnsErr", true);
user_pref("extensions.srchvstrn_i.newTab", true);
user_pref("extensions.srchvstrn.newTabUrl", "http://Vosteran.com/?f=2&a=vst_bxi01_15_02_ch&cd=2XzuyEtN2Y1L1QzuyCyEtC0CyCyByCtB0ByEyCtDyBzyyC0EtN0D0Tzu0StCtCtDyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0DyByC0C0AzzyDtG0AyB0DyEtG0DtC0D0BtGtD0AyE0CtGtA0BtDyEzyyEtA0BtDtB0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0F0C0CtC0D0C0AtGyD0F0F0EtGyE0AtCyDtGzztA0C0BtGyD0E0F0FtDyDyC0AtCyDtD0E2Q&cr=2086199281&ir=");
user_pref("extensions.srchvstrn.tlbrSrchUrl", "http://Vosteran.com/?f=3&a=vst_bxi01_15_02_ch&cd=2XzuyEtN2Y1L1QzuyCyEtC0CyCyByCtB0ByEyCtDyBzyyC0EtN0D0Tzu0StCtCtDyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0DyByC0C0AzzyDtG0AyB0DyEtG0DtC0D0BtGtD0AyE0CtGtA0BtDyEzyyEtA0BtDtB0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0F0C0CtC0D0C0AtGyD0F0F0EtGyE0AtCyDtGzztA0C0BtGyD0E0F0FtDyDyC0AtCyDtD0E2Q&cr=2086199281&ir=&q=");
user_pref("extensions.srchvstrn.id", "641C6762B460796E");
user_pref("extensions.srchvstrn.instlDay", "16446");
user_pref("extensions.srchvstrn.vrsn", "");
user_pref("extensions.srchvstrn.vrsni", "");
user_pref("extensions.srchvstrn_i.vrsnTs", "1:36:39");
user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
user_pref("extensions.srchvstrn.prdct", "srchvstrn");
user_pref("extensions.srchvstrn.aflt", "vst_bxi01_15_02_ch");
user_pref("extensions.srchvstrn_i.smplGrp", "none");
user_pref("extensions.srchvstrn.tlbrId", "");
user_pref("extensions.srchvstrn.instlRef", "142905_s4");
user_pref("extensions.srchvstrn.dfltLng", "");
user_pref("extensions.srchvstrn.appId", "{4CB3598A-82E8-4D1F-983F-061238AE696E}");
user_pref("extensions.srchvstrn.excTlbr", false);
user_pref("extensions.srchvstrn.cr", "2086199281");
user_pref("extensions.srchvstrn.cd", "2XzuyEtN2Y1L1QzuyCyEtC0CyCyByCtB0ByEyCtDyBzyyC0EtN0D0Tzu0StCtCtDyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0DyByC0C0AzzyDtG0AyB0DyEtG0DtC0D0BtGtD0AyE0CtGtA0BtDyEzyyEtA0BtDtB0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0F0C0CtC0D0C0AtGyD0F0F0EtGyE0AtCyDtGzztA0C0BtGyD0E0F0FtDyDyC0AtCyDtD0E2Q");
user_pref("extensions.srchvstrn.AL", 4);

---- Lines aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256 removed from prefs.js ----
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.aa69a8c34f1034384bb0361e6f2997d075273998bc268422
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.aa69a8c34f1034384bb0361e6f2997d075273998bc268422
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.active", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.addressbar", "NA");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.addressbarenhanced", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncdb.was_copied", "true");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncdb_dbWasSet", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncinternaldb.was_copied", "true");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncinternaldb_dbWasSet", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.backgroundver", 1);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.certdomaininstaller", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.changeprevious", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.InstallationTime.value", "%221396637609%2
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.jw_token.expiration", "Fri Feb 01 2030 00
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.cookie.jw_token.value", "%22bbdb55a5-d391-a90e-6
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.description", "Feven Shopping Companion");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.domain", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.enablesearch", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.homepage", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.iframe", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.InstallationThankYouPage", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.InstallationTime", 1396637609);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.__defualt_browser__.value", "%22ff%22
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_bundledUrls.value
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_appVer.value", "14");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_nextCheck.expiration", "Tue
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_remote_resources.expiration
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.lastDailyReport", "1396987873644");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.lastUpdate", "1396987873444");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.manifesturl", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.name", "Freeven Pro 1.4");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.newtab", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.opensearch", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.pluginsurl", "http://js.clientdataservice.com/pl
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.pluginsversion", 10);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.publisher", "Freeven");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.searchstatus", 0);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.setnewtab", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.thankyou", "");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.updateinterval", 360);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.54256.ver", 14);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.apps", "54256");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.bic", "1453f38691eb876daeec6e425e330cbc");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.cid", 54256);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.FilesValidatorDueTime", "1396961680265");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.firstrun", false);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.hadappinstalled", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.installationdate", 1396925033);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.modetype", "production");
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.reportInstall", true);
user_pref("extensions.aa69a8c34f1034384bb0361e6f2997d075273998bc268422eb0ea5c8e02755d20com54256.statsDailyCounter", 3);
---- Lines aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246 removed from prefs.js ----
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.active", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.addressbar", "NA");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.addressbarenhanced", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncdb.was_copied", "true");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncdb_dbWasSet", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncinternaldb.was_copied", "true");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncinternaldb_dbWasSet", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.backgroundver", 1);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.certdomaininstaller", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.changeprevious", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.cookie.InstallationTime.value", "%221396638131%2
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.description", "MediaPlayerEnhance Extension");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.domain", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.enablesearch", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.homepage", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.iframe", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.InstallationThankYouPage", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.InstallationTime", 1396638131);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.__defualt_browser__.value", "%22ff%22
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledUrls.value
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_appVer.value", "20");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_nextCheck.expiration", "Tue
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_remote_resources.expiration
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.lastDailyReport", "1396987873402");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.lastUpdate", "1396987872672");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.manifesturl", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.name", "MediaPlayerplus");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.newtab", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.opensearch", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.pluginsurl", "http://js.clientdataservice.com/pl
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.pluginsversion", 16);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.publisher", "Freeven");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.searchstatus", 0);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.setnewtab", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.thankyou", "");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.updateinterval", 360);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.54246.ver", 20);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.apps", "54246");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.bic", "1454162782e9fad1ad6b9f8b3a2257f9");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.cid", 54246);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.FilesValidatorDueTime", "1396961680171");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.firstrun", false);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.hadappinstalled", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.installationdate", 1396961344);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.modetype", "production");
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.reportInstall", true);
user_pref("extensions.aa9719e64232b4695ae9ca89cd7f2aa84ca1279dfbc0d44a897ef19301c922b68com54246.statsDailyCounter", 2);
---- Lines quick_start removed from prefs.js ----
user_pref("extensions.quick_start.enable_search1", false);
user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
---- FireFox user.js and prefs.js backups ----

user_012015_2241_.backup
prefs_012015_2241_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml deleted
C:\PROGRA~2\Uninstaller deleted
C:\PROGRA~2\baidu deleted
C:\Users\Cassiano\AppData\Roaming\WB.CFG deleted
C:\Users\Cassiano\AppData\Roaming\cdr.ini deleted
C:\Users\Cassiano\AppData\Roaming\baidu deleted
C:\PROGRA~3\IePluginServices deleted
C:\PROGRA~3\Browser deleted
C:\PROGRA~3\Baidu deleted
C:\PROGRA~3\WindowsMangerProtect deleted
C:\END deleted
C:\windows\SysNative\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys deleted
C:\windows\SysNative\drivers\{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64.sys deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default\extensions\staged deleted
C:\Users\Cassiano\Desktop\Continue AutoGK (Auto Gordian Knot).lnk deleted
C:\Users\Cassiano\Desktop\Continue Skype.lnk deleted
C:\Users\Cassiano\Desktop\Continue WinRAR Installation.lnk deleted
"C:\PROGRA~3\lsRAqrc\info.dat" not deleted
"C:\PROGRA~3\lsRAqrc\xttLrjmO.dat" not deleted
"C:\PROGRA~3\lsRAqrc\xttLrjmO.exe" deleted
"C:\PROGRA~3\lsRAqrc\dat\BXmqpuMSIAl.dll" not deleted
"C:\PROGRA~3\lsRAqrc\dat\JGSLtwUnyEH.dll" not deleted
"C:\PROGRA~3\lsRAqrc\dat\MAuYRA.exe" not deleted
"C:\PROGRA~3\lsRAqrc\dat\MAuYRA.exe.config" not deleted
"C:\PROGRA~3\lsRAqrc\dat\yXVsbCFZR.exe" not deleted
"C:\PROGRA~3\lsRAqrc\dat\yXVsbCFZR.exe.config" not deleted
"C:\PROGRA~3\lsRAqrc" not deleted
"C:\PROGRA~3\lsRAqrc\dat" not deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\Cassiano\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2015-01-13 20:29:11 DCE9FD22B136C127C85F285E083B928B 65536 ----a-w- C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 20:29:10 1EB1C1E43C1901865C5AE34A9771C069 448792 ----a-w- C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 20:29:09 D9F17FC61102D89A67A2AA3DD21231F5 33584 ----a-w- C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 20:29:09 7C36A441C73F079781ABA8F3DAEDFB37 136296 ----a-w- C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 20:29:09 1F9C1925A85C6CC592C2FF612A610412 372408 ----a-w- C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 20:29:09 1275462A4337DBC5518859316BEF262C 413136 ----a-w- C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 20:29:08 BFFD9961B29DAB8084278DB2314D6027 33280 ----a-w- C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 20:29:08 B5867FF96CD0F7712CB4985EAC9F9147 370424 ----a-w- C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 20:29:08 7B2643AE85322EA168B0E760B73258FF 424544 ----a-w- C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 20:29:08 4B07B24705A9225EB565650569BDA26B 344536 ----a-w- C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-08 02:06:30 5C8874EE321F4623FFF7A1315039DDBC 77824 ----a-w- C:\WINDOWS\SysWOW64\fmcodec.DLL
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-01-13 20:29:11 FE11972797DED38CA55E88BD3579F6A2 360448 ----a-w- C:\WINDOWS\Sysnative\ncsi.dll
2015-01-13 20:29:11 E94EB2A95D7D016E119C4D6868788831 391680 ----a-w- C:\WINDOWS\Sysnative\nlasvc.dll
2015-01-13 20:29:11 6319232C1CE39AC35316CF51910EEEB5 86016 ----a-w- C:\WINDOWS\Sysnative\nlaapi.dll
2015-01-13 20:29:11 19424364D8C03B990C4281BE53963FD0 225280 ----a-w- C:\WINDOWS\Sysnative\profsvc.dll
2015-01-13 20:29:10 8EBC741DDE9409038262E2F317ED7CCE 535640 ----a-w- C:\WINDOWS\Sysnative\wer.dll
2015-01-13 20:29:10 29A888F3136B2643E22113B5422B46F9 87040 ----a-w- C:\WINDOWS\Sysnative\TSWbPrxy.exe
2015-01-13 20:29:09 A41B72F81B389786805CC4D5767B5FBC 531616 ----a-w- C:\WINDOWS\Sysnative\ci.dll
2015-01-13 20:29:09 9404704666256045F5BA9B290953B4D0 38264 ----a-w- C:\WINDOWS\Sysnative\WerFaultSecure.exe
2015-01-13 20:29:09 8779FDAE68BC948B0FE152E758CC8DA7 229888 ----a-w- C:\WINDOWS\Sysnative\AudioEndpointBuilder.dll
2015-01-13 20:29:09 6DCD12586353DC6307AC781045CA13A4 465320 ----a-w- C:\WINDOWS\Sysnative\WerFault.exe
2015-01-13 20:29:09 41C501FD9D42F3F04A8532C73E09F356 108944 ----a-w- C:\WINDOWS\Sysnative\EncDump.dll
2015-01-13 20:29:09 2C354FA91EF605007FD11BB89EED2266 413248 ----a-w- C:\WINDOWS\Sysnative\Faultrep.dll
2015-01-13 20:29:08 E24D3259769A0218FE19BB306821C2E5 394120 ----a-w- C:\WINDOWS\Sysnative\AUDIOKSE.dll
2015-01-13 20:29:08 D1E3B8D9130C70F6A3D4FDB52373FF34 37888 ----a-w- C:\WINDOWS\Sysnative\werdiagcontroller.dll
2015-01-13 20:29:08 770BAA636F3B61DA7E414421444F84FD 272248 ----a-w- C:\WINDOWS\Sysnative\audiodg.exe
2015-01-13 20:29:08 6F237EE5DDA34EAF3D9C79D4A283E250 482872 ----a-w- C:\WINDOWS\Sysnative\AudioEng.dll
2015-01-13 20:29:08 61EA45A645854FE81D8A924E2D93DFFE 911360 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll
2015-01-13 20:29:08 428F083690D7AAA012338FD5A0663EE3 500016 ----a-w- C:\WINDOWS\Sysnative\AudioSes.dll
2015-01-13 20:29:08 0BCDEB035B9346D3C3C6C8BB1AA7F38C 139984 ----a-w- C:\WINDOWS\Sysnative\wermgr.exe
====== C:\WINDOWS\Sysnative\drivers =====
2015-01-13 20:29:11 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys
2015-01-13 20:29:10 F0CB6DB513CAC393D04A0FCE0A59E1BF 75776 ----a-w- C:\WINDOWS\Sysnative\drivers\ahcache.sys
====== C:\WINDOWS\Tasks ======
2015-01-08 02:09:19 8BEE1B96B1313E50BCC4F9AD5DC960A0 3106 ----a-w- C:\WINDOWS\Sysnative\Tasks\{60BF975B-342F-49FC-9E71-D8A2221563C1}
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Cassiano\AppData\Roaming ======
2015-01-16 00:24:12 -------- d-----w- C:\Users\Cassiano\AppData\Local\Temp
2015-01-15 03:19:04 -------- d-----w- C:\Users\Cassiano\AppData\Local\StormAlert
2015-01-08 02:06:56 -------- d-----w- C:\Users\Cassiano\AppData\Local\Comodo
====== C:\Users\Cassiano ======
2015-01-12 01:16:05 A88EC2A33D59251C4FB9508BE4831F38 6868593 ----a-w- C:\Users\Cassiano\Downloads\ZHPDiag2 (1).exe
2015-01-11 03:36:28 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\Cassiano\Downloads\revo-uninstaller-1-95-32-bits [1].exe
2015-01-11 03:35:41 F8D8EDAA7993A6E92DAE346A081F034E 688617 ----a-w- C:\Users\Cassiano\Downloads\revo-uninstaller-1-95-32-bits.exe
2015-01-08 02:07:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-01-08 02:06:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-01-08 02:04:21 -------- d-----w- C:\Users\TODOSO~1\lsRAqrc
2015-01-08 02:04:21 -------- d-----w- C:\ProgramData\lsRAqrc
2015-01-08 02:04:14 -------- d-----w- C:\Users\TODOSO~1\StormAlert
2015-01-08 02:04:14 -------- d-----w- C:\ProgramData\StormAlert
2015-01-08 02:03:50 0FC5D0BD4E2F9A81B7561FAD16649217 17090512 ----a-w- C:\Users\Cassiano\Desktop\656-aTubeCatcher.exe
2015-01-08 02:03:08 BC987FBB7F2740509EE7A69C539C6281 569552 ----a-w- C:\Users\Cassiano\Downloads\aTube Catcher.exe
2014-12-27 18:38:17 A77C1B6C168C66DC30D017F505032F04 286 --sha-r- C:\Users\TODOSO~1\ntuser.pol
2014-12-27 18:38:17 A77C1B6C168C66DC30D017F505032F04 286 --sha-r- C:\ProgramData\ntuser.pol

====== C: exe-files ==
2015-01-15 03:18:45 8EB7FC1AC4F4ED35100E5F06AE0F669B 537464 ----a-w- C:\Users\Cassiano\AppData\Roaming\ZHP\Quarantine\stormalert.DIR\Uninstall.exe
2015-01-15 03:18:45 8EB7FC1AC4F4ED35100E5F06AE0F669B 537464 ----a-w- C:\Users\Cassiano\AppData\Roaming\ZHP\Quarantine\stormalert.DIR\StormAlert\Uninstall.exe
2015-01-13 23:01:24 0FADEC9ECEF2860536F9F107890021B5 50040 ----a-w- C:\Users\Todos os Usuários\lsRAqrc\dat\MAuYRA.exe
2015-01-13 23:01:24 0FADEC9ECEF2860536F9F107890021B5 50040 ----a-w- C:\ProgramData\lsRAqrc\dat\MAuYRA.exe
2015-01-13 23:01:23 73A980E615630B3F2D7C277AC8846B61 48504 ----a-w- C:\Users\Todos os Usuários\lsRAqrc\dat\yXVsbCFZR.exe
2015-01-13 23:01:23 73A980E615630B3F2D7C277AC8846B61 48504 ----a-w- C:\ProgramData\lsRAqrc\dat\yXVsbCFZR.exe
2015-01-13 20:29:10 29A888F3136B2643E22113B5422B46F9 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-13 20:29:09 D9F17FC61102D89A67A2AA3DD21231F5 33584 ----a-w- C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-13 20:29:09 9404704666256045F5BA9B290953B4D0 38264 ----a-w- C:\Windows\System32\WerFaultSecure.exe
2015-01-13 20:29:09 7C36A441C73F079781ABA8F3DAEDFB37 136296 ----a-w- C:\Windows\SysWOW64\wermgr.exe
2015-01-13 20:29:09 6DCD12586353DC6307AC781045CA13A4 465320 ----a-w- C:\Windows\System32\WerFault.exe
2015-01-13 20:29:09 1275462A4337DBC5518859316BEF262C 413136 ----a-w- C:\Windows\SysWOW64\WerFault.exe
2015-01-13 20:29:08 770BAA636F3B61DA7E414421444F84FD 272248 ----a-w- C:\Windows\System32\audiodg.exe
2015-01-13 20:29:08 0BCDEB035B9346D3C3C6C8BB1AA7F38C 139984 ----a-w- C:\Windows\System32\wermgr.exe
2015-01-12 01:16:05 A88EC2A33D59251C4FB9508BE4831F38 6868593 ----a-w- C:\Users\Cassiano\Downloads\ZHPDiag2 (1).exe
2015-01-11 03:36:28 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\Cassiano\Downloads\revo-uninstaller-1-95-32-bits [1].exe
2015-01-11 03:35:41 F8D8EDAA7993A6E92DAE346A081F034E 688617 ----a-w- C:\Users\Cassiano\Downloads\revo-uninstaller-1-95-32-bits.exe
=== C: other files ==
2015-01-13 20:29:11 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-13 20:29:10 F0CB6DB513CAC393D04A0FCE0A59E1BF 75776 ----a-w- C:\Windows\System32\drivers\ahcache.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_VIVO INTERNET"="D:\Cassiano\VIVO INTERNET\UpdateDog\ouc.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouCam Tray"="C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe /s"
"UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0"
"RemoteControl10"="C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
"Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_VIVO INTERNET"="D:\Cassiano\VIVO INTERNET\UpdateDog\ouc.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtsFT"="RTFTrack.exe"
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SACpl.exe /t"
"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp"
"Energy Management"="C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"EnergyUtility"="C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/01/2015 19:07]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/04/2014 17:59]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/04/2014 17:59]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\Dolby Selector" [C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{742F6630-E6FB-4F9B-BF75-3F8AE5886FD4}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program" ["%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Solution Center Launcher" [%programfiles%\lenovo\lenovo solution center\App\LSCService.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCHardwareScan" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCHardwareScanPostpone" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCTaskService" [C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default
user_pref("browser.search.defaultenginename", "Web");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [28/04/2014 00:22]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Cassiano\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default
2BC6A052D9B153F6DC2F0E420FB4F407 - C:\Users\Cassiano\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player


==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Possible outdated, latest Stable version: 39.0.2171.99)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[28/04/2014 00:22]
oilkkkefbalmbfppgjmgjoefbclebkce - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Cassiano\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[]
oilkkkefbalmbfppgjmgjoefbclebkce - No path found[]

Ask Toolbar - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
Comodo Drag&Drop Service - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
PrivDog - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Comodo Media Downloader - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
Comodo Share Page Service - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf
Google Wallet - Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Vosteran New Tab - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Gmail - Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_imoveis.trovit.com.br_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_imoveis.trovit.com.br_0.localstorage-journal deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oilkkkefbalmbfppgjmgjoefbclebkce_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko deleted successfully
C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage deleted successfully
C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"
"Search Page"="http://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://isearch.omiga-plus.com/web/?type=ds&ts=1405075745&from=smt&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD546806&q={searchTerms}"
"Start Page"="http://br.hao123.com/?tn=incore_pay_hp_ex01_hao123_br"
"Search Page"="http://isearch.omiga-plus.com/web/?type=ds&ts=1405075745&from=smt&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD546806&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://isearch.omiga-plus.com/web/?type=ds&ts=1405075745&from=smt&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD546806&q={searchTerms}"
"Start Page"="http://br.hao123.com/?tn=incore_pay_hp_ex01_hao123_br"
"Search Page"="http://isearch.omiga-plus.com/web/?type=ds&ts=1405075745&from=smt&uid=ST1000LM024XHN-M101MBB_S2SMJ9AD546806&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4032315922-2193373217-1692392771-1001\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nnjbodopomfddehlalfilheomcahbpei deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cassiano\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cassiano\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Cassiano\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Cassiano\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Cassiano\AppData\Local\Mozilla\Firefox\Profiles\mhzxax0o.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully
C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=951 folders=213 115317484 bytes)

==== Empty Temp Folders ======================

C:\Users\Cassiano\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Cassiano\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\lsRAqrc\info.dat"  not found
"C:\PROGRA~3\lsRAqrc\xttLrjmO.dat"  not found
"C:\PROGRA~3\lsRAqrc\dat\BXmqpuMSIAl.dll"  not found
"C:\PROGRA~3\lsRAqrc\dat\JGSLtwUnyEH.dll"  not found
"C:\PROGRA~3\lsRAqrc\dat\MAuYRA.exe"  not found
"C:\PROGRA~3\lsRAqrc\dat\MAuYRA.exe.config"  not found
"C:\PROGRA~3\lsRAqrc\dat\yXVsbCFZR.exe"  not found
"C:\PROGRA~3\lsRAqrc\dat\yXVsbCFZR.exe.config"  not found
"C:\PROGRA~3\lsRAqrc"  not found

==== EOF on 15/01/2015 at 22:50:45,06 ======================
Cassiano1110
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por joram Qui 15 Jan 2015, 23:09

/!\ Boa Noite! Cassiano1110 /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Nicolas Coolman )

> Estando na página,clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Salve-a no desktop!
> Execute-a e ao abrir,clique "J'accept/I Agree".

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Para correções mais abrangentes,marque todas as opções disponíveis.
> Clique Réparer.
> Clique Rapport.
> Poste o relatório!

A+
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por Cassiano1110 Sex 16 Jan 2015, 23:29

Olá Joram.

Segue relatório

~ ZHPCleaner v2015.1.16.23 by Nicolas Coolman (16/01/2015)
~ Run by Cassiano (Administrator) (16/01/2015 23:23:40)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Cassiano\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Cassiano\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 81, 64-bit (Build 9600)


---\\ Services (0)
~ No malicious items found.


---\\ Browser internet (1)
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )


---\\ Hosts file (2)
REPLACED:
Number of found redirections 1/20


---\\ Scheduled automatic tasks. (0)
~ No malicious items found.


---\\ Explorer ( File, Folder) (24)
MOVED file: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (PUP.EnigmaSoftware)
MOVED folder: C:\Program Files\Enigma Software Group\SpyHunter (PUP.EnigmaSoftware)
MOVED folder: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)
MOVED file: C:\ProgramData\StormAlert\data.dat (Adware.StormAlert)
MOVED file: C:\ProgramData\StormAlert\StormAlert.ico (Adware.StormAlert)
MOVED file: C:\ProgramData\StormAlert\Uninstall.exe (Adware.StormAlert)
MOVED folder: C:\ProgramData\StormAlert (Adware.StormAlert)
MOVED file: C:\Users\Cassiano\AppData\Local\StormAlert\data2.dat (Adware.StormAlert)
MOVED folder: C:\Users\Cassiano\AppData\Local\StormAlert (Adware.StormAlert)
MOVED file: C:\WINDOWS\Prefetch\GAMESDESKTOP-BRINSTALLER.TMP-94A1462F.pf (Adware.GamesDesktop)
MOVED file: C:\WINDOWS\Prefetch\PREDM.TMP-EC95B3E2.pf (Adware.Downware)
MOVED file: C:\WINDOWS\Prefetch\SPYHUNTER-INSTALLER.EXE-520FB439.pf (Crapware.SpyHunter)
MOVED file: C:\WINDOWS\Prefetch\SPYHUNTER4.EXE-1B0A567E.pf (Crapware.SpyHunter)
MOVED file: C:\WINDOWS\Prefetch\VOPACKAGE.EXE-22CF2662.pf (Adware.Downware)
MOVED file: C:\WINDOWS\Prefetch\VOPACKAGE.EXE-8F899393.pf (Adware.Downware)
MOVED file: C:\WINDOWS\Prefetch\VOSTERAN.EXE-43362C73.pf (PUP.Vosteran)
MOVED file: C:\WINDOWS\Installer\304d80dc.msi [Enigma Software Group USA, LLC - Windows Installer Editor Standalone] (PUP.EnigmaSoftware)
MOVED file: C:\WINDOWS\Installer\e35a0a.msi [PriceMeter - Windows Installer XML (3.5.2519.0)] (PUP.PriceMeter)
MOVED file: C:\Users\Cassiano\Downloads\SpyHunter-Installer (1).exe [Enigma Software Group USA, LLC. - SpyHunter Downloader] (Crapware.SpyHunter)
MOVED file: C:\Users\Cassiano\Downloads\SpyHunter-Installer.exe [Enigma Software Group USA, LLC. - SpyHunter Downloader] (Crapware.SpyHunter)
MOVED file*: C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
MOVED file*: C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)
MOVED file*: C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_serviceama-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
MOVED file*: C:\Users\Cassiano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_serviceama-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)


---\\ Registry ( Key, Value, Data) (25)
DELETED key: [X64] HKLM\SYSTEM\CurrentControlSet\Services\esgiguard [C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys] (PUP.EnigmaSoftware)
DELETED key: [X64] HKLM\SYSTEM\CurrentControlSet\Services\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64 [C:\WINDOWS\System32\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys] (PUP.LinkiDoo)
DELETED key: [X64] HKLM\SYSTEM\CurrentControlSet\Services\{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64 [C:\WINDOWS\System32\drivers\{c498f6c6-a577-42a8-98f6-8b7499c22f4a}Gw64.sys] (PUP.LinkiDoo)
DELETED data: HKCR\SparkSafeHTML\Shell\Open\Command\\Default [Bad : ] (Broken.OpenCommand)
DELETED key: HKCR\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} [IMdt] (Adware.IMBooster)
DELETED key: HKCR\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} [IManager] (Adware.IMBooster)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\portaldosites.com [] (Hijacker.PortaldoSites)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [] (Hijacker.PortaldoSites)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com [] (Hijacker.WebsSearches)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com [] (PUP.MySearchDial)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com [] (Hijacker.PortaldoSites)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com [] (PUP.SpecialSavings)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wajam.com [] (PUP.Wajam)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com [] (Hijacker.WebsSearches)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [] (Hijacker.PortaldoSites)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [] (PUP.SpecialSavings)
DELETED key: [X64] HKLM\SOFTWARE\EnigmaSoftwareGroup [] (PUP.EnigmaSoftware)
DELETED key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05} [SpyHunter] (Crapware.SpyHunter)
DELETED key: HKLM\SOFTWARE\Wow6432Node\GAMESDESKTOP [] (Adware.GamesDesktop)
DELETED key: HKLM\SOFTWARE\Wow6432Node\MediaPlayerplus [] (PUP.CrossRider)
DELETED key: HKLM\SOFTWARE\Wow6432Node\omiga-plusSoftware [] (Hijacker.OmigaPlus)
DELETED key: HKLM\SOFTWARE\Wow6432Node\supTab [] (PUP.SupTab)
DELETED key: HKLM\SOFTWARE\Wow6432Node\supWindowsMangerProtect [] (PUP.Fuyu)
DELETED key: HKLM\SOFTWARE\Wow6432Node\supWPM [] (PUP.WpManager)
DELETED key: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StormAlert [Rational Thought Solutions] (Adware.StormAlert)



---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
~ Repair canceled by the user (Google Chrome)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 74491
~ Items found : 1
~ Items repaired : 50


End of clean at 23:27:58
===================
ZHPCleaner-[R]-16012015-23_27_58.txt
Cassiano1110
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por joram Sex 16 Jan 2015, 23:51

/!\ Boa Noite! Cassiano1110 /!\

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Abra a ferramenta AdwCleaner ,caso a possua,e clique em "Desinstalar".
> Confirme a solicitação!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Instale o antimalware,com duplo-clique em seu executável! ( mbam-setup.exe )

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] 

> Desmarque a caixa: "Ativar trial gratuito do Malwarebytes Anti-Malware PRO"
> Marque as checkbox:

<1> Atualizar Malwarebytes Anti-Malware
<2> Executar Malwarebytes Anti-Malware

> Clique em "Concluir".
> Caso haja atualizações,elas serão baixadas e instaladas.
> Clique em "Settings" e no campo Language,coloque: Portuguese (Brasil)
> Clique em "Detecção e proteção".

> Marque: Verificar por Rootkits

> Em "Detecções PUP",selecione: Tratar detecções como malware

> Clique em Verificar >> Verificar ameaça.
> Clique em "Verificar agora".
> Aguarde a conclusão do scan!
> Caso haja detecções,clique no botão "Mover todos para a Quarentena".
> Clique em "Aplicar ações".
> Ao concluir,aceite a solicitação ao reboot,que pode ocorrer 2 vezes.
> Poste o relatório! ( Aba Histórico >> Logs de aplicativos )
> Ps: Utilize o formato ".txt" para exportar o relatório.

A+
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por Cassiano1110 Dom 18 Jan 2015, 17:51

Olá Joram, segue relatório:

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data da Verificação: 18/01/2015
Hora da Verificação: 17:16:08
Arquivo de Log: Verificação 1.txt
Administrador: Sim

Versão: 2.00.4.1028
Base de Dados de Malware: v2015.01.18.07
Base de Dados de Rootkit: v2015.01.14.01
Licença: Avaliação Gratuita
Proteção de Malware: Habilitado
Proteção de Site Malicioso: Habilitado
Auto-Proteção: Desabilitado

SO: Windows 8.1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Cassiano

Tipo da Verificação: Verificar Ameaça
Resultado: Terminado
Objetos Verificados: 360388
Tempo Decorrido: 14 min, 37 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de Registro: 94
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarentena, [bb9653a4820793a3335cfef3e919c040],
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarentena, [bb9653a4820793a3335cfef3e919c040],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarentena, [302194637811a6907ee07e7345bda15f],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarentena, [302194637811a6907ee07e7345bda15f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarentena, [fb56a354c7c259dde4403de929dab14f],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9, Quarentena, [015020d7c6c3c3737de5f1b9f013d32d],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine, Quarentena, [5df47d7ab8d14ee8f270b5f5d03307f9],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0, Quarentena, [5cf57681dfaa58dedb872b7fba4924dc],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3, Quarentena, [0c456493771225114f1289217a89aa56],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync, Quarentena, [5af79b5c9fea38fe253d1b8f8f74966a],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0, Quarentena, [430e1bdc404944f2530f7a30eb18758b],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass, Quarentena, [5bf60ee99aef63d3cb97e9c115ee30d0],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1, Quarentena, [0d445c9b4049132352109a1041c24eb2],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass, Quarentena, [c190e2150287c76fe181565449bac040],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1, Quarentena, [f45d30c7602989add0925357fa094cb4],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine, Quarentena, [84cd886f078246f085dd07a324df5aa6],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0, Quarentena, [4b06ef08cdbcba7cec768a20ca39c040],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine, Quarentena, [7ad7c2353f4a1224362c119970931fe1],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0, Quarentena, [71e004f34940082e174bb7f3be45e11f],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback, Quarentena, [7bd637c0236655e1ef732189c1420bf5],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, Quarentena, [df729a5d5a2f5bdb263cabff5da628d8],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc, Quarentena, [b49dc235a6e373c31d45ffab14efc23e],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0, Quarentena, [4b0602f58cfd0333283a74365da6926e],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher, Quarentena, [242df1061e6b89add48ee3c77a89d52b],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0, Quarentena, [4110be39e1a893a378eaa9015ea5fc04],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService, Quarentena, [69e86d8a8bfe61d568fa1793748f0af6],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0, Quarentena, [83ce13e4f990181ea3bf6d3da063a957],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine, Quarentena, [e36edc1b4c3da59140222a80bb48c33d],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0, Quarentena, [8ec33dba61283cfad290c6e4cd36768a],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback, Quarentena, [0d4441b65633ea4c30323476a36008f8],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0, Quarentena, [044dc7300b7e330376ec2f7b19ea7d83],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc, Quarentena, [f160e21590f97fb7471bf3b7be454bb5],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0, Quarentena, [20311bdc3554c47261016149cf3435cb],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\APPID\PriceMeterLiveUpdate.exe, Quarentena, [f45dfcfbafda76c0616fb6bd2fd4bf41],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\PriceMeterLiveUpdate, Quarentena, [f45d2acdc6c3f343a82dd89b71921be5],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9, Quarentena, [2f229c5bbbce86b0f66c5a508c7714ec],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine, Quarentena, [c0914fa8008985b1075b892145be4fb1],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0, Quarentena, [3021fafd67222412e37f109afa096a96],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3, Quarentena, [153c35c2484176c03a27abffd72c748c],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync, Quarentena, [aba6ed0afb8ecf677ee4aefc010237c9],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0, Quarentena, [aba6e6116b1ecb6bb0b211999b682fd1],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass, Quarentena, [4e039d5a4d3ca19550125b4f679c02fe],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1, Quarentena, [75dc60976e1b51e5d9897e2cb152b848],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass, Quarentena, [e1701fd80d7c221477eb4f5bc93a53ad],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1, Quarentena, [18399463e8a153e3471bf7b32fd452ae],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine, Quarentena, [4e036c8b0d7c0b2b80e204a6986b13ed],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0, Quarentena, [024fef0872173501ef73e5c5a55ecf31],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine, Quarentena, [173a27d0791055e12f33d4d6f112dd23],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0, Quarentena, [95bcb443494079bde77b6842ba491de3],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback, Quarentena, [f95876814a3f80b6fd65d3d7e51eb44c],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, Quarentena, [d978c037f891eb4b3230703a7e85b44c],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc, Quarentena, [381936c1c2c7d5611a48a109ef148878],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0, Quarentena, [50012acd147573c3d48ed3d78c778e72],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher, Quarentena, [2130e90ed5b4ed49dd859c0e1ce7a15f],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0, Quarentena, [63ee6c8b4d3cd066144e82286d96a55b],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService, Quarentena, [401182752e5bd462d092c7e31ae93cc4],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0, Quarentena, [9db4f6016c1dd363362cd0daa45fe61a],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine, Quarentena, [d08109ee7d0c1323b1b10c9e22e1f60a],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0, Quarentena, [0a47e5129eebab8b9fc3268409fa7987],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback, Quarentena, [c58c49aee0a9003620423d6d2bd8857b],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0, Quarentena, [6de495629ceddd5967fbf2b88380cd33],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc, Quarentena, [e76a7b7c59302d09fc66367448bbc739],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0, Quarentena, [61f0a94e7f0a2c0a94cef5b58e75fa06],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\PriceMeterLiveUpdate.exe, Quarentena, [82cf45b2563381b57b55343f5da66997],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, Quarentena, [92bf33c44e3b280e694b2059d231b050],
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Freeven Pro 1.4, Quarentena, [99b8fef94e3bc571a5a7f3a536cd30d0],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, Quarentena, [e46de611dcad66d09a75ddcdd42f60a0],

Valores de Registro: 2
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarentena, [f45db3446e1b7db91b9b17e033d1ca36]
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_br_65, Quarentena, [59f83dba6029181e558f2d49cb38b44c],

Dados de Registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 5
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, Quarentena, [2f228176a8e139fd0ace9e9f5aa63bc5],
PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarentena, [e071ac4b2e5b3cfa32ecfc6617ee57a9],
PUP.Optional.Bundler, C:\Users\Cassiano\Downloads\aTube Catcher.exe, Quarentena, [312017e0b2d71125d80d18ec9471a55b],
PUP.Optional.Solimba, C:\Users\Cassiano\Downloads\AutoGK (Auto Gordian Knot).exe, Quarentena, [72df7681ea9f82b49bfc4496758c3ec2],
PUP.Optional.FriedCookie, C:\Users\Cassiano\Downloads\winamp-full-5-666-build-3516-32-bits.exe, Quarentena, [a3ae867199f0300657cc52344fb68d73],

Setores Físicos: 0
(Nenhum item malicioso detectado)


(end)
Cassiano1110
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por joram Dom 18 Jan 2015, 18:01

/!\ Boa Tarde! Cassiano1110 /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
>
> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ps: Dê início ao scan,clicando em "Examinar". 

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt > 

A+
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por Cassiano1110 Seg 19 Jan 2015, 00:32

Olá Joram, segue anexo:

# AdwCleaner v4.108 - Relatório criado 19/01/2015 às 00:29:37
# Atualizado 17/01/2015 por Xplode
# Database : 2015-01-18.1 [Live]
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : Cassiano - ISABELA
# Executando de : C:\Users\Cassiano\Downloads\adwcleaner_4.108.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Arquivo Deletada : C:\Users\Cassiano\AppData\Roaming\Mozilla\Firefox\Profiles\mhzxax0o.default\user.js

***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{126C78A0-36E7-4697-A3AB-32706144398B}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00A154AE-6C33-4F1E-9057-242350540936}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9D24562E-40EC-4E46-B57C-700352059B55}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CF0A778A-DDA0-4492-9804-EF38C9A9F1A5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D1C6444C-CC06-4060-A486-736DEAFD9C16}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\Web
Chave Deletedo : HKCU\Software\Baidu
Chave Deletedo : HKLM\SOFTWARE\Baidu
Chave Deletedo : HKLM\SOFTWARE\Taronja
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v32.0.3 (x86 pt-BR)


-\\ Google Chrome v39.0.2171.99

[C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

-\\ Comodo Dragon v

[C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deletedo [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Cassiano\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deletedo [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko

*************************

AdwCleaner[R0].txt - [6968 octets] - [19/01/2015 00:26:21]
AdwCleaner[S0].txt - [6947 octets] - [19/01/2015 00:29:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7007 octets] ##########
Cassiano1110
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por joram Seg 19 Jan 2015, 08:38

/!\ Bom Dia! Cassiano1110 /!\

> Muitos PUPs foram detectados pelo Malwarebytes,onde implica o seguimento com o scan em Eset,que é ótima na remoção desses PUPs.
> Mas...antes de sua aplicação,vamos remover a ferramenta AdwCleaner para evitar que sua quarentena seja detectada por Eset.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Abra a ferramenta AdwCleaner e clique em "Desinstalar".
> Confirme a solicitação!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Salve-o no desktop!
> Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe <<
> Aceite o contrato e marque: "YES, I accept the Terms of Use"
> Clique: "Start"

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]


> Em "Computer scan settings",marque:

<*> Enable detection of potentially unwanted applications

> Em "Hide advanced settings",marque:

<1> Scan archives
<2> Scan for potentially unsafe applications
<3> Enable Anti-Stealth technology
<4> Remove found threats

> Clique em "Advanced settings".
> Clique "Change" e marque a caixa "Computador".
> Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )
> Ao concluir,clique em "List of found threats".
> Clique em "Export to text file" e salve o relatório no desktop.
> Clique "Back" >> "Finish".
> Poste o relatório!

A+
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por Cassiano1110 Sex 23 Jan 2015, 00:37

Olá Joram, segue o relatório:

C:\FRST\Quarantine\C\Program Files (x86)\MediaPlayerplus\54246.crx JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\MediaPlayerplus\54246.xpi JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Program Files\AVAST Software\Avast\aswRec.dll a variant of Win32/OpenCandy.C potentially unsafe application unable to clean
C:\Users\Cassiano\AppData\Roaming\ZHP\Quarantine\Freeven Pro 1.4.DIR\54256.crx JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Cassiano\AppData\Roaming\ZHP\Quarantine\Freeven Pro 1.4.DIR\54256.xpi JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Cassiano\Desktop\656-aTubeCatcher.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\zoek_backup\C_Users_Cassiano_AppData_Local_Comodo_Dragon_User Data_Default_Extensions_aaaalipaokhkccgmgkdglfinfnfhflko\30.10_0\background\ChromeUtilPlugin.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined
Cassiano1110
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por joram Sex 23 Jan 2015, 01:24

/!\ Bom Dia! Cassiano1110 /!\

> As detecções não foram relevantes,já que em sua maioria atingiram as quarentenas de 2 ferramentas.
>
> Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Estando na página,clique em Download Now
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema

> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!

> Caso queira,otimize seu computador com o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Estando na página clique em "Download@MajorGeeks" <<
> Salve-o em diretório adequado! ( Desktop )
> Instale-o e,à seguir,busque executar suas funções que irão promover a aceleração do computador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Clique no menu "Analisar" >> Examinar << Aguarde!
> Ao concluir o scan,clique em "Corrigir".
> Posteriormente,acesse o menu "Acelerar"

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Estando na função "Acelerar",clique na guia "Otimizador do sistema".
> À seguir,clique em "Otimizar".
> Aguarde a conclusão,onde todos os ítens devem apresentar o status "Reparado".
> Tudo Ok?

A+
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por Cassiano1110 Dom 25 Jan 2015, 13:05

Tudo Ok, Joram.

Muito obrigado pela sua ajuda e parabéns ao trabalho prestado por você e sua equipe.

Abraços
Cassiano1110
Cassiano1110
Iniciante
Iniciante

Mensagens : 30
Reputação : 0
Data de inscrição : 05/04/2014

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por joram Dom 25 Jan 2015, 13:23

Caso Resolvido

Necessitando nova verificação para este computador,basta abrir "Novo Tópico" e relatar o problema.

_________________
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> O que há de melhor,para desinfectar seu computador!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Não deixem de conhecer!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Tradição em informática!
joram
joram
Administrador
Administrador

Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

como  https - forumpcbrasil forumeiros com - Como remover o Storm Alert Empty Re: Como remover o Storm Alert

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Ir para o topo

- Tópicos semelhantes

 
Permissões neste sub-fórum
Não podes responder a tópicos